Aleutian Logo Aleutian
Get Started

Self-hosted AI conversation audit

The Enterprise tier provides the same hash-chained audit capabilities as the Pro managed service, deployed on your own infrastructure. Audit data never leaves your network, and the system integrates with existing identity and security tooling.

On-prem

data residency

SAML

identity integration

SIEM

log streaming

Custom

SLA and support

What Enterprise provides beyond Pro

The Enterprise tier includes all Pro capabilities (browser extension capture, API proxy, code tool proxy, hash-chained storage) plus the following infrastructure and integration features.

Self-hosted deployment

Deployed on your Kubernetes cluster via Helm chart. Audit data stored in your own infrastructure and never transmitted externally.

SAML/SCIM identity integration

Integrates with Okta, Azure AD, and other SAML providers for single sign-on. SCIM provisioning for automated user lifecycle management.

SIEM log streaming

Audit log entries stream to Splunk, Sentinel, or other SIEM platforms in real time, allowing correlation with existing security event data.

Dedicated support and custom SLA

Named account team with agreed response times, custom uptime commitments, and priority issue resolution.

Same capture sources as Pro

The Enterprise deployment captures the same three categories of AI usage. The difference is where the data is stored and how it integrates with your security infrastructure.

  • Browser extension
    Force-installed via Chrome Enterprise policy. Captures conversations in ChatGPT, Claude, Gemini, and Grok. Extension reports to your self-hosted backend rather than Aleutian's cloud.
  • API proxy
    Applications route API calls through your self-hosted proxy instance. Traffic stays within your network perimeter.
  • Code tools
    Environment variables point Claude Code, Copilot, and Cursor at your internal proxy. MDM-enforced configuration prevents override.
Contact sales Technical FAQ

Deployment architecture

The Enterprise system is deployed on your Kubernetes cluster. The browser extension, API proxy, and code tool proxy all report to your internal backend instance.

Self-hosted backend

The Aleutian backend runs as a Helm-deployed set of services on your Kubernetes cluster. Audit data is stored in your own database and object storage. No data is transmitted to Aleutian's infrastructure. 

helm install aleutian aleutian/enterprise \
  --set identity.provider=okta \
  --set siem.target=splunk \
  --set storage.region=eu-west-1

Enterprise capabilities

  • SAML/SCIM single sign-on (Okta, Azure AD, Google)
  • SIEM streaming (Splunk, Sentinel, Elastic)
  • Role-based access control with namespace isolation
  • Data residency controls (region-specific storage)
  • High availability with automatic failover
  • Dedicated support with custom SLA
  • Custom data retention policies
  • Compliance report automation (SOC 2, GDPR, HIPAA)

Data flow

All captured AI conversations flow through a single pipeline regardless of source. The pipeline runs entirely within your network perimeter.

Capture

Browser extension observes web-based AI chats. API proxy intercepts programmatic calls. Code tool proxy captures developer tool usage.

  • ChatGPT, Claude, Gemini, Grok (browser)
  • OpenAI, Anthropic, Azure (API)
  • Claude Code, Copilot, Cursor

Process

Each captured message is scanned for PII, attributed to a user, and appended to the hash chain. The hash chain is append-only and tamper-evident.

  • PII detection and alerting
  • User attribution via SSO
  • SHA-256 hash chain linkage

Store and stream

Audit entries are persisted in your internal storage and simultaneously streamed to your SIEM for correlation with other security events.

  • Internal database + object storage
  • Real-time SIEM streaming
  • Dashboard and compliance reports

Pro managed service vs. Enterprise self-hosted

Both tiers provide the same core audit capabilities. The distinction is where data resides and how the system integrates with existing infrastructure.

Pro (managed)

Hosted on Aleutian's GCP infrastructure.

  • Browser extension + API proxy + code tools
  • Hash-chained audit storage
  • PII detection
  • Dashboard and compliance exports
  • US or EU data residency
  • 99.9% uptime SLA

Enterprise (self-hosted)

Deployed on your Kubernetes cluster.

  • All Pro capabilities
  • Data stays on your infrastructure
  • SAML/SCIM identity integration
  • SIEM log streaming
  • Custom data retention policies
  • RBAC with namespace isolation
  • Dedicated support with custom SLA
  • Air-gapped deployment option
Contact sales

Open core model

The hash chain verification logic is open source under AGPLv3. The Enterprise tier adds the deployment infrastructure, identity connectors, and security integrations required for organizational use.

FOSS verification tools

License: AGPLv3

The core hash chain verification library is publicly available. Organizations can independently verify the integrity of their audit logs without depending on Aleutian's infrastructure or services.

View on GitHub

Enterprise (commercial)

License: Commercial EULA

The commercial tier provides the deployment and integration layer: Kubernetes Helm charts, SSO connectors, SIEM streamers, managed browser extension distribution, and dedicated support.

Request pricing

Technical questions

Common questions from security and IT teams evaluating the Enterprise deployment.

Does audit data ever leave our network?

In the self-hosted deployment, no. The browser extension reports to your internal backend instance, the API proxy runs on your infrastructure, and all storage is within your network perimeter. The only external communication is license validation (configurable for air-gapped environments).

How does the browser extension authenticate with our backend?

The extension authenticates using your existing SSO provider. When a user logs into their managed browser, the extension obtains credentials through your SAML identity provider. All captured conversations are attributed to the authenticated user.

Can users disable or bypass the capture mechanisms?

The browser extension is force-installed via Chrome Enterprise policy and cannot be removed by users. The API proxy is enforced via network rules (blocking direct provider access). Code tool environment variables are pushed via MDM with restricted override permissions.

What happens if someone tampers with the audit database?

The hash chain breaks. Verification recomputes all SHA-256 hashes and identifies the exact entry where the chain was disrupted. Periodic signed anchors (stored separately) provide additional tamper detection even if the primary database is compromised.

What are the infrastructure requirements?

The Enterprise deployment requires a Kubernetes cluster (any managed K8s provider or on-premises), a PostgreSQL-compatible database, and object storage (S3-compatible). The system is stateless at the application layer and scales horizontally.

Enterprise

Request technical briefing

For organizations evaluating the self-hosted deployment, we provide a technical walkthrough covering architecture, integration requirements, and deployment planning.

Contact sales
Inquiry

Request information

Provide your details and we will arrange a technical discussion.