Skip to main content
Control which AI providers handle your organization’s requests. Define policies based on trust tiers, compliance certifications, and data residency requirements. All decisions are logged for audit trails.
Shared Responsibility: AI governance is a shared responsibility between your organization and Case.dev. While we provide the tooling to enforce provider policies, your compliance team is responsible for validating that specific provider configurations meet your regulatory requirements.

Quick Start

Get governance controls running in under 5 minutes. 
curl https://api.case.dev/governance \
  -H "Authorization: Bearer sk_case_xxx"

curl -X POST https://api.case.dev/governance \
  -H "Authorization: Bearer sk_case_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "SOC 2 Compliant",
    "rules": {
      "minimumTrustTier": "most_trusted",
      "requireSoc2": true,
      "enforcement": "hard_block"
    }
  }'

curl -X POST https://api.case.dev/llm/v1/chat/completions \
  -H "Authorization: Bearer sk_case_xxx" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "claude-sonnet-4-20250514",
    "messages": [{"role": "user", "content": "Analyze this contract"}],
    "governance_policy": 2
  }'

How It Works

Governance Flow
┌─────────────────┐     ┌─────────────────┐     ┌─────────────────┐
│   LLM Request   │ ──▶ │ Policy Engine   │ ──▶ │ Provider Router │
│                 │     │                 │     │                 │
│ model: gpt-4o   │     │ Check trust     │     │ Allowed: ✓      │
│ policy: 1       │     │ Check compliance│     │ Route to OpenAI │
└─────────────────┘     └─────────────────┘     └─────────────────┘


                        ┌─────────────────┐
                        │   Audit Log     │
                        │                 │
                        │ timestamp, model│
                        │ policy, allowed │
                        └─────────────────┘
Every LLM request is evaluated against your active governance policy:
  1. Policy Selection - Default policy or specified by governance_policy slot
  2. Trust Tier Check - Provider must meet minimum trust tier
  3. Compliance Check - Provider must have required certifications
  4. Enforcement - Block, warn, or allow based on policy configuration
  5. Audit Logging - All decisions are logged for compliance reporting

Core Concepts

Trust Tiers

Providers are categorized into trust tiers based on their compliance posture:
TierDescriptionUse Case
most_trustedFull enterprise compliance (SOC 2, HIPAA, BAA, ZDR)Healthcare, financial services
trustedGood compliance, may lack some certificationsGeneral enterprise
sketchyLimited compliance info availableDevelopment/testing only
untrustworthyChina-based, subject to national security lawsAlways blocked

Compliance Certifications

CertificationDescription
SOC 2 Type IISecurity, availability, processing integrity controls
HIPAAProtected health information handling
BAABusiness Associate Agreement available
ZDRZero Data Retention - no training on your data
ISO 27001Information security management
GDPREU data protection compliance

Enforcement Modes

ModeBehavior
hard_blockRequest fails with 403 error
soft_blockRequest fails, but logged as violation
warnRequest proceeds, violation logged

Shared Responsibility Model

ResponsibilityCase.devCustomer
Policy configurationProvides toolsConfigures policies
Provider compliance verificationProvides dataValidates for your use case
Audit log retention30 daysExport for longer retention
Regulatory compliance determination-Your responsibility
Provider BAA execution-Your responsibility
Data handling by providers-Your responsibility
Provider Compliance Data: We aggregate compliance information from provider documentation, but you should verify certifications directly with providers for your specific regulatory requirements.

Next Steps

Provider Registry

View all providers with their trust tiers and compliance certifications.

Policy Configuration

Create and manage governance policies for your organization.

Audit Logging

Query audit logs and generate compliance reports.

LLM API

Use governance policies with the Chat Completions API.