Service Description
This page describes what Pretorin is, the data it processes, the split of responsibilities between Pretorin and you, and how to get support or report a security concern. For a feature-level tour, see the Introduction.
Beta — Pretorin is currently in closed beta. Framework and control browsing works for authenticated users. Platform write features (evidence, narratives, monitoring) require a beta code. Sign up for early access.
What Pretorin Is
Pretorin is an AI-assisted compliance platform. It gives developers and AI agents direct access to compliance framework data, implementation context, and evidence workflows across 27 frameworks and profiles (NIST 800-53, NIST 800-171, FedRAMP, CMMC, and more). The primary surfaces are the Pretorin CLI, the MCP server, and skill-driven agent workflows, all backed by the hosted Pretorin platform API.
Intended users are compliance and security engineers, GRC teams, and the AI agents they operate on their behalf. See What You Can Do for the full capability list.
Types of Data Processed
Pretorin handles the following categories of data. Sensitivity is a general guide; treat all account-scoped data as confidential to your organization.
| Data category | Description | Sensitivity |
|---|---|---|
| Compliance framework data | Control catalogs, baselines, crosswalks, and AI guidance for supported frameworks. Not customer-specific. | Public / reference |
| Uploaded evidence files | Files you upload as evidence for controls (documents, screenshots, exports, scan output). | Customer-confidential |
| Implementation narratives | Control implementation text you draft, generate, or push. | Customer-confidential |
| Vendor documents & assessments | Third-party vendor documents and assessment records you upload or manage. | Customer-confidential |
| System & scope metadata | System descriptions, asset inventory, scope and policy questionnaire answers. | Customer-confidential |
| Account & authentication data | API tokens, user identity, and session data used to authenticate to the platform. | Sensitive |
Account-scoped data is authenticated and governed by the applicable platform
terms in addition to the open-source license for the CLI and MCP code in this
repository. The CLI and the MCP server are thin wrappers over the platform API
— in bring-your-own-agent mode (pretorin mcp-serve), no LLM runs inside
Pretorin; your local agent performs the reasoning. See
Architecture.
Shared Responsibilities
Compliance outcomes depend on both Pretorin and you. This is a summary of the split; it is not a substitute for the applicable platform terms and account agreements.
Pretorin is responsible for:
- Operating and maintaining the hosted platform, API, and CLI/MCP tooling.
- Storing your account-scoped data and controlling access to it via authentication.
- Serving accurate compliance framework reference data and keeping it current.
You are responsible for:
- The accuracy and completeness of evidence, narratives, and other data you upload or generate.
- Managing your own API tokens and user access, including who in your organization can act on your account.
- Reviewing and approving AI-generated output (narratives, gap analyses, and compliance artifacts) before relying on it for an audit or authorization decision.
- Determining whether a given framework, baseline, or control interpretation is appropriate for your system and obligations.
Support and Reporting a Concern
General support and questions — email support@pretorin.com. For bugs and feature requests in the CLI or MCP tooling, use the GitHub issue tracker.
Reporting a security concern — if you believe you have found a security vulnerability or have a security concern about the platform, email support@pretorin.com with the details. Please do not disclose a suspected vulnerability publicly (including in a GitHub issue) until it has been reviewed and addressed.