AI data use

Azure OpenAI, zero retention. No training on your data.

Garde1 uses large language models to generate prose between named facts in policies and the SSP, to evaluate evidence against control objectives, and to power the in-app assistant. A retrieval reranker scores candidate documents for relevance before the LLM sees them. This page is a complete and honest description of what we send to each model, what comes back, the retention contract, and how to disable AI features if your policy requires it.

← /security ← /compliance No-CUI policy

The contract in one line. Both of Garde1's AI services — Azure OpenAI for generation and Cohere Rerank for retrieval relevance scoring — run on Microsoft Azure under a U.S.-region deployment with the zero-retention add-on enabled. Azure does not store prompts, completions, or rerank inputs, and customer data is not used to train any model.

Who hosts the models

All LLM inference runs through Microsoft Azure OpenAI, U.S. region, on dedicated Azure deployments under Garde1's Azure tenancy. Retrieval reranking runs through Cohere Rerank on Azure AI Foundry, in the same U.S. region and the same Garde1 Azure tenancy, under the same Microsoft Online Services DPA. Prompts and rerank inputs do not transit third-party model providers. Garde1 does not host its own foundation models, and does not call OpenAI's public API, Anthropic's public API, Cohere's public API, or any other public AI endpoint.

Zero retention

Garde1 has the Azure OpenAI abuse-monitoring opt-out enabled on every deployment. The practical effects:

No prompt or rerank-input logging. Azure does not store the prompts Garde1 sends to Azure OpenAI, nor the query + candidate documents sent to Cohere Rerank.
No completion or score logging. Azure does not store model responses or rerank relevance scores.
No human review. Microsoft employees do not see Garde1's prompts, completions, or rerank inputs.
No training on customer data. Customer Data is never used to train, fine-tune, or improve any model in the Azure AI catalog, including the Cohere Rerank model served via Azure AI Foundry.

What we send to the model

Garde1 keeps prompts minimum-viable. The categories below are exhaustive — anything not in this list is not sent.

Category	Sent to LLM?
Control text (NIST 800-171, CMMC 32 CFR §170, vendor SRMs)	Yes — these are public references.
Structured scope facts derived from the inputs you provide during onboarding and on the scope page	Yes — these are the named facts the prose is generated around.
Evidence excerpts for control evaluation	Yes — excerpts only, scoped to the control under evaluation. Raw connector dumps are not sent.
Questionnaire answers (your CUI flow, workforce model, contract metadata)	Yes — required for SSP §1 and §3 generation.
End-user files, mailboxes, or chat content from your environment	No. Connectors do not collect this data; nothing of this class exists for the LLM to see.
Vendor API tokens or secrets	No. Secrets are encrypted at the application layer and never appear in prompts.
CUI	No. Garde1 does not request CUI; the platform is not CUI-capable today.
Identifying metadata (org name, user email)	Only when contextually necessary (e.g. an SSP cover page). Garde1 omits this where possible and hashes non-administrator user identifiers in evidence excerpts. See PII minimization on ingest.

How outputs are used

LLM outputs are advisory. The model proposes prose for a policy, a determination for an evidence evaluation, or a recommendation for a remediation. Every output is reviewable by the customer before it lands in a finished document, an assessment record, or a remediation workflow. For evidence evaluation, multi-LLM consensus is used: independent passes vote, and an early-exit on agreement keeps the per-control cost down. Outputs flag low confidence rather than fabricating facts.

RAG, reranking, and grounding

Where additional context is required (regulatory text, vendor SRM language, prior internal evidence), Garde1 retrieves it via an embeddings index. The retrieval set is filtered by the caller's organization at the store layer before it ever reaches the reranker or the prompt, so cross-tenant context bleeding is impossible by construction.

Tenant-filtered candidates then pass through Cohere Rerank on Azure AI Foundry, which scores each candidate's relevance to the query under the same zero-retention contract as Azure OpenAI. The reranker sees the query and the candidate excerpts but produces only relevance scores, never generated text. Garde1 sends only the top-ranked candidates to the LLM, which keeps prompts smaller, evaluation more accurate, and the LLM's exposure to context narrower.

Provider substitution

Garde1 may evaluate or substitute AI providers over time (for example, an additional Azure OpenAI or Azure AI Foundry model release, or a future GovCloud-capable AI provider).

Change-notice policy. Material changes to the AI subprocessor list are posted on garde1.com/security/subprocessors at least 30 days before they take effect, except where a faster change is required for security.

AI is core to Garde1

Honest framing: AI is not an optional layer in Garde1. Document generation, evidence evaluation, and the in-app assistant all rely on LLM inference; the generated SSP, POA&M, and policy prose come from the model reasoning over your scope facts. There is no no-AI mode of the platform today, and we don't plan one — disabling the model would mean disabling the product.

What we do instead is make the AI usage as safe as we can: zero-retention contract, U.S.-region deployment, minimum-viable prompts, PII minimization on every evidence excerpt, tenant-filtered RAG, and no training on Customer Data. If your policy prohibits any LLM use of security-sensitive data regardless of those protections, Garde1 is not the right fit today, and we will tell you so up front.