Skip to Content

FAQ

Common security, trust and product questions about Nairo.

General

What is Nairo?

Nairo is an AI workspace for insurance teams to review documents, work with uploaded materials and support expert review.

It helps users analyse materials, run repeatable review tasks and prepare draft outputs for human review.

See Introduction to Nairo.

Who is Nairo for?

Nairo is designed for insurance teams such as underwriting teams, claims teams, MGAs, brokers, agencies, carriers and audit or compliance teams.

Does Nairo make autonomous decisions?

No.

Nairo is decision support software. Important insurance decisions remain with qualified human experts.

Nairo does not autonomously accept, decline, bind, pay or deny insurance decisions.

See AI Usage and Human Review.

Security and data

How is my data isolated from other customers?

Each customer operates in a tenant-scoped workspace.

Workspace context is resolved through tenant or workspace identity, and tenant-aware backend services apply tenant context before executing workspace operations.

Nairo also uses schema-based tenant data separation for tenant-aware backend services.

See Tenant Isolation.

How are documents uploaded?

Documents are uploaded into the workspace for use across supported surfaces such as Library, Projects, Experts, Actions and Insight Table.

Where supported, uploads use signed URLs. Uploaded files are stored in Google Cloud Storage and may then enter asynchronous processing for extraction, parsing, chunking, embedding or AI-assisted review.

See Data Handling.

Where are uploaded files stored?

Uploaded files are stored in Google Cloud Storage.

Document metadata and related workspace records are stored in Nairo’s backend systems.

Specific deployment, region and contractual commitments should be confirmed in the applicable agreement and security materials.

See Data Handling and Subprocessors.

Is data encrypted?

Nairo includes application-level encryption capabilities for selected sensitive value stores where configured.

Where enabled for those selected stores, encryption uses AES-256-GCM.

This should not be interpreted as universal field-level encryption across every database table, document, metadata field or product surface.

Broader encryption controls, including transport-layer security and storage-level encryption, depend on deployment infrastructure, cloud configuration and contractual commitments.

See Data Handling.

Do you support customer-managed encryption keys?

Not as a self-serve capability in the current application UI.

If your organisation requires customer-managed keys, bring-your-own-key or specific key management controls, discuss this with Nairo before rollout.

Can I configure data retention policies?

Not in the application UI today.

Retention is governed by platform practices, contractual terms and applicable legal or regulatory requirements.

See Data Retention.

Can I configure data residency by customer?

Not as a self-serve capability in the current application UI.

Deployment region, hosting setup and data residency requirements should be confirmed contractually with Nairo.

Who are Nairo’s subprocessors?

Nairo uses third-party services for authentication, storage, document processing, AI processing, infrastructure and optional web search where enabled.

See Subprocessors and request the binding contractual subprocessor list from your Nairo account team.

AI

Is AI used in all Nairo features?

AI supports analysis across Assistant, Projects, Experts, Actions and Insight Table.

The way AI is used differs by surface and configuration.

See Core Concepts and AI Usage and Human Review.

Are AI outputs always correct?

No.

AI outputs can be incomplete, incorrect or based on the wrong context. All AI outputs should be reviewed by a qualified human before use in business-critical decisions.

Is my data used to train AI models?

Nairo does not use customer workspace data to train public foundation models unless expressly agreed.

Third-party model processing depends on the configured provider, deployment setup and contractual terms.

Customers should confirm model provider terms, data processing terms and no-training commitments in their agreement with Nairo before using sensitive materials.

Which model providers does Nairo use?

Nairo currently uses Gemini-family models for generative AI features.

Backend deployments can use Gemini through Vertex AI or Gemini API configuration, depending on the deployment setup.

See Model Providers.

Can I choose which model is used?

Where model selection is available, users can choose from the models exposed in that surface.

Assistant users can change the model during a conversation where model selection is enabled.

Workspace-wide model policy configuration is not available through the customer-facing admin UI today.

See Model Providers.

Are all AI calls backend-managed?

No.

In the current implementation:

  • Assistant uses backend-managed model execution
  • Projects use backend-managed model execution for the Project Assistant
  • Insight Table execution is backend-managed
  • Experts and Actions may use client-side Gemini calls where configured

Customers should confirm the current execution path for the surfaces they plan to use before uploading sensitive materials.

See Model Providers.

Is internet search enabled?

Internet search may be available for Assistant conversations where enabled.

It should not be assumed to be enabled globally across all product surfaces.

Customers with restrictions on external search or internet-connected AI features should confirm whether web search is enabled for their workspace.

Product

What are the main product surfaces?

The main product surfaces are:

  • Assistant
  • Projects
  • Experts
  • Actions
  • Insight Table
  • Library

See How Nairo Works.

What is the difference between Projects and Insight Table?

Projects are persistent document workspaces for focused review over a specific set of uploaded materials.

Insight Table is used for structured review across many documents using column-based prompts and comparable outputs.

See Projects and Insight Table.

What is the Library?

Library is the document repository layer in Nairo.

It stores, organises and makes uploaded materials available to supported product surfaces.

Projects can also create or use corresponding Library folders for uploaded Project materials.

See Library.

What is decision memory?

Decision memory is Nairo’s longer-term product direction to help teams preserve useful reasoning from review work.

It is not a single shipped module today.

Nairo does not currently provide a universal override registry or automatically turn every AI interaction into institutional memory.

See Decision Memory.

Can I connect external data sources?

Not through a general self-serve admin UI today.

The Library is currently the primary document source. Documents can also be uploaded through supported product surfaces.

External connectors or integrations should be discussed separately with Nairo.

See Data Sources.

Administration

How do I invite users?

Organisation administrators with user management permission can invite users from the user management page.

See Users and Roles.

Can I control user permissions?

Nairo currently supports focused admin/member-style controls and selected permissions, such as user management access.

It does not currently provide full fine-grained enterprise RBAC across every product feature through the customer-facing admin UI.

See Permissions.

Can I configure which AI models are available?

Not through a full workspace-wide customer-facing model policy UI today.

Some surfaces expose model selection to users where enabled.

See Model Providers.

Can I configure BYOK or BYOM?

Not as a self-serve capability in the current application UI.

If your organisation requires bring-your-own-key, bring-your-own-model or specific provider restrictions, discuss this with Nairo before rollout.

See Model Providers.

Does Nairo provide an immutable audit log?

Nairo maintains operational and workflow records in selected areas of the product, including some audit-style records for processing, sharing or access-related events.

Customers should not assume there is a single customer-facing immutable audit portal covering every user action and AI interaction today.

See Security Overview and Data Retention.