Skip to content
RebelCore Docs

Welcome to RebelCore

Private AI for regulated work. RebelCore keeps your data in your region, governs every prompt, and audits every answer — so your team can use AI without explaining themselves to legal.

These docs cover the surfaces above that promise: how data flows in, how it’s curated, how the agent answers questions over it without leaking, and how administrators evidence the controls to auditors and regulators. The full nav is on the left; the cards below are the fast lane.

What the platform does for you

Data residency GDPR- and DORA-aligned residency, enforced per customer. Pick your region; data, audit, and Cosmos chain all stay there.
PII masking Names, emails, IDs and sensitive fields are redacted before any model sees them. A leak scanner re-checks every answer.
Audience curation Per-user roles & boolean permissions decide who can see which dataset. No shared back-doors, no implicit admin tiers.
GDPR + EU AI Act DPO & Security Officer roles, immutable audit chain, prompt-level risk classification — built in, not bolted on.
3 exposure tiers Full, Limited, or Advisory-only — set per dataset at module-build time, enforced live on every prompt the agent runs.
Medallion curation Bronze → Silver → Gold → Inference. The agent only ever sees Gold; every promotion between tiers is logged.
Human-in-the-loop Sensitive sessions are paused for admin review before continuing — DPO / Security Officer can resume, message, or stop a user.
Cited transparency Every answer links back to the source rows it used. No hand-waving, no hallucinated figures, an immutable trail per prompt.

How it all fits together

It starts with your data and ends with an answer your team can defend. Three concerns sit between the two:

1. Your data, in your region

Every customer gets their own tenant — its own database, its own storage, its own audit chain — pinned to the region you pick. Data never moves out of that boundary, and the platform’s residency controls are designed to satisfy GDPR and DORA out of the box.

2. Governed end-to-end

The moment data enters the system it’s under governance:

  • PII redacted before any model ever sees it — names, emails, IDs, account numbers; a leak scanner re-checks every answer before it lands back in the chat.
  • Risk classification on every prompt — sensitive sessions pause for review by a DPO or Security Officer who can allow, message, or stop the user.
  • Immutable audit chain — every prompt, every redaction, every reasoning step, every source cited, written once and queryable forever.

3. Scoped to the right audience

Data is only useful when the right people can ask the right questions about it. RebelCore decides that explicitly:

  • Per-user roles and permissions — boolean flags, no shared back-doors, no implicit admin tiers.
  • Three exposure tiers per datasetFull, Limited, Advisory-only — set at module-build time and enforced live on every prompt the agent runs.
  • Audience curation — analysts only see the datasets they’ve been granted access to; administrators only see the surfaces they need to administer.

And the agent answers within that envelope

The RebelCore Agent operates only on the data each user is permitted to see, at the exposure tier each dataset carries, with PII masked, and the whole exchange dropped into the audit trail. There’s no path around the governance layer because the agent doesn’t have one.

How the data is shaped along the way

Under all of this sits the Medallion architecture — your data flows through four curation stages, each cleaner than the last:

Bronze ──► Silver ──► Gold ──► Inference
(raw)      (cleansed)  (curated)  (agent)

The agent only ever sees the Gold tier; bronze and silver stay accessible only to the small group of operators who handle raw files. The medallion is the how — data, governance and audience curation are the what.

→ Read more: Governance & access

Get started in five minutes

Sign in Invite link, two-factor (TOTP / email-OTP), lockout policy, forgot-password — the full sign-in flow.
Your workspace The header, the sidebar, where the day-to-day actions live.
Import your first dataset From uploading a CSV to landing a curated, labelled dataset ready for the Tree.
Prompt the agent Sessions, the audit panel, citations, and how exposure tiers shape every answer.

For administrators

Managing users Invite flow, resend, lockouts, two-factor reset — the whole user-admin surface.
Roles & permissions The boolean permission model — what each flag controls, plus the three system roles.
Audit The MCP-tree view — every prompt's reasoning trace, masked or unmasked at the operator's choice.
Activity Append-only event feed for every action across the platform. CSV export for full-history extracts.

Integrate

API users Machine credentials for the public-API gateway — separate from portal users, rotatable, scoped to one customer.
POST /authorize Exchange an API user's secret for a short-lived bearer token.
POST /infer The agent's inference endpoint — bring your prompt, get a cited, governance-respecting answer.