Centurion

Security brief · For IT & security reviewers · v5.0.0

Your perimeter. Your Sovereign. Not our cloud.

Public AI tools pull company mail and documents into someone else’s platform. A Sovereign does the opposite: computation stays under the owner’s roof. Centurion Limited does not host, proxy, or train on your private world.

The objection we hear from IT

Teams often assume “AI connected to Microsoft 365 or Google Workspace” means unsafe exfiltration through a vendor cloud. With Sovereign, mail and documents are accessed only under your identity provider’s rules, with tokens kept on the owner’s machine. Centurion Limited never sits in the middle of that traffic.

PUBLIC AI vs SOVEREIGNPUBLIC AIMAILVENDOR CLOUD!DATA LEAVESSOVEREIGNUNDER YOUR ROOFSTAYS HOME
Figure · Public AI pulls mail into a vendor cloud; Sovereign keeps work under your roof

Security benefits of this model

Owned hardware, owned data

The Sovereign lives on customer-owned hardware. Private chat, documents, and mission work stay with the owner — not in a multi-tenant AI product.

Crypto Chat on your network

The iPhone companion talks to the Sovereign through Crypto Chat: end-to-end encrypted on the owner’s network. Public chatbots have no equivalent.

Fully offline when policy requires

When nothing may leave the room, Sovereign can operate without the public internet. Connectivity is a choice, not a dependency.

No stranger skill store

Sovereign does not install skills from unknown vendors. It builds what the owner needs locally, so third-party skills cannot quietly leak mail or documents.

Human approval for consequential steps

Serious actions stay under human authority. The machine works at machine speed; the owner decides when something leaves their control.

We do not train on your content

Centurion Limited does not receive private Sovereign inference data to train shared models. Your mail and documents are not our product fuel.

Trust boundary

TRUST BOUNDARYPRIVATESOVEREIGN · CRYPTO CHATYOUR NETWORKWALLOUTSIDEPUBLIC CHATCOMPANY
Figure · Private world stays home; company and public chat stay outside

Connecting company email — best practice

When a principal needs mail assistance, IT should approve the same patterns used for any trusted desktop client: OAuth under your tenant, least privilege, revocable consent, and no third-party mail relay.

COMPANY MAIL · BEST PRACTICEYOUR IdPEntra / GoogleOAuth · least privilegeSOVEREIGNTokens on deviceMail stays localWALLCENTURIONLIMITEDNO MAIL RELAYIT CONTROLS CONSENT · REVOKE ANYTIME
Figure · Your IdP grants OAuth to the Sovereign; Centurion Limited never relays mail

Microsoft 365 / Exchange Online

Prefer Microsoft Graph with Entra ID (Azure AD) app registration — not shared passwords or unmanaged IMAP.

  1. Register an application in Entra ID under your tenant
  2. Choose delegated access for a named user, or application permissions only if IT policy requires it
  3. Request least-privilege Graph scopes for mail (read and/or send only as needed)
  4. Require admin consent for organisational policy
  5. Store refresh tokens only on the Sovereign — never in Centurion Limited systems
  6. Revoke or rotate access from Entra at any time
  7. Do not route mail through a Centurion cloud gateway

Google Workspace

Prefer Google OAuth with a Workspace-admin–controlled client — not password-based access.

  1. Create an OAuth client in Google Cloud under your organisation
  2. Allowlist the client in Google Workspace Admin as required
  3. Request least-privilege Gmail scopes only
  4. Store tokens only on the Sovereign
  5. Revoke access from Workspace Admin or the user’s Google account
  6. Do not route mail through a Centurion cloud gateway

Rules that apply to both

  • Mail content is processed on the Sovereign under the owner’s roof
  • Centurion Limited does not proxy, store, or train on company mail
  • IT retains control through the identity provider
  • If policy requires air-gap, leave mail disconnected — Sovereign still works offline
  • Document the approved scopes and consent path in your change record

What we do not claim

We do not claim FedRAMP, SOC 2, IL ratings, or military authorisations. Our position is architectural: owner-controlled hardware, encrypted private chat on your network, optional offline operation, and IdP-governed connectors. For a private security questionnaire or architecture review, contact us.

Share this brief with IT

Forward this page to your security team, or ask us for a written response to your questionnaire.

hello@1human1ai.com