Platform. Security & Compliance

Enterprise-grade.
By design, not by afterthought.

LazyFox was built for regulated, sensitive, and complex enterprise environments from day one. Your data never reaches a model. Your permissions never leave your control. Your knowledge layer runs wherever your compliance requirements demand.

Book a Demo → See how data abstraction works
Real values substituted at execution time — inside your environment, never in the model·
Column-level access control — down to which fields each role can see in AI query results·
Cloud or on-prem — full feature parity across both deployment models·
No raw data transmitted to any external API at any point in the query lifecycle·
Full audit trail — every definition change, who made it, when, and what changed·
Existing IdP permissions mapped directly in — no rebuilding access control from scratch·
Real values substituted at execution time — inside your environment, never in the model·
Column-level access control — down to which fields each role can see in AI query results·
Cloud or on-prem — full feature parity across both deployment models·
No raw data transmitted to any external API at any point in the query lifecycle·
Full audit trail — every definition change, who made it, when, and what changed·
Existing IdP permissions mapped directly in — no rebuilding access control from scratch·
The Core Principle

Your data doesn't belong to an AI model. Neither should your context.

Most AI infrastructure asks you to make a trade: capability in exchange for exposure. Data gets sent to external APIs. Context gets processed by third-party models. Definitions get stored in someone else's system.

LazyFox is built on a different premise. Your raw data never touches a model. Your knowledge layer stays under your control. And your permissions follow your existing organizational structure, not a new one you have to build.

Typical AI infrastructure LazyFox
Raw data sent to external model APIs
Data read locally, abstractions sent to models
Context stored in third-party systems
Knowledge layer runs in your environment
Access control rebuilt from scratch
Existing IdP permissions mapped directly in
No audit trail for AI-used definitions
Full change history for every semantic unit
Locked to one model provider's infrastructure
Model-agnostic, swap without data re-exposure
Data Abstraction
1
LazyFox reads your data
Connected source: invoices table
customer_id: C-00482
amount: € 84,720.00
status: "offen"
due_date: 2026-07-31
Full record access, used for indexing and statistical profiling.
2
Statistical context built, not raw values
amount: DECIMAL(10,2) · range €0–€2M · monthly
status: ENUM · ["offen","bezahlt","storniert"]
due_date: DATE · 30d avg cycle · no nulls
Data ranges, value sets, formats, and relationship context, no actual values.
3
Sensitive values replaced with variables before LLM
SELECT SUM({{amount_var}}) FROM invoices
WHERE status = {{status_var}}
AND due_date < {{date_var}}
Model generates code against typed abstractions. No real values seen.
4
Real values substituted at execution, inside your environment
SELECT SUM(amount) FROM invoices
WHERE status = 'offen'
AND due_date < '2026-08-01'
Query runs against your data in your environment. Result returned to the user.

Your data is read.
It is never shared with a model.

LazyFox reads all data it has access to in your connected systems, actual records, alongside schemas and field names. This is what makes deep semantic indexing possible: understanding data ranges, value patterns, formats, update frequencies, and relationship context across all your connected systems.

What LazyFox never does is send that data to a model. Before any query reaches an AI model, sensitive field values are replaced with typed abstract variables. The model receives statistical and structural representations of your data (ranges, formats, contextual metadata) and generates code against those abstractions.

Real values are substituted back only at execution time, inside your environment. The model never sees them.

  • Customer records and financial data indexed locally, never transmitted
  • AI models operate on abstractions, not actuals
  • No raw data sent to any external API at any point in the query lifecycle
  • Compliance with data residency requirements is structurally enforced, not policy-dependent
Access Control

Granular permissions.
Across everything.

LazyFox ships with a full enterprise permission model, configurable at every level of the system, from which semantic units a team can view down to which columns are visible in AI-generated query results for a given role.

Existing permission structures from your identity provider map directly into LazyFox. You don't rebuild access control from scratch.

Supported Identity Providers
Okta Azure AD / Entra ID SAML 2.0 OAuth 2.0 / OIDC + more on request
🏛️
Organization level
Global policies, environment-wide settings, deployment configuration
👥
Group & team level
Domain visibility, which semantic units a team can view or propose, shared context scope
👤
Role & user level
RBAC mapped from IdP, who can approve definitions, what context surfaces in AI responses
📋
Column level
Which systems a role can query through LazyFox, down to which columns are visible or masked in AI-generated query results, per role
A controller and a sales analyst can query the same underlying metric and receive the correct, role-appropriate result, without either seeing data or context they shouldn't.
Deployment

Cloud or on-prem.
You decide where your knowledge lives.

Deployment model is a configuration choice, not a separate product. Feature parity is maintained across both options.

Cloud. SaaS

Fully managed.
Ready in days.

Fully managed by LazyFox. Data processed and stored within your selected cloud region. Suitable for organizations with standard enterprise compliance requirements.

  • Managed infrastructure, no deployment overhead
  • Data residency in your selected cloud region
  • Automatic updates and uptime SLAs
  • SSO and IdP integration included
On-Premises

Fully contained.
Your environment.

LazyFox deployed entirely within your network boundary. No data, metadata, or semantic definitions leave your environment. All AI model calls route through your own model infrastructure or approved enterprise API agreements.

  • No data or metadata leaves your environment, ever
  • AI model calls routed through your own infrastructure
  • Meets data sovereignty requirements that prohibit cloud processing
  • Suitable for financial services, healthcare, and public sector
Recommended for regulated industries and data sovereignty requirements
Same product. Same features. The choice between cloud and on-premises does not affect what LazyFox can do, only where it runs. Teams often start with cloud and migrate to on-premises as deployment matures.
Model & Token Governance

Control what your AI infrastructure costs and consumes.

AI token consumption is an operational and financial risk that most enterprises underestimate, until a single feature triggers unexpected reasoning loops and exhausts a month's budget in a day.

LazyFox gives administrators granular control over every AI service in the platform: enable or disable individual services, set budgets and rate limits, monitor consumption by service, user, and department, and configure which model handles which task type.

You always know what your AI infrastructure is spending. And you always control it.

AI Service Control. Finance domain
Embedding text-embedding-3-large · Indexing only
22%
Intent Recognition claude-haiku · Per query
58%
Extended Reasoning claude-opus · Complex queries
84% ⚠
Code Completion Disabled by admin
Deterministic Outcomes

The full intelligence of AI.
The reliability of code.

LLMs are powerful at understanding intent, interpreting ambiguous language, and generating complex logic, but they are, by design, probabilistic. They produce outputs that are likely correct, not outputs that are guaranteed correct.

For regulated industries, "likely correct" is not a standard you can operate on.

LazyFox uses AI at the reasoning layer, to interpret a natural language question, understand semantic context, and generate the appropriate query logic, but executes against your actual data using code. That means the same query, against the same data, always produces the same result.

  • AI-generated answers that vary across identical queries are a liability in regulated reporting
  • Auditors, regulators, and finance teams need results they can trace and reproduce
  • Code execution against real data is verifiable, probabilistic model outputs are not
Pure LLM answers LazyFox
Probabilistic, same question, varying answers
Deterministic, same query, same result, always
Model may hallucinate figures from training data
Executes as code against your actual live data
Output is not reproducible or auditable
Every result is traceable back to the query and data
Confidence without correctness guarantee
Natural language in. Verified code execution out.
LazyFox gives you both: the expressiveness of natural language at the input, and the reliability of deterministic code at the output. No hallucination. No probabilistic drift. Just the right answer, every time.
Semantic Manager. Audit Log
Live
Definition approved, "Monthly Recurring Revenue (Finance)"
sarah.chen@company.com Today, 14:32 Finance domain
Conflict resolved, "Revenue" definition aligned between Finance and Sales domains
thomas.b@company.com Today, 11:15 2 domains affected
Definition edited ("Churn Rate") attribution window changed from 30d to 90d
jan.m@company.com Yesterday, 16:48 Previous: 30-day window
New domain created ("DACH Revenue Operations") 12 initial definitions imported
admin@company.com Jun 12, 09:03 12 units added
Auditability

A full audit trail for every definition that matters.

Every change to your semantic layer is logged: who changed it, what it was before, what it is now, and when. For organizations where auditability is a compliance requirement (financial services, healthcare, public sector) auditability is the baseline.

  • Full version history for every semantic unit
  • Change attribution at the user level
  • Approval and rejection logs for governed definitions
  • Conflict resolution history, who resolved it and how
  • Export-ready compliance reports on request

Security questions? We have answers.

Talk to our team about your specific compliance requirements, deployment constraints, or data residency needs, before you evaluate, not after.

Book a Demo