🔒 Secure Retrieval Workflow Demo

End-to-End Encryption & Access Control Visualization

What this demo shows: SCRS acts as an AI Data Firewall between your organisation’s data and any AI tool.
It enforces access in two stages:
• Gate 1 controls what can be found (scope-constrained search).
• Gate 2 controls what can be seen (verify-before-reveal + decrypt).
Sensitive data can also be minimised/redacted before anything is sent to an AI model.
Environment: ...
Docs: 0 | Revoked: 0
Docs = Items ingested into the secure system. Revoked = Items that can no longer be decrypted.

These personas represent different access scopes (role + label + collection). The same search behaves differently depending on scope.

📁 Step 1: Ingest Document

Supports PDF, DOCX, TXT. Automatically detects PII.

When you upload a document, SCRS does three things:
1. Detects sensitive fields (PII/PCI/PHI) and applies a security label
2. Stores the real document encrypted in a secure store
3. Stores only a search representation (embedding + metadata pointer) in the search index
Important: The searchable index does not store full plaintext.

⚙️ Step 2: Security Pipeline

The pipeline prepares content for safe AI usage:
PII Detection: Identifies personal and regulated data
Sanitisation: Creates a safe representation for search and AI prompts
Policy Binding: Attaches scope rules (who can find, who can view)
Audit Logging: Records controls applied
Before any text is sent to an AI model, SCRS can redact it by policy.

💡 When AI is used, SCRS sends a redacted/minimised view by policy (not raw sensitive records).

System Ready for ingestion...

🚫 Unauthorized Access Simulation

This section demonstrates why SCRS is different from “filter later” systems: Bob cannot retrieve what he is not allowed to know exists.

Bob is an external consultant. He is logged into Tenant T1 but has:

  • Role: 'consultant'
  • Max Security Label: 'public'
  • Allowed Collections: 'legal' (NOT finance)
Active Scope Payload (JSON)
{ "tenant": "T1", "user_role": "consultant", "purpose": "review", "max_label": "public", "allowed_collections": ["legal"] }