بBurhan

Security & sovereignty

Confidentiality is the foundation, not a feature.

Legal work demands a higher standard of confidentiality than most software is built for. Burhan is engineered around that standard from day one.

Privacy by design

Your documents are processed exclusively for the purposes you authorise. Burhan does not silently train foundation models on client data, and we make that contractual.

Local hosting options

For institutions with data residency requirements, Burhan can be deployed on infrastructure hosted in Morocco — including dedicated single-tenant configurations.

Controlled AI usage

AI calls go through a tightly scoped gateway. We operate a curated set of models, with no uncontrolled exposure of your documents to third-party services.

No external data leakage

Documents, prompts and outputs remain inside your tenant. Where third-party models are used, content is transmitted under explicit contractual protections.

Auditability

Every document access, query and AI generation is logged. Administrators can review activity, scope permissions and produce audit trails on demand.

Regulatory awareness

Burhan is designed in accordance with the expectations of the CNDP and the broader Moroccan regulatory framework on personal data and professional secrecy.

Sovereignty

A clear answer to a critical question: where does your data live?

Local-first deployment

Institutions and firms with strict residency requirements can operate Burhan on infrastructure hosted in Morocco. Your documents, your indexes and your knowledge base never leave the Kingdom unless you explicitly choose otherwise.

Tenant isolation

Each client operates inside an isolated tenant with its own storage, access controls and audit boundaries. Cross-tenant access is structurally impossible.

Model governance

We continuously evaluate the underlying models for accuracy, bias and confidentiality posture. Sensitive workloads can be routed exclusively to models we control end-to-end.

Our commitments

What we will — and will not — do with your documents.

We will

  • — Process your documents only for the tasks you initiate
  • — Apply role-based access control across your organisation
  • — Maintain audit logs available to your administrators
  • — Honour data residency commitments in writing

We will not

  • — Use your documents to train foundation models
  • — Share your data with third parties without authorisation
  • — Send sensitive content to uncontrolled external services
  • — Hide where your data is processed or stored