Security Posture
Engineered, not bolted on.
Metadata Minder is built by Rietta, Inc. — a security-first software firm that has been securing custom web applications for high-stakes environments since 1999. Security is not a configuration option in this platform. It is the architecture.
The pillars
Six commitments your CIO can verify.
Fully on-premises via Docker
The entire pipeline runs inside containers on your own hardware. No SaaS dependency, no callback URLs, no upstream telemetry.
Local AI via Ollama
Inference runs on local models. Document content never leaves your network for an external LLM provider — period.
AWS GovCloud option
For agencies standardized on AWS GovCloud, Metadata Minder deploys natively into your existing FedRAMP-aligned environment.
Containerized CI/CD discipline
Inherited directly from Rietta's appsec practice — the same containerized build process runs on developer systems, in CI, and in production.
Supply-chain vulnerability management
Third-party dependencies are tracked, patched, and re-released on a schedule designed to outrun disclosed CVEs — not chase them.
Zero external data transfer
Your documents stay in your perimeter. By default. By design. No exceptions documented in fine print.
Data flow
Your documents never cross the perimeter.
A single bounded environment. Documents enter the discovery pipeline, are normalized, are analyzed by a local LLM, and surface in the dashboard — entirely inside your controlled infrastructure.
Your Controlled Infrastructure
Document Archive
PDFs · Office · WPD · OCR
Normalization
LibreOffice · pdftotext · Tesseract
Local LLM
Ollama · on-host inference
Findings Dashboard
RBAC · audit log · export
↑ All traffic above stays inside your network.
↓ No outbound calls to external AI providers.
Built on Rietta's appsec discipline
The same security practice that protects HIPAA-covered SaaS and government web applications.
Rietta has spent over two decades patching production systems within hours of disclosed vulnerabilities — a 4-hour CVE patch cycle vs. the 43-day industry median, per Verizon's 2026 DBIR. That practice is the foundation under Metadata Minder.
Existing Code Security Review
Beyond automated scans — security-oriented code review with prioritized remediation against your existing development practices.
Containerized CI/CD
The same build process runs on developer machines, in continuous testing, and in continuous deployment. Reproducibility is the foundation of patchability.
Continuous Blue Team
A standing partnership with your developers to systematically improve security and maintainability of custom software over time.
Next step
Bring your security team into the briefing.
We expect tough questions. We're happy to walk through the architecture, the threat model, and the deployment options with your CIO and CISO directly.