iTmethods

    REIGN · DATA VAULT

    Where data lives. What is redacted. Who holds the keys.

    Policy by default. Evidence by design. Enforced at runtime.

    Reign Data Vault is the data-governance layer of the Reign platform — data residency, key custody, real-time PII and PHI redaction, and full lineage across every AI workflow. Sovereign by design across every deployment tier.

    Available Q3 2026 · Design Partner Access open today

    Deployment

    SaaSDedicatedCustomer Cloud (AWS, Azure, GCP)Air-Gapped

    Same governance layer across every tier.

    The problem

    Sensitive data ends up where the customer cannot see or audit

    Enterprise AI runs on the most sensitive data the customer has — patient records, customer transactions, proprietary IP, regulated trial data. Every AI call moves that data through models, gateways, agents, and downstream tools. Today that movement is largely uncontrolled. Sensitive data ends up in vendor logs, gets used for model training without consent, crosses jurisdictional boundaries, or accumulates in places the customer cannot see or audit.

    • Customer data flows into AI workflows without enforcement of data residency, encryption, or retention policy.
    • PII and PHI are not consistently redacted before reaching third-party models or being captured in logs.
    • Data lineage — where data came from, what AI saw, what was kept — is reconstructed retrospectively from logs (if at all).
    • Encryption keys are commonly held by the AI vendor, not the customer; sovereign key custody is the exception, not the default.
    • Regulated buyers (HIPAA, GDPR, EU AI Act Art. 10, DORA Art. 28) cannot defend AI usage to auditors without provable data controls.
    What it does

    Reign Data Vault provides

    Key custody

    Customer-controlled encryption with bring-your-own-key (BYOK) custody across every deployment tier.

    Data residency

    Configurable jurisdiction boundaries enforced at the data plane — data does not leave the customer-defined region without explicit policy.

    Redaction

    Real-time PII and PHI detection and redaction in AI inputs and outputs, before data reaches downstream models or logs.

    Lineage

    Full data lineage — what data flowed into which prompt, which agent saw it, which model returned what, which user received the output. Retained as native part of the audit chain.

    Tenant isolation

    Tenant isolation across multi-tenant SaaS deployments — no data leakage across customers.

    Retention

    Retention controls aligned to regulatory requirements (HIPAA seven-year, GDPR right-to-erasure, 21 CFR Part 11 retention windows).

    How it integrates with the rest of Reign

    The data-side source of truth for the audit chain

    Data Vault sits between the AI Gateway (which authorises AI calls) and the rest of the AI estate. Every prompt that flows through the Gateway passes through Data Vault for residency, redaction, and key enforcement before reaching downstream models. Data lineage is captured natively into the Evidence Engine, which makes Data Vault the source of truth for the data-side of the audit chain. The Agentic Hub coordinates with Data Vault when MCP tool calls request sensitive data. Model Lifecycle uses Data Vault’s lineage to link data versions to model versions for change-control purposes. Evidence Packs export Data Vault lineage as part of the regulator-ready submission artifact.

    Compliance and framework mapping

    Mapped to the frameworks regulators expect

    HIPAA

    Encryption, access control, audit logging, breach detection.

    GDPR

    Data residency, right-to-erasure, data minimisation, lawful basis.

    PHIPA / PIPEDA

    Canadian healthcare and personal-information privacy alignment.

    EU AI Act Art. 10

    Data governance for high-risk AI: training, validation, testing data quality.

    DORA Art. 28

    Third-party ICT data handling and contractual safeguards.

    ISO 27001

    Information security controls and risk management.

    ISO 42001 §6

    AI data management system.

    21 CFR Part 11

    Electronic records integrity and access control (life sciences).

    ALCOA+

    Data integrity attributes (life sciences).

    FAQ

    Frequently Asked Questions

    Across all four Reign deployment tiers — SaaS, Dedicated (single-tenant, BYOK), Customer Cloud (AWS, Azure, GCP) running in your VPC, and Air-Gapped (FIPS 140-2). The same Data Vault controls and audit chain operate identically across every tier.

    No. Customers bring their own keys (BYOK) at every deployment tier. Reign enforces policy without ever holding the cryptographic material.

    PII and PHI detectors run inline in the data path. Redaction occurs before data is forwarded to any downstream model, log, or persistent store. Customers configure redaction sensitivity and exception handling.

    Source of every data element entering an AI flow, every transformation along the way, every model and tool that observed the data, every output that returned to a user, and every retention or deletion event downstream.

    Yes. Data Vault is designed to complement existing DLP, SIEM, IAM, and key-management investments. We export lineage and policy events to the customer’s system of record.

    Reign Data Vault is available today through the Reign Design Partner Program, with broader release scheduled for Q3 2026. Design partners receive early access, dedicated engineering support, and shape the product roadmap.

    Reign components

    AI GatewayData VaultAgentic HubModel LifecycleEvidence EngineEvidence Packs

    Sovereign by design across every deployment tier

    Reign Data Vault is available today through the Reign Design Partner Program. Shape the data-governance layer that ships at GA.