Enclave Architecture

Enclave Architecture is VouchCore's foundational design commitment: every enrolled organization operates in a completely isolated intelligence environment — a dedicated enclave — with no path for data to reach another tenant.

What "Enclave" Means

In traditional multi-tenant security platforms, organizational data shares infrastructure — and sometimes inadvertently shares visibility. VouchCore rejects this model entirely. Each tenant's intelligence, findings, domain data, and scan history are namespaced and isolated at the application layer, enforced by strict IAM policies, and never co-mingled.

Technical Implementation

• GCP Serverless Infrastructure — All processing runs on Google Cloud in us-central1. No third-party data processors in the intelligence pipeline.
• Tenant Isolation at Rule Level — Access controls enforced at the data layer, not just the application layer. A misconfigured application cannot expose cross-tenant data.
• No Data Egress — Intelligence never leaves GCP boundaries without explicit Pilot authorization. Third-party enrichment APIs are evaluated for data sovereignty before integration.
• VPC Service Controls — Hard perimeter around GCP API calls. No service can make calls that bypass the VPC-SC boundary.

Why This Matters for Your Organization

For a Tribal nation, your intelligence about your jurisdiction's threat surface is sovereign data. For a credit union, your posture findings involve your brand surface — a competitive asset. For a county government, your exposure data is a matter of public trust. Enclave Architecture ensures none of this data is accessible outside your organization.