◆ Trust & AI Governance

The AI lives inside the rules.

Most AI tools bolt a chatbot on top of an app. Nahla is the other way around — the data model, the engines, and the permissions came first. The AI sits on top of all three, and cannot reach outside them.

Three layers · one architecture
Layer 1 · Foundation What lives here
Reads: .XER .MPP .ZIP plain English
◆ The Allowlist

What the AI is allowed to do.

The boundary is in code — not in a prompt. The AI has a fixed list of tools, and every call is logged before it commits.

Auto-apply

Apply & log instantly
  • Add predecessor / successor links
  • Fix lags & lead constraints
  • Set or update task progress
  • Assign resources from your library
  • Run CPM / DCMA-14 / EVM
Suggest only

Show, wait for approval
  • Resource leveling proposals
  • Critical path acceleration plans
  • Calendar & working-time changes
  • WBS restructuring
  • Bulk re-link or de-link suggestions
Hard no

Never, ever
  • Delete projects or activities
  • Modify baselines
  • Change billing or seats
  • Touch the file system or DB directly
  • Reach outside its tool allowlist
◆ Agents

Agents propose. You approve. Always.

Every agent — including the scheduled ones that run in the background — only proposes. Nothing reaches your schedule, and no email reaches a subcontractor, until you approve it.

Propose-only by design

Chat and background agents draft typed proposals. The only way a change lands in your schedule is your explicit approval — through the same single, audited write path.

No autonomous sends

Progress Collection and Weekly Report draft into your inbox. Emails go out only when you approve them, and only to the recipients you choose — never automatically.

Same guardrails

Agents use the same audited tool allowlist as the AI rail. Deterministic engines compute every number; baselines stay read-only; every action is logged.

◆ Audit Trail

Every AI action is logged. Every change is revertible.

Every tool the AI invokes is stamped with the user, the activity, the before/after values, and the time. Export the log as CSV for your claim file or compliance review.

AI Audit Log commercial-bldg-2026 · last 5 events
TimestampUserToolChangeStatusAction
16 May · 14:02 @waqas add_link IM.2.3 → IM.2.4 · FS · lag 2d applied ↶ revert
16 May · 14:01 @waqas set_duration IM.2.2 Steel Erection · 21d → 16d applied ↶ revert
16 May · 13:58 @waqas level_resources Foundation Crew · shift May 15–28 → Jun 3–7 applied ↶ revert
16 May · 13:55 @waqas run_cpm Recalculated · 247 activities · 4 changed applied ↶ revert
16 May · 13:51 @waqas dcma_check 14-point check · 11 pass / 2 warn / 1 fail read-only
50-step undo history · Ctrl+Z reverts the AI's last action · every revert is logged too.
◆ Compliance & Infrastructure

Built on the standards enterprise buys.

Hosted on enterprise-grade cloud infrastructure, region-locked, tenant-isolated, encrypted end-to-end. Our AI provider runs under enterprise zero-retention.

Enterprise cloud foundation ISO 27001 · SOC 1/2/3 · PCI DSS L1 · HIPAA-eligible · FedRAMP. Annually 3rd-party audited.
Encrypted end-to-end All project data is encrypted at rest and in transit. Signed upload URLs on every file.
Enterprise cloud hosting Hosted on protected enterprise cloud infrastructure. Region-locked, tenant-isolated, fully managed.
No AI training by default Your schedules, costs & resources are never used to train models — unless you opt in.
Zero retention on AI prompts Conversations aren't stored, logged, or used for training by our AI provider.
Per-tenant isolation Strict boundaries between accounts. Every request authenticated and access-checked.
50-step undo history Ctrl+Z reverts the AI's last action. Every revert is logged too.
Export everything XER · CSV · PDF · audit log. One click to delete the account — GDPR aligned.
◆ Your Data Rights

Your data is yours. Always.

No training. No selling. No reselling. Delete on demand — including the audit trail.

01 — STRUCTURE

Typed data model

Tasks, links, calendars, resources and baselines all have strict schemas. The AI cannot invent fields. Validation runs before any change is committed — and baselines are read-only to the AI.

02 — GOVERNANCE

Deterministic engines

CPM, DCMA-14 and EVM are exact algorithms — not language-model guesses. The AI asks the engines for results, then quotes the numbers verbatim. Same input, same answer, every time.

03 — PRIVACY

Your schedule never leaves your tenant

With a generic chatbot you'd have to paste your whole schedule into a public chat — tasks, costs, resources, the lot — and that becomes someone else's training data. With Nahla, the schedule stays inside your isolated workspace. By default, nothing is used to train any model. If you choose to opt in to help improve Nahla, you're in control and can opt back out at any time.

04 — PORTABILITY

Export & delete in one click

Full XER / MPP / CSV / PDF export at any time, including the AI audit log. One click wipes your projects, history and account. GDPR-aligned.

Want the full security deck?

We'll send you the architecture diagram, AWS shared-responsibility matrix, SOC report letters, and our DPA template.

Request the security pack → Read our DPA