Skip to main content
SECURITY

Your data,
under lock and key.

Weather moves fast, shifts without warning, and compounds in ways no rule-based system can anticipate. Thagorus is built to handle that complexity gracefully — so your team never has to.

Last updated: February 2026

Q3 2026SOC 2 Type II
ActiveGDPR Compliant
ActiveCCPA Compliant
AES-256 at Rest
TLS 1.2+ in Transit
NIST AI RMF Aligned
Q3 2026SOC 2 Type II
ActiveGDPR Compliant
ActiveCCPA Compliant
AES-256 at Rest
TLS 1.2+ in Transit
NIST AI RMF Aligned
ISO 27001 Planned
EU AI Act Review
Zero PII Processing
Tenant Isolation
Immutable Audit Logs
Role-Based Access
ISO 27001 Planned
EU AI Act Review
Zero PII Processing
Tenant Isolation
Immutable Audit Logs
Role-Based Access
Model Safety Architecture

Designed for the pace
of the real world

Every recommendation passes through five safety gates before it reaches your team. Confidence intervals, break conditions, anomaly detection, and human review work together to ensure the model stays honest — especially when conditions change quickly.

security.weathervane.io/chain
WeatherDataCausalModelConfidenceGateBreakCheckHumanReviewEVERY RECOMMENDATION PASSES THROUGH ALL FIVE STAGES
±σ

Confidence Intervals

Every recommendation ships with a 90% credible interval. The model doesn’t just say ‘shift $45K to sunscreen’—it says the expected lift falls between $38K and $52K. When conditions change, intervals widen in real time and recommendations soften automatically.

HALT

Break Conditions

The model knows when to stop. When forecast uncertainty crosses physics-informed thresholds, recommendations pause automatically and surface for human review. Break conditions are derived from the causal structure of weather–demand relationships, not arbitrary cutoffs.

DETECT

Anomaly Detection

When observed conditions fall outside the training distribution—extreme heat, unprecedented compound events, novel weather patterns—the model detects the regime shift, pauses affected recommendations, and flags for human review. No hallucinated extrapolation.

CASCADE

Cascade Protection

A single weather event can affect dozens of markets, categories, and active campaigns simultaneously. Cascade protection coordinates the response—pausing, adjusting, and re-scoring affected recommendations in minutes, not hours.

DEGRADE

Graceful Degradation

When a data feed goes stale or a signal drops out, the model doesn’t crash or hallucinate. It detects the gap, falls back to a reduced-signal sub-model with widened intervals, and clearly annotates every downstream recommendation with the limitation.

AUDIT

Audit Trail

Every recommendation links back to the exact weather observations and causal estimates that drove it. Evidence bundles are versioned, reproducible, and exportable—so you can always answer ‘why did the model recommend this?’ with specifics.

Data Handling

What data Thagorus touches
— and what it does not

Thagorus processes weather data and aggregated demand signals. It does not collect, store, or process personally identifiable information (PII). Client data is strictly isolated.

Weather Data
Sourced from public APIs (NOAA, Open-Meteo) and licensed commercial feeds. No proprietary client data enters the weather pipeline.
Tenant Isolation
Multi-tenant architecture with strict partition enforcement. Every read and write operation is scoped to the authenticated tenant.
No PII Processed
Thagorus operates on aggregated demand signals -- category-level sales, spend, and forecasts. No individual consumer data enters the platform.
Encryption
Data encrypted at rest (AES-256) and in transit (TLS 1.2+). Database-level encryption with managed key rotation.
Retention & Deletion
Retention windows are policy-bound and configurable per contract. On exit, verified deletion workflows produce auditable receipts.
Data Portability
Export your data at any time via API in CSV or Parquet format. Your data remains yours -- Thagorus holds no exclusive rights.
Compliance

Current status and roadmap

We believe in honest disclosure. The badges below reflect our actual compliance status — not aspirational claims. Where we are still working toward a certification, we say so.

SOC 2 Type IIAssessment Q3 2026

Control families mapped, evidence collection underway. Formal assessment planned Q3 2026 with target completion by Q4 2026.

GDPRCompliant by design

No PII processed. Aggregated demand data processed under legitimate interest with appropriate DPAs. DPA available on request.

CCPACompliant by design

No consumer personal information collected, sold, or shared. Thagorus processes category-level business data only.

ISO 27001Design phase

ISMS scope and applicability mapping in preparation. Planned as follow-on to SOC 2 completion.

NIST AI RMFAligned, assessment pending

Safety architecture designed in alignment with NIST AI Risk Management Framework. Evidence bundles and break conditions are core governance artifacts.

EU AI ActUnder review

Advertising optimization use case being evaluated against EU AI Act risk categories. Transparency and human-oversight features designed for compliance.

AI Governance

Every decision, traceable

When a model recommends reallocating budget, you need to know exactly why. Every recommendation is an auditable artifact anchored to specific observations and causal estimates.

INTERPRETABILITYEvery recommendation ships with a full evidence bundle—the specific weather observations, causal coefficients, and temporal patterns that drove it. You get the reasoning chain, not an opaque score.
BIAS MONITORINGModel performance is tracked across 210+ DMAs, 18 product categories, and 4 climate zones. Systematic regional biases trigger automatic recalibration before they compound into recommendation drift.
VERSION PINNINGModel updates never propagate silently. Your campaigns keep running on the version you tested until you explicitly upgrade. Every version includes a changelog with weather-scenario backtests.
PRIVACY BY DESIGNPartial pooling lets the model learn general weather–demand relationships across tenants without sharing any individual client’s performance data. Only statistical parameters are pooled. Raw client data never leaves the tenant boundary.
REC FRAMINGAll outputs are labeled as recommended actions with confidence intervals anchored to specific conditions. Revenue projections are clearly marked as conditional estimates, not guarantees.
Infrastructure

Technical security posture

Thagorus’s infrastructure is designed for isolation, auditability, and defense in depth.

CLOUDAWS with managed compute, storage, and networking. US-based data residency by default; regional options available.
ENCRYPTIONTLS 1.2+ for all data in transit. AES-256 encryption at rest for all stored data. Managed key rotation with cloud KMS.
AUTHAPI authentication via scoped API keys and JWT tokens. Role-based access control with tenant-scoped permissions.
RATE LIMITPer-tenant rate limits with configurable thresholds. Burst protection and gradual backoff.
AUDITAll model runs, approvals, and execution events logged with immutable audit trails. Full recommendation replay traces.
DEPSAutomated dependency scanning and vulnerability monitoring. Container images rebuilt from verified base images on regular cadence.
Incident Response

From signal to
response in minutes

When conditions shift, Thagorus responds automatically. Here is the full sequence — from detection through audit — for a major weather event affecting active campaigns.

T+0

Forecast shift detected

A revised weather advisory arrives. Thagorus ingests the updated data within 90 seconds and identifies every affected market across the active campaign set.

T+2m

Break conditions triggered

Physics-informed thresholds fire across affected DMAs. Active recommendations in impacted categories are flagged for immediate re-evaluation.

T+5m

Recommendations re-scored

The model pauses, widens, or adjusts every affected recommendation based on the new forecast. Unaffected campaigns continue unchanged.

T+8m

Clients notified with full context

Affected dashboards show amber status indicators. Revised confidence intervals, pause reasons, and the underlying weather provenance are visible in one click. No silent changes.

T+15m

Degraded signals isolated

Feed-health monitors detect any stale or missing data streams. Affected markets fall back to reduced-signal sub-models with clearly annotated limitations.

T+1h

Audit bundle generated

A complete evidence package is assembled automatically: every data point, every threshold triggered, every recommendation modified, and the full causal chain. Versioned, reproducible, ready for review.

For security concerns, contact security@schmiedehaus.com. We acknowledge security reports within 24 hours and provide status updates within 72 hours.

Legal

Disclaimers

Revenue projectionsAll revenue estimates, lift projections, and performance figures are illustrative only. Actual results will vary. Past performance is not indicative of future results.
Simulated dataInteractive demonstrations use simulated data to illustrate model capabilities. They do not represent actual client outcomes.
Academic citationsReferences to academic papers, methodologies, and frameworks do not imply endorsement by cited authors or institutions.
Stress Tests

Built for edge cases

The real test of a safety system is what happens off the happy path. Four scenarios that exercise every layer of the architecture.

Forecast reversal

A mid-week cold front drops the outlook from 95°F to 72°F with rain. Thagorus detects the reversal within minutes, widens confidence intervals on heat-driven recommendations, triggers break conditions on affected campaigns, and surfaces revised budget allocations. The original evidence bundle is preserved alongside the new one — full before-and-after provenance, always.

Compound events

Extreme heat and hazardous air quality overlap in the same market. The model recognizes the compound regime: normal heat-driven demand patterns invert when outdoor activity becomes unsafe. Thagorus pauses outdoor recommendations, widens intervals to reflect the unprecedented overlap, and flags the compound event for human review. It does not pretend it has seen this combination before — it says so explicitly.

Out-of-distribution data

A record-breaking observation exceeds anything in the training data. The out-of-distribution detector fires immediately. Instead of extrapolating into unknown territory, Thagorus pauses affected recommendations, sets intervals to maximum width, and surfaces a clear alert with the nearest historical analog. No hallucinated recommendations. No blind extrapolation.

Human override

A break condition fires, but the client’s team overrides the pause and continues the campaign. Thagorus logs the override with identity and timestamp, annotates the recommendation as human-overridden, continues monitoring, and generates a post-campaign comparison: override period vs. model recommendation. Accountability is preserved in both directions.

Request Security Assessment

We are happy to walk through our security architecture, share compliance documentation, or discuss specific requirements for your organization.

Or email security@schmiedehaus.com directly.