ACBDiDATAP.AI

One Platform.
Governed by Default.
Deployed in Your Walls.

The governance-native AI platform for regulated industries. Everything you need to bring AI to production — safely, auditably, and inside your own infrastructure. One contract. No surprise SKUs.

Request a pilot →AI Governance deep-dive →
What's in the box
  • 💬 AI Chatbot (multi-LLM)
  • 🛡 AI Governance Engine
  • 📊 Governance Data Model
  • 📝 Audit Archive (Iceberg)
  • 🔄 Regulator Auto-Refresh
  • 🤝 Compliance Assessor Agent
One docker-compose. One contract. One invoice.

What We Deliver

Six modules in one bundled platform.

💬

AI Chatbot

Multi-LLM customer-facing chat, governed by default.

  • OpenAI · Claude · Gemini · Fireworks · Ollama — one SDK
  • Multi-agent orchestration (AG2-native)
  • Every turn gated before reaching the model
🛡

AI Governance Engine

Policy-as-data gate for every LLM call and agent step.

  • 213 controls across 16 regulatory & industry frameworks
  • Refusals cite named regulators inline
  • Gate → Main → Validator pattern (multi-agent-native)
Learn more →
📊

Governance Data Model

Ready-to-query dbt models for your BI tool of choice.

  • Compliance rate · rule firings · block history · agent drill-down
  • Plug into Tableau · Power BI · Looker · Metabase · in-house BI
  • No vendor BI lock-in
📝

Audit Archive

Write-once audit evidence for every AI decision.

  • Postgres live store + S3 Iceberg immutable archive
  • Point-in-time reconstruction (SCD2)
  • ISO 27001 + ISO 42001 aligned
🔄

Regulator Auto-Refresh

Catalogue stays current as regulators update.

  • TinyFish web-AI scrapes APRA / ASIC / OAIC / OWASP weekly
  • Diffs against catalogue, proposes reviewable changes
  • You ship against today's rules, not last year's
🤝

Compliance Assessor Agent

On-demand audit-ready assessment report.

  • Auditor-voice HTML report citing every control
  • Covers any configured framework (APRA, ASIC, OAIC, ISO 42001, …)
  • One agent call per framework — no manual evidence-gathering

What You Get

One platform, different answers for every decision-maker.

CIO / CTO

Ship AI without expanding the vendor surface

One bundled platform, one contract. Integrates with the cloud, warehouse, and scheduler you already own.

CISO

No data leaves your walls

Deploys inside your VPC. Your keys, your KMS, your IAM. Audit evidence stored in your S3 with your encryption.

CCO / Compliance

Auditor-ready, every day

Per-turn audit evidence with regulator citations. Compliance assessor generates framework reports on demand.

Head of AI

Production-safe agents from day one

Policy-as-data guardrails for every LLM call. Multi-agent pipelines covered by default (OWASP Agentic Top 10).

CDO

Your data model, governed

dbt-native governance marts. Plug into your BI tool. No second data copy, no parallel warehouse.

AI Concerns We Address

The specific risks regulated buyers raise — and how the platform handles each.

ConcernHow we address itRelevant framework
LLM leaking credentials or PIISecret-request pattern blocks before any LLM call; PII write patterns forced through redactionOAIC APP.11 · OWASP ASI02.6
AI agent making unauthorised trades / actionsMulti-agent metadata triggers escalation + human-in-the-loop; per-action authorisation re-verifiedASIC AGENTIC_AI · APRA CPS230.ACCOUNTABLE_PERSON
AI in transaction monitoring / KYC / SMR drafting (AML)AI-flagged matters require human suspicion-formation; tipping-off gate on customer-facing GenAI; 7-year decision provenance retainedAUSTRAC AML/CTF Act s41 · s107 · s123 (tipping-off) · AUSTRAC AI/ML Industry Guidance 2024-25
Sanctions / PEP screening AI false-positive biasCalibrated thresholds with documented FAR/FRR; annual recalibration evidence; manual override trail; bias profile across customer cohortsAUSTRAC Sanctions Compliance Guidance · AML/CTF Rules Pt 4.4
AI-assisted personal advice — best-interests duty + RG 255Advice model registry; BID step records with adviser-AI review notes; record-of-advice carries AI-source attribution; advice quality reviewed on cycleASIC AFSL · Corporations Act s912A / s961B · RG 255 (digital advice) · RG 271 (IDR)
AI-driven product recommendation pushing outside Target Market DeterminationAI recommendation outputs constrained to TMD-eligible customers; distributor reporting; complaints linked back to TMD-breach root causeASIC AFSL · Corporations Act Pt 7.8A · RG 274 (DDO)
AI-generated marketing or PDS content with misleading claimsAI-content review log; claim-substantiation files; marketing approval workflow; customer-impact monitoring for adverse outcomesASIC Act s12DA · Corporations Act s1041H · ASIC AFSL s912A
Prompt injection / goal hijackingGate validates user intent vs agent intent at run time; prompts treated as untrusted inputOWASP ASI01 · ASIC Market Integrity
Hallucinated financial / clinical adviceAdvice classification forces confirmation + professional-adviser disclaimer; post-call validator catches overconfidenceASIC s912A · FINRA Communications · AU 6 Principle 6
Untraceable AI decisions at audit timeEvery decision written once with cited controls; SCD2 catalogue allows point-in-time reconstructionISO 42001 · APRA CPS 230 record-keeping
Data leaving sovereign boundariesContainer runs inside your VPC; data is designed to remain within your cloud account by architecture; air-gapped option availableAPRA CPS 234 · OAIC APP 8
Regulator publishes new guidance you missTinyFish web-AI monitors APRA / ASIC / OAIC weekly, proposes catalogue updates as reviewable changesAligned to whichever regulators you subscribe to
Supply chain / MCP / third-party agent riskThird-party agent registry; tool-descriptor validation; signed inter-agent messagesOWASP ASI04 (Agentic Supply Chain)

How It Integrates

Plugs into the stack you already run. No rip-and-replace.

Orchestration

  • BMC Control-M
  • Your existing scheduler
  • Cron

BI Tools

  • Tableau
  • Power BI
  • Looker
  • Metabase
  • In-house / custom

Data Warehouse

  • Snowflake
  • BigQuery
  • Redshift
  • Databricks
  • Postgres

Cloud

  • AWS
  • GCP
  • Azure
  • On-premise

Identity

  • Microsoft Entra
  • Okta
  • AWS Cognito
  • Auth0

LLM Providers

  • OpenAI
  • Anthropic (Claude)
  • Google (Gemini)
  • AWS Bedrock
  • Fireworks
  • Ollama (local)

Agent Frameworks

  • AG2
  • LangGraph
  • CrewAI
  • Custom (via SDK)

CRM / Support

  • Twenty
  • Salesforce (roadmap)
  • HubSpot (roadmap)

What You Provide

Grounded expectations — exactly what your team needs to bring to a pilot.

☁️

Cloud Account + VPC

AWS / GCP / Azure / on-premise. Your IAM, your networking, your logging.

🗄️

Data Warehouse

Snowflake, BigQuery, Redshift, or Postgres — whichever you already use.

📦

S3 / Object Store

For the immutable audit archive. Your bucket, your KMS keys.

🔐

IdP for SSO

Microsoft Entra, Okta, Cognito, or equivalent for user authentication.

⚙️

Scheduler (optional)

BMC Control-M or your existing orchestrator. Jobs run as shell commands.

📊

BI Tool (optional)

Tableau, Power BI, Looker, Metabase — for dashboards over our data model.

How We Compare

Honest positioning against the three categories buyers benchmark us against.

DimensionDATAP.AIGRC Tools (Drata / Vanta)AI Governance (Credo / Fairly)Cloud AI Safety (Azure / AWS)
AU regulator depth54 frameworks incl. APRA, ASIC AFSL, AUSTRAC AML/CTF, OAIC, DTA AI Policy, NSW AIAF, ISM, AU 6 PrinciplesSOC 2 / ISO 27001-centric; AU regulators thinGlobal AI frameworks; AU regulator coverage shallowEU AI Act + limited regional
DeploymentCustomer-hosted; data designed to remain within your VPC by architectureVendor SaaS; data flows through their platformVendor SaaS typicalNative to that cloud only
Multi-agent governanceAG2-native Gate → Main → Validator; OWASP ASI07/08/10Not in scopePolicy-docs; limited runtime enforcementSingle-LLM content-safety focus
Regulator auto-refreshWeekly TinyFish scrape; diff-as-PR workflowManual content updatesManual content updatesCloud-vendor release cycle
BI / dashboardBring your own — Tableau, Power BI, Looker, MetabaseVendor-specific dashboard onlyVendor-specific dashboard onlyCloud-vendor console
Pricing modelPlatform bundled; governance included — no extra SKUPer-seat + per-framework add-onsPer-seat + per-framework add-onsConsumption-based

Deploys In Your Own Infrastructure

Your credentials, your keys, your data — always yours. We work inside the perimeter you already trust.

🌐

Your VPC

Runs inside your existing VPC and security groups.

☁️

Your Cloud

AWS, GCP, Azure, or on-premise — credentials stay with you.

🗄️

Your S3

Audit archive writes into your bucket under your KMS keys.

🏢

Your Warehouse

Snowflake, BigQuery, Redshift, Postgres — data stays put.

⚙️

Your Orchestration

BMC Control-M or your existing scheduler.

🔐

Your IdP & KMS

Entra, Okta, Cognito — keys and identity under your control.

🇦🇺

Onshore Data

AU regions; no cross-border transfer. CPS 234 + APP 8 aligned.

📦

Air-Gapped Ready

Offline install for classified environments.

Ready to see it in your own pilot?

90-second demo, then a structured 4-week pilot in your VPC. No slideware. No data leaving your walls.

Request a pilotContact us