SageGate

Technology & Security

Clear boundaries. Trusted foundations. SageGate combines Apple's native security frameworks with carefully scoped cloud services. Every capability below shows exactly which plans can use it.

Shared by every plan

These protections are part of the SageGate app whether you use the free experience or connect a cloud tier.

Native networking

URLSession + TLS

Requests use Apple's native URLSession networking stack and the operating system's TLS protections. SageGate does not add a third-party networking layer between the app and the services you choose.

Available on
FreeT2T3T4

Credential protection

Apple Keychain

API keys and supported connection credentials are stored with Apple's Keychain services instead of being placed in ordinary app settings or website storage.

Available on
FreeT2T3T4

Private document tools

On-device document reading

Supported PDFs, documents, spreadsheets, presentations, and text files can be read on the device. Local knowledge and search tools can work without sending those files through a SageGate cloud pipeline.

Available on
FreeT2T3T4

Cloud processing, with visible boundaries

Paid tiers add different levels of customer-controlled or managed cloud infrastructure. The tags identify where each module is available.

Cloud inference

Amazon Bedrock

T2 can route supported inference through the customer's own AWS access. T3 and T4 use Bedrock as part of their cloud processing paths, with access limited by plan and configuration.

Available on
T2T3T4

Scanned document extraction

Amazon Textract

When a managed pipeline receives a scanned PDF with too little readable text, Textract performs optical character recognition so the document can enter the same structured retrieval workflow.

Available on
T3T4

Structured processing

Markdown normalization

Extracted content is normalized into clean Markdown, divided into retrieval-ready chunks, and paired with document metadata. This keeps structure useful without preserving unnecessary layout noise.

Available on
T3T4

Semantic embeddings

Cohere Embed v4

The managed retrieval pipeline uses Cohere Embed v4 through Amazon Bedrock to represent document passages and searches in a multilingual vector space. Amazon Titan Text Embeddings v2 provides a controlled fallback.

Available on
T3T4

Retrieval infrastructure

S3 Vectors

Managed document embeddings are stored in isolated vector indexes and searched for relevant passages. This gives RAG and agentic workflows focused context instead of sending an entire library with every request.

Available on
T3T4

Storage boundary

Customer-owned or managed storage

T2 connects directly to an encrypted bucket in the customer's AWS account. T3 keeps the long-term document destination in the customer's AWS account. T4 provides a SageGate-managed encrypted tenant vault.

Available on
T2T3T4

Compliance-oriented foundation

Recognized AWS controls, without overstating the boundary.

AWS lists Amazon Bedrock and Amazon Textract as HIPAA-eligible services and as services in scope for its SOC 1, SOC 2, and SOC 3 reports. Those programs can support organizations building compliance-oriented workflows on SageGate's cloud tiers.

Service eligibility is not the same as automatic compliance. The customer's plan, AWS region and configuration, contracts such as a Business Associate Addendum when required, identity controls, data handling, and operating policies all remain part of the shared-responsibility model.

Cloud tiers
T2T3T4