Frequently Asked Questions

We specialize in regulated enterprises and media/advertising organizations, helping them implement enterprise-grade AI solutions.

We’re currently publishing research artifacts and sharing release updates.

Yes, we offer comprehensive support packages including maintenance, updates, and optimization services. Our Platform Partner program provides ongoing improvement, monitoring, incident response, and expansion into additional use cases.

We’re currently publishing research artifacts and sharing release updates.

Yes, we support both SAML 2.0 and OIDC (OpenID Connect) for SSO integration. We work with major identity providers including Okta, Azure AD, Google Workspace, and Auth0.

Yes, we support SCIM 2.0 for automated user provisioning and deprovisioning, enabling seamless integration with your identity management systems.

Yes, MFA is supported and can be enforced through your SSO provider or natively within our platform.

Yes, we support VPC deployments with dedicated infrastructure in your cloud environment. This provides full network isolation and allows you to manage encryption keys.

Yes, we support on-premise deployments using containerized infrastructure (Docker, Kubernetes). We can deploy in air-gapped environments with regular security updates and patches.

We can deploy in multiple regions (US, EU, Asia-Pacific) and support customer-specified data residency requirements. For VPC and on-premise deployments, data never leaves your infrastructure.

Active data is retained for the duration of the engagement. Backup data is retained for 30 days after contract termination. Audit logs are retained for 7 years (or per customer requirement). Processing data is deleted immediately after completion.

Upon contract termination or customer request, all customer data is deleted within 30 days with certified deletion confirmation. Data export is available in standard formats (JSON, CSV) before deletion.

No, we do not train models on customer data. Customer data is used only for inference and is not used to improve our models or shared with other customers.

Data processing occurs in the region specified by the customer. For SaaS deployments, we support US, EU, and Asia-Pacific regions. For VPC and on-premise deployments, all processing occurs within your infrastructure.

We implement multiple layers of protection: input sanitization, prompt validation, output filtering, and monitoring for suspicious patterns. Our RAG systems use citation-based responses that can be verified against source documents.

We implement permission-aware retrieval that respects source-level entitlements, query filtering to prevent unauthorized access, and audit logging of all queries. Data is isolated per tenant with no cross-tenant access.

We log all authentication, authorization, data access, and configuration changes. Logs are stored in tamper-proof storage with 7-year retention (configurable per customer). Real-time log streaming and search capabilities are available.

We have a defined incident response process with initial response within 4 hours for critical issues. Customers are immediately notified of any security incident affecting their data, with regular status updates and a post-incident report within 30 days. Contact security@ishtar-ai.com for security concerns.

Customer-specific customizations, prompts, and fine-tuned models are owned by the customer. Our platform code and general frameworks remain our IP, but all customer-specific work product is owned by the customer.

We provide perpetual licenses for custom-built solutions. Our Platform Partner program includes ongoing updates and improvements. See our Terms of Service for detailed licensing information.

For Platform Partner customers, we provide 24/7 support with 4-hour response time for critical issues. Standard support includes business hours coverage with 8-hour response time for high-priority issues.

We follow a structured incident response process: immediate triage, customer notification, regular status updates, root cause analysis, remediation, and post-incident reporting. Critical incidents receive 4-hour initial response with 24-hour resolution target.

We integrate with major enterprise systems including SharePoint, Confluence, Slack, Microsoft Teams, Active Directory, Okta, Azure AD, and various databases and APIs. Custom integrations can be built as part of engagements.