Zero Data Retention
Token101 runs prompt and completion payloads in memory and does not persist customer content to disk. You can verify this in deployment review.
AI SECURITY IS ARCHITECTURE.
Pixel Penguin Labs builds enterprise AI systems for teams that need Claude implementation, model routing, and data controls to survive regulated production environments.
No Model Training
Customer prompts, documents, and proprietary data are not used to train or improve foundation models. Contractual guarantee.
Bring Your Own Keys
Enterprise clients route through controlled key material using AWS KMS or HashiCorp Vault. Your keys, your control.
Operational Controls.
Edge DLP
PII, secrets, and high-risk identifiers are masked before payloads reach external model providers. Compliance teams can verify every payload boundary.
Metadata Auditability
Token count, timestamp, user, cost, and routing metadata can be retained without retaining payload content. Audit without exposure.
Deployment Choice
Token101 can be delivered as managed SaaS, VPC-peered infrastructure, or air-gapped deployment. Architecture matches your compliance requirements.
Compliance Map.
SOC 2 Type II
Readiness roadmap
Internal control mapping, availability planning, and evidence preparation. SOC 2 Type II in progress. We will not claim certification before the auditor signs.
HIPAA
Architecture pattern
Healthcare deployments require customer-specific BAAs, deployment review, and data-flow validation. We have shipped HIPAA-architecture Claude systems.
GDPR / CCPA
Privacy-oriented controls
Payload minimization, metadata-only observability, and deletion workflows support privacy review.
Claude provider privacy mapping
Implementation guidance
Enterprise data privacy expectations are mapped into routing and delivery practice without claiming approved partner status.
Security FAQ.
Does Pixel Penguin Labs store prompts or completions?
Token101 is designed for zero data retention of prompt and completion payloads. Operational metadata can be retained for billing and audit without storing payload content.
Can Token101 run inside a private cloud?
Yes. Token101 supports managed cloud, VPC peering, and on-premises or air-gapped deployment patterns for regulated environments.
How is sensitive data handled before model calls?
Payloads pass through Edge DLP controls that mask PII, secrets, and regulated identifiers before traffic reaches a frontier model provider. Compliance teams can verify the masking rules in deployment review.