Deployment models
Vendor-hosted
Counterpass operates the environment in an isolated tenant. Default for pilots and the fastest path to a working deployment.
AVAILABLE
Tenant-isolated production
Per-customer tenant with row-level data isolation, dedicated configuration, and a tenant-scoped audit log. Available on production contracts.
AVAILABLE
Dedicated deployment
Dedicated infrastructure inside the Counterpass-operated environment for customers who require single-tenant compute and storage.
SCOPED
Customer-cloud / sovereign
Deployment into a customer-controlled cloud account or sovereign environment. Scoped per engagement; timelines confirmed at briefing.
ROADMAP
Security and controls
Role-based access
Role separation across compliance analyst, operations lead, reviewer, and program admin seats.
Tenant isolation
Per-tenant data isolation enforced at the row level. Activated per engagement.
Audit logging
Tenant-scoped log of user actions, overrides, and evidence additions, retained for the contract term.
Configurable retention
Data and audit retention windows configurable per engagement to match internal policy.
Evidence attachments
Structured evidence attachments preserved against the originating case file.
Workflow approvals
Configurable approval steps before a case is marked review-ready or routed for sign-off.
Integration posture
Shipment and entry
Booking, manifest, entry, and consignee feeds delivered via secure file transfer or API.
Vessel and routing
AIS or equivalent vessel-movement data and port-call history where relevant.
Sanctions and watchlists
Sanctions, denied-party, and customer-supplied watchlist references.
Ownership and entity
Beneficial-owner and corporate-registry references where the customer has access.
Identity
SSO via standard providers (SAML, OIDC) in scope per engagement.
Outbound
Case file export, reporting, and audit-log export configured per engagement.
Engage