Regulatory | TwinBridge

Security, Compliance, and Regulatory Positioning

TwinBridge is built for governed environments. Deterministic by default; no production interception by design.

Security model

No production interception
No outbound calls at runtime
Redaction at capture by default
Manifest + hashes for integrity validation
Optional Ed25519 signing + key rotation (enterprise)

Governance controls

Schema validation gates in CI
Artifact integrity checks (hash verification)
Trust root enforcement (approved keys only)
Immediate revocation for compromised keys

FAQ (security & compliance)

Secrets and tokens are masked by default during capture. Enterprises can enforce redaction policies and block builds that fail policy.

Every twin includes a manifest with hashes of the runtime and model. CI validates schema and verifies hashes. Enterprise can sign manifests with Ed25519 using a trust root.

Trust roots support active/grace/retired keys and immediate revocation. Rotation is policy-driven with a grace window.