AI & Guardrails
Where the LLM lives, what it sees, and what it never sees. Pick local, our private API, or bring your own keys.
Where the LLM runs · 3 options
Same product surface, three deployment shapes. You can mix per task — high-sensitivity tabs stay local, lower-stakes drafting can use a stronger frontier model if you opt in.
- Model
- Ollama · DeepSeek-R1 7B / Llama 3.1 / Mistral
- Harvesting
- No harvesting
- Internet egress
- None
- Audit
- Local, customer-controlled
- Best for
- Deals under NDA, sovereign data requirements, SOC 2 / GDPR posture.
- Zero egress
- Customer owns the model + weights
- No per-token billing
- Smaller models — slower complex reasoning
- You manage GPU box
- Model
- deepseek-r1:7b + SD 1.5 for visual aide
- Harvesting
- No harvesting
- Internet egress
- TLS to single endpoint
- Audit
- Per-request signed receipts, retained 30 days for your audit only
- Best for
- Teams that want strong privacy without owning hardware.
- No harvesting clause in MSA
- Flat-rate, predictable cost
- Same API surface as OpenAI
- Single-provider dependency
- Smaller model than frontier
- Model
- GPT-4 class · Claude Opus · etc.
- Harvesting
- Per provider TOS
- Internet egress
- Per provider endpoint
- Audit
- Per provider — we mirror to your audit log
- Best for
- Tasks where frontier reasoning materially changes the answer.
- Best-in-class quality
- You control the contract
- Data leaves perimeter
- Per-token cost
- Vendor data policy applies
Guardrail pipeline · ECharts
Every LLM call flows through scrub → policy → schema → router → inference → validator → provenance → signed audit. Click any node for the responsible scope item.
Where the LLM shows up in this pitch
Each Meridian view above has a recommended deployment + the specific guardrails we'd put on it.
- PII scrub on customer names
- Numbers must cite source cell
- No outbound web search
- Memo template enforced
- Numbers locked to schema
- Output diffed against actuals before save
- No external data injected
- Caveat block always appended
- User can swap to BYO key for higher quality
- File hashes logged
- Reviewer must accept tag
- Confidence threshold before auto-action
- Customer chooses to enable
- Customer-specific deny-list
- Audit log mirrored to client
Add to scope
Check items to build your estimate. Totals update live in the cart.
-
One interface, three back-ends. Per-tenant default + per-task override.
-
Regex + classifier pre-prompt. Allow/deny rules per role.
-
JSON-schema outputs, no free-form leakage, validator rejects malformed.
-
Every numeric claim must reference a source cell or document.
-
Prompt + response + model + version, signed and timestamped for diligence.
-
On-prem install, model management, GPU-or-CPU fallback, healthchecks.
-
Golden-set tests so model swaps don't silently change diligence answers.