Steward

Security & DFR posture

Cross-tenant contamination is not a privacy bug for a union assistant — it is a duty-of-fair-representation incident. We treat it as such. The product is built so that the paths data could leak between locals do not exist.

If your union counsel has questions about retention, isolation, or model behavior, send them here first. Everything on this page is intended to be reviewable by counsel without a follow-up call.

Per-local isolation, by topology not by code

Each local gets its own deployment: its own Phoenix app instance, its own Postgres database, its own object-storage prefix with its own IAM scope. Locals do not share a database with row-level scoping — they do not share a database at all. The cross-tenant attack surface in application code is, by design, empty.

A bug in our query layer cannot leak local A's data into local B's session because the two locals are not on the same database. A compromised credential is scoped to one local.

Local models only

Steward does not call the OpenAI, Anthropic, Google, or Cohere APIs. There are no hosted inference vendors in the data path. Every answer is generated by a model running on infrastructure we (or you) control. Member data does not leave the local's infrastructure. We accept some quality tradeoff against frontier closed-source models in exchange.

Citation-or-refuse

If retrieval cannot find supporting passages for a member question, Steward does not generate an answer. It says so, and offers to flag the question for a rep. This is enforced in the pipeline, not in the prompt — the generation step receives empty context and is structurally unable to produce a confident answer.

Supersession-aware retrieval

CBAs evolve. Side letters supersede paragraphs of an MOU. A working answer machine has to know which version of a clause is live as of a given date. Steward loads effective-date and supersession metadata at ingest; retrieval filters on it. A clause that was superseded in 2018 does not surface to a member asking in 2026.

Audit log

Every member-facing answer, the retrieval that produced it, and the chunks that made the citation graph are persisted. Any answer a member saw on any date can be reconstructed. Useful for grievance documentation; required for DFR posture.

Counsel review before launch

Union counsel reviews the disclaimer, refusal policy, and retention defaults before any local goes live. Counsel changes ship. The product respects what counsel says about retention windows, what gets logged, and what the refusal language is allowed to imply.

What we do not do

  • We do not train models on tenant corpora. The models are pre-trained; your corpus is retrieved against, not learned from.
  • We do not aggregate tenant questions for cross-tenant trend reports. Your members' questions stay with your local.
  • We do not sell access to your data, period.

Subprocessors →