1. Source ingestion
Aeacus monitors selected public regulatory sources, connector outputs, and source catalogs. Ingestion is bounded to known source adapters and does not imply every possible authority has been captured.
Cannabis regulatory counsel design-partner pilot
Aeacus is in controlled design-partner mode. This page is the honest current posture for law-firm pilot conversations: how source-grounded work product is assembled, what controls exist now, what is explicitly not being claimed, and what must be agreed before confidential client material is used.
Methodology
This is a public explanation of the current design-partner workflow, not a certification report. It is meant to help counsel evaluate how Aeacus turns public regulatory sources into reviewable work product.
Aeacus monitors selected public regulatory sources, connector outputs, and source catalogs. Ingestion is bounded to known source adapters and does not imply every possible authority has been captured.
Each captured source version preserves source metadata, retrieval timing, and snapshot context so later work can point back to the version reviewed instead of an undated web page.
Source text is chunked for retrieval, then assembled into cited answers, memos, alerts, matrices, and packets. Citations are review aids, not guarantees that every applicable authority has been exhausted.
Freshness dates and detected changes help counsel distinguish current source context, stale records, proposal-stage material, and items that need follow-up review.
Aeacus drafts and organizes source-grounded work product, but attorney review is required before client use or operator handoff. Counsel remains responsible for legal conclusions and client advice.
Pilot work starts from public or anonymized scenarios unless a design partner separately agrees confidential-data handling, retention, export, and deletion terms in writing.
Buyer comparison
Cannabis regulatory counsel will compare Aeacus against broad legal AI, horizontal RegTech, and cannabis operator systems. Aeacus is not trying to replace all-law research databases, GRC suites, POS, ERP, or state traceability systems. The wedge is source-grounded legal/regulatory work product and evidence handoff for regulated-vertical matters.
Harvey, Legora, CoCounsel, Lexis+, Vincent
Can this produce reviewable legal work product with trusted sources?
Aeacus focuses on cannabis regulatory counsel workflows: matter-scoped answers, memos, alerts, matrices, source-version citations, and attorney-reviewed client packets.
Live/beta: cited matter outputs, sample packet, Source Vault grounding, citation-validation evals.
FiscalNote, Regology, CUBE, Compliance.ai, Ascent
Can this monitor regulatory change, explain impact, and create an audit trail?
Aeacus narrows the RegTech pattern to regulated-vertical source monitoring, source freshness, change impact, operator obligations, and counsel/operator handoff evidence.
Live/beta: Source Vault status, durable monitor foundation, change-impact workflow; broader source coverage remains in development.
Simplifya, Distru, Metrc/BioTrack, Dutchie/Greenbits, Canix, age/license verification vendors
Does this replace POS, ERP, traceability, or audits?
No. Aeacus is the legal/regulatory evidence and decision-support layer across packages, facilities, licenses, obligations, and operator-system records.
Live/beta: packaging review records and evidence memos; planned: read-only commerce/traceability evidence integrations before any write/blocking automation.
Source coverage
This is the current public-beta coverage posture for cannabis counsel conversations. It is intentionally conservative: live/beta means the source category exists in current workflows or deterministic evals; fixture/demo means useful for regression or examples only; planned means not a current guarantee. This is not a claim of exhaustive national cannabis coverage.
Sources that are represented in current Source Vault, monitor, eval, or sample-packet workflows. Availability still depends on source-specific retrieval health and counsel review.
Rows used for deterministic demos or regression coverage, not marketed as live monitored jurisdiction breadth.
coverage expands source-by-source after counsel validates authority priority, update cadence, and pilot relevance.
Current baseline, not certification
This compact baseline answers the first-pass law-firm diligence questions for a design-partner pilot. It separates current controls from terms or roadmap items that require written agreement before confidential client material is used.
Current control: Vercel-hosted Next.js application with Supabase Postgres and Storage for product data and source artifacts.
Design-partner term or roadmap item: firm-specific hosting, private networking, and data-residency terms are not guaranteed without a signed pilot addendum.
Current control: TLS in transit for public HTTPS traffic and Supabase-managed encryption at rest for database/storage services.
Design-partner term or roadmap item: customer-managed keys and formal cryptographic attestation are not claimed today.
Current control: invite-only workspace access, Supabase-authenticated sessions, role-based product permissions, and workspace-scoped matter/work-output access.
Design-partner term or roadmap item: per-firm access matrix and least-privilege reviewer roster are agreed before confidential use.
Current control: pilot access is invite-gated; MFA and enterprise SSO are not marketed as live contractual controls.
Design-partner term or roadmap item: SAML/OIDC SSO and required MFA policies should be scoped before broader law-firm rollout.
Current control: Anthropic and Voyage AI may process prompts, generations, embeddings, or reranking inputs for enabled workflows; Supabase and Vercel provide core application infrastructure.
Design-partner term or roadmap item: subprocessor list, model-routing boundaries, and any zero-retention terms must be documented in the pilot agreement.
Current control: No model training on pilot data without written approval; public/anonymized scenarios are preferred until confidential-data terms are set.
Design-partner term or roadmap item: confidential-data use, prompt logging, and model-provider retention terms need written confirmation before production use.
Current control: design partners should agree retention, deletion, and export expectations before confidential client material is used; sample artifacts are public/non-confidential.
Design-partner term or roadmap item: automated retention windows, deletion SLA, and export packaging format remain pilot-scoped terms.
Current control: product workflows preserve source-version citations, work-output lifecycle state, and review/audit-trail context where implemented.
Design-partner term or roadmap item: firm-facing audit log exports and SIEM integrations are not claimed as current guarantees.
Current control: security and pilot incident reports should be sent to contact@aeacus.ai with affected workspace, timeframe, and artifact details.
Design-partner term or roadmap item: formal incident response SLA, DPA, insurance, and breach-notice terms require a signed agreement.
We do not claim SOC 2 or ISO certification yet. This posture is not a production security attestation, penetration-test report, insurance representation, or substitute for a firm security review. Aeacus does not make autonomous legal determinations or live checkout-blocking decisions.
The current trust baseline is deterministic and source-backed. It is designed to catch regressions in source retrieval, quote validation, answer caveats, and hallucination guardrails before a design-partner demo—not to support a public accuracy marketing claim.