DocMark

Security one-pager

Trust boundaries, egress classes, consent gates, and fail-closed rules — on one page your security team can file.

A condensed reference for security review. The full treatment is on the security page; this is the file-and-forward version.

Trust boundaries by deployment mode

  • On-prem (Mode 1) — runs on your own hardware, air-gapped. Nothing crosses your network edge: no internet, no model, no DocMark. You author; DocMark renders and verifies locally.
  • Client cloud (Mode 2) — runs in your own cloud tenant. Everything stays inside your cloud boundary; the only external call is to your own LLM account, under your contract.
  • DocMark cloud (Mode 3) — runs on DocMark’s managed Azure. DocMark processes content, but user identity and PII never reach the rendering plane.

Egress classes — the two meanings of “zero-egress”

  • On-prem zero-egress = no network egress at all. The render sandbox has no internet; the deployment can run fully air-gapped.
  • DocMark-cloud zero-egress = no PII to the execution plane. The control plane holds identity; the worker that renders never receives the user’s email or principal — only the job content it must render.
  • Client cloud is deliberately not labelled zero-egress — content reaches your chosen LLM, but only within your own tenant and account.
  • Synthetic media (video, presenter likeness, voice) — when it ships, it is consent-gated and disclosed per client brand. No likeness or voice is generated without explicit, recorded enablement, and outputs carry a disclosure.

Fail-closed rules

  • The verification gate withholds. Anything that fails visual-QA is not delivered — it is withheld with findings. There is no “ship it anyway” path.
  • Pixels never come from AI. Rendering is deterministic, tested code; the model authors content, never the final pixels.
  • No PII to the execution plane (DocMark cloud) is enforced by construction, not by policy.
  • On-prem stays offline. The render sandbox refuses network access, and a public bind is refused unless the sandbox is explicitly configured.
  • Every deliverable is labelled with its confidentiality class and a brand-provenance record, written by the pipeline itself — so the claim can never drift from reality.

Last updated: 26 June 2026.