Trust Center

Trust & compliance

PyBlox is built so regulated organizations can use powerful AI without defaulting to public consumer models. Here is exactly what we mean — and what we do not claim without paperwork.

Honest framing: We market PyBlox as designed to support HIPAA, FERPA, CIPA, and PCI control objectives. Full legal compliance is a shared responsibility: your policies, contracts (BAA, DPA, school agreements), assessments, and correct system configuration.

Control themes

Architecture choices that map to regulated workloads.

Data residency

Inference on your Ollama / GPU nodes (e.g. private cluster). Prompts and completions need not leave your network for core PyBlox models.

Identity & access

OSI-Bytes SSO federation, role-based access, and org entitlements via Mission Control — so students, staff, and admins are not one flat login.

Isolation

Project evolution into containers, VMs, and advanced network topologies with isolation patterns (including VRF-style designs) to separate tenants and labs.

Auditability

Ecosystem logging and ops surfaces (Mission Control, chat, platform bridges) support investigation and operational review.

Framework mapping

What each framework cares about — and how PyBlox helps.

HIPAA

Minimize PHI in prompts; private models; access control; BAA path for covered entities / BAs when you engage us for hosted or managed services that handle ePHI.

FERPA

Education roles, school tenancy, and tools that keep student work inside institutional boundaries when deployed accordingly.

CIPA

K–12 product design and policy controls that support institutions implementing CIPA-required protections and monitoring programs.

PCI DSS

Keep CHD out of AI context; segment systems; use PyBlox for build/ops outside the cardholder data environment unless you explicitly scope it in.

Intellectual property

Your code stays yours

Projects live in your platform boundary. We do not treat customer code as free training data for public models.

No public default path

Core workflows target PyBlox local engines — not “send everything to a third-party SaaS LLM” as the default.

Export & control

Pipeline design emphasizes ownership: files, containers, and VMs you can operate and take with you.