See what was requested, what decision was made, and why.
EU-grade AI control layer
Put one control layer in front of every AI request.
Instead of each team calling models directly, PalmerAI routes requests through one gateway. The gateway checks policy, asks for approval when needed, and records evidence for later review.
Apply policy checks, approval gates, and incident controls in one place.
Export decision evidence for security, audit, and procurement reviews.
The question decision-makers ask
When leadership asks what happened, you need a clear answer in minutes, not a manual investigation.
When leadership asks
"Who approved this request, which rule applied, and what happened next?"
You need one timeline with clear ownership and timestamps.
Reality on the ground
Most teams have logs, but not decision context. Data is fragmented, controls vary by workflow, and evidence is assembled manually.
How it works in 90 seconds
Example workflow: a sales manager asks the AI assistant to draft a customer proposal. The request follows this exact path every time.
1. Request enters gateway
The proposal request reaches PalmerAI first, not the model directly.
2. Policy checks run
Rules check sensitivity, customer context, and action type.
3. Decision is assigned
The request is marked allow, approval required, or block.
4. Approval step (if needed)
If risk is high, a named approver reviews and accepts or rejects.
5. Execution + evidence
If allowed, execution continues and the decision record is stored with timestamps and policy reference.
What it is and what it is not
This is an operational control layer: clear outcomes, explicit actions, and evidence you can review.
What it is
- A gateway layer that checks policy before AI execution
- Approval and operator controls for higher-risk requests
- Evidence outputs readable by security, compliance, and procurement
- Operational controls: safe mode, emergency stop, and freeze windows
What it is not
- Not a replacement for internal governance ownership
- Not blanket content retention by default
- Not a shortcut around approval and accountability
- Not a replacement for your existing security stack
Live control plane
Designed for daily operations: clear status, clear actions, and clear records.
- You can see each request, rule path, and decision state.
- You can trigger safe mode, emergency stop, and freeze controls quickly.
- You can export concise evidence rows for leadership and audit.
Policy + approvals
Approval rules are explicit and mapped to real request risk.
Incident posture
Safe mode and emergency stop are available for urgent response windows.
Reporting
Create concise evidence summaries for review and escalation threads.
Need to see the output format? Open the proof summary and review a sample row.
Pilot (30 days)
A structured 30-day pilot with a clear go or no-go decision at the end.
Scope
- One primary AI workflow
- Named success criteria
- Defined policy and approval boundaries
Deliverables
- Operational policy set
- Approval and incident controls configured
- Evidence summary pack for internal review
Outcome
- Measured governance baseline
- Risk and effort clarity before scale-up
- Decision support for procurement and leadership
Pricing preview
Clear entry points for planning, pilot delivery, and managed operation.
Implementation carry-over:
Pilot setup carries into Managed tiers to avoid re-implementation overhead.
Planning Sprint
5-day planning engagement to define scope, controls, and success criteria.
What you get
- Risk assessment of current AI usage
- Success metrics and KPIs
- Pilot scope and timeline
- Initial governance policy draft
Pilot
30-day pilot for one use case with approval flow and evidence outputs.
What you get
- One primary AI workflow governed
- Approval rules and policy enforcement
- Evidence pack at end of pilot
- One review session at day 30
Pilot Plus
Two use cases plus operating model workshop and expanded review cadence.
What you get
- Two governed workflows
- Governance operating model workshop (4 hours)
- Evidence pack + two review sessions
Managed Essentials
- 1 governed AI use case
- Monthly audit reports
- Support up to 2h/month
- 1 policy review per month
Excludes SSO/SIEM integration and 24/7 support.
Details on full pricingManaged Professional
- Up to 3 governed AI use cases
- Weekly audit reports
- Support up to 4h/month
- 3 policy reviews per month
Excludes SSO/SIEM integration and 24/7 support.
Details on full pricingManaged Enterprise
- Up to 5 governed AI use cases
- Weekly audit reports
- Support up to 8h/month
- 6 policy reviews per month
Excludes on-prem and 24/7 support unless custom scoped.
Details on full pricingProcurement-friendly by default
Fixed-scope options, explicit deliverables, and clear boundaries on what is included.
- No tracking cookies by default
- Scope-first engagement model
- Evidence outputs aligned to review workflows
Why simple wins
Control systems fail when they are hard to understand under pressure. We optimize for clear controls and fast comprehension.
- Predictable guard paths
- Operational playbooks over abstract messaging
- Small secure changes that stand up in review
Use cases
Security
Control high-risk requests and enforce approval gates for sensitive actions.
Compliance
Keep review-ready evidence summaries for policy and audit checks.
IT / Operations
Use safe mode, emergency stop, and deploy freeze during incident windows.
Product
Ship AI features with a stable control model and clear accountability.
Audit reports and proof packs
Reports are built for operational reviews and leadership escalation.
- One concise row that decision-makers can read quickly.
- Policy-linked evidence for procurement and compliance review.
- A complete timeline for post-incident reconstruction.
- Request ID + decision state
- Policy reference + operator actions
- Timestamp trail and export context
Sample summary row
| Field | Example |
|---|---|
| Request ID | req_9f3c...a12b |
| Decision | approval required |
| Policy | pol_7b2e...d91f |
| Timestamp | 2026-01-14T16:42:19Z |
Security controls
Security is handled as day-to-day operations: access boundaries, incident controls, and evidence continuity.
- Explicit authorization boundaries by route and role.
- Emergency controls for live incident response.
- Compact security evidence for risk owners and procurement.
Access boundaries
Admin and operator routes are separated and checked explicitly.
Operational controls
Emergency stop, safe mode, and deploy freeze support incident response.
Data posture
No blanket content retention by default; storage behavior is scope-dependent.
What is an AI Gateway?
A control layer that applies policy checks to AI requests and records decision metadata before execution.
Planning Sprint vs Pilot: what is the difference?
The Planning Sprint is for planning and de-risking. The Pilot delivers a working control layer for a real use case.
What triggers approval?
Policy rules define which requests require approval based on risk and scope.
What do you log?
Decision metadata such as request ID, decision, policy reference, and timestamps. Content storage depends on deployment scope.
What do you need from us?
A defined use case, success criteria, and a point of contact for approvals and policy review.
Timeline and typical pilot scope?
A 30-day pilot with one or two use cases and a clear go/no-go decision.
Ready to evaluate controlled AI in 30 days?
Start with a 5-day planning sprint or move directly to a pilot.