Security
Security-first architecture, not an afterthought
TraceMap is built on the assumption that trust has to be earned at every layer — from how it connects to your systems to how it handles what it finds.
Runs in your cloud
TraceMap deploys inside your own cloud environment. Your data stays within the boundary you already control.
Bring Your Own Model
BYOM support means you choose the model TraceMap uses, and it runs within your environment — your code and metadata never leave it.
Read-only by design
Every connection TraceMap makes to a data source is strictly read-only. There is no path for TraceMap to write to, or modify, your systems.
Credential isolation
The AI never sees or handles your credentials. Access is managed through the isolation your infrastructure already enforces.
Data sanitization
Sensitive data is sanitized before any model call, reducing what a model is ever exposed to in the first place.
Audit trail & provenance
Every lineage relationship carries provenance — where it was found and how it was verified — so your audit trail is built in, not bolted on.
AI you can audit
This is the “gates” in Reason Gates
TraceMap treats AI output as a hypothesis until it’s verified — never a fact you have to take on faith.
Schema-checked
Verified against your live schemas before it is ever accepted.
Confidence-scored
Every finding carries a signal for how sure TraceMap is.
Human-reviewed when uncertain
Routed to a data steward, with the AI’s reasoning attached.
Provenance on every edge
See exactly where a relationship was found, not just the result.
Compliance-ready
Built for regulatory use cases
TraceMap is designed for the audit-grade, column-level lineage regulatory work requires. These are use cases TraceMap is built to support — not certifications we claim to hold.
BCBS 239
Produce the column-level, provenance-backed lineage that risk data aggregation and reporting principles like BCBS 239 call for.
GDPR data-mapping
Trace personal data across systems down to the column, supporting the data-mapping work GDPR compliance depends on.
Talk to us about your security requirements.
We're glad to walk your security and compliance team through the architecture in detail.
Prefer email? hello@reasongates.com