The Pilot

21 days.
By invitation.

We accept four to six pilots per quarter. Every pilot has a signed scope, signed success criteria, and ends with a real evidence pack reviewed by your legal and compliance leads. There is no free trial.

Request invitation →

What the 21 days
actually look like.

01
Day 0 · Scoping call

Thirty minutes. We agree which AI surfaces are in scope, which policies fire, and what success looks like at day 21. You leave with a signed scope and signed success criteria.

02
Day 1–7 · Deployment

Colloxa is connected to the chosen surfaces and policies are configured against your jurisdiction. By day 7 you see real decisions being made and recorded.

03
Day 7–21 · Operate

Two weeks of governed activity. Every decision captured continuously. A mid-pilot review with your committee on day 14 confirms course or adjusts scope.

04
Day 21 · Evidence pack

Signed. Exportable. Mapped to your jurisdictional obligations. Reviewed with legal, compliance, and procurement together. Production decision next.

Who the pilot is
built for.

Yes
  • Regulated organisations, 500–10,000 employees
  • POPIA, NDPR, Kenya DPA, Rwanda DPL, or GDPR obligations
  • Active AI usage your committee cannot fully see
  • Legal, compliance, or procurement at the table
  • A named point of contact in legal or risk
Not yet
  • Pre-revenue startups without regulatory exposure
  • Organisations with no AI usage in production
  • Security-only buyers without legal in the room
  • Anyone looking for a free self-serve trial

Before the pilot:
a written architecture review.

Forty-five minutes. We assess your current AI control architecture against POPIA, GDPR, and your sector framework. You leave with a written assessment of where your committee is exposed and what to fix first. Not a sales follow-up.

Request Architecture Review →
FAQ

Due diligence
topics.

Common diligence questions on governance execution, evidence quality, and operating boundaries. For deeper detail, request a scoped architecture review.

Request Architecture Review
The pilot
Day-one pilot targets include ChatGPT, Claude, Gemini, Microsoft 365 Copilot, the OpenAI and Anthropic APIs, and internal LLM endpoints. Bedrock, Vertex AI, agent frameworks (LangGraph, AutoGen, Crew.ai), IDE assistants, and vector / retrieval hooks are on the H2 2026 roadmap. Surface coverage is scoped per pilot.
Access and data handling
No. Colloxa has no standing access to customer prompt data. Full content logging is opt-in and off by default. Internal access requires approval and creates an auditable record.
No. Inspection scope is limited to configured AI endpoints, not all internet traffic. Non-AI destinations are outside inspection scope. Scope can be narrowed further at any time.
Deployment and operations
Colloxa supports fail-open and fail-closed modes, based on your requirements. Availability targets and architecture commitments are defined in your service agreement.
Yes. Design-partner customers can choose South Africa data residency for in-scope data. Private cloud and on-premise options are also available for higher-sensitivity requirements; specifics are confirmed during pilot scoping.
Unmanaged personal devices are outside inspection scope. Colloxa inspects devices enrolled in your corporate MDM. We can surface this gap, but we cannot enforce policy on unmanaged hardware.
The standard motion is a 21-day governance execution pilot with signed scope and success criteria. Production deployment timing after a pilot depends on channel scope, integrations, and workflow design.
Security posture
Colloxa runs regular third-party penetration tests and enforces least-privilege access with MFA. SOC 2 Type II is targeted for Q4 2026; SOC 2 Type I posture materials and a current security questionnaire are available on request under NDA.
Stage and disclosure
Marketing claims are governed by an internal claims hierarchy that separates legal-grade, diligence-grade, and public-marketing-grade statements. Anything labelled 'pilot-priority', 'in design with partners', 'scoped per pilot', 'targeted', or 'on the roadmap' is forward-looking and confirmed only inside a signed engagement.

Request invitation.

One short conversation. We will tell you honestly whether the pilot fits your environment, or whether to come back in a quarter.

Request invitation →Back to home