Is the Colloxa pilot a free trial?

No. It is a 21-day invitation-only deployment assurance pilot with signed scope and signed success criteria.

What do we receive at the end of the pilot?

A real evidence pack reviewed by your legal and compliance leads, mapped to your jurisdictional obligations, with integrity verification suitable for audit review.

Which founding markets does the pilot prioritise?

Zimbabwe (data protection and National AI Strategy context) and South Africa (POPIA). Other African and global frameworks are included only where relevant to your footprint and confirmed in signed scope.

How does the pilot relate to deployment assurance?

The 21-day pilot is the operational proof of Colloxa's deployment assurance model: use case register, customer interaction taxonomy, residency and redaction rules, approval gates, monitoring logs, security controls and a signed evidence pack reviewed by your governance committee.

21 days.
By invitation.

A controlled deployment sandbox for institutions that need AI use cases and customer interaction records registered, residency and redaction rules tested, monitoring logs captured and a signed evidence pack reviewed before production decisions.

Request invitation →View deployment assurance

HIGH / CRITICAL

ACTIVE USERS

AI TOOLS IN USE

What the 21 days
actually look like.

Day 0 · Scoping call

Forty-five minutes. We register in-scope AI use cases, agree surfaces and policies, define sandbox boundaries and success metrics for day 21. You leave with signed scope and signed success criteria aligned to your deployment assurance workflow.

Day 1–7 · Deployment

Colloxa connects to the chosen surfaces. Approval gates, risk classification and monitoring rules are configured against your primary jurisdiction. By day 7, you see real decisions being made, logged and escalated where policy requires.

Day 7–21 · Operate

Two weeks of governed activity. Drift, usage, security and anomaly logs captured continuously. A mid-pilot committee review on day 14 confirms course or adjusts scope.

Day 21 · Evidence pack

Signed. Exportable. Mapped to your jurisdictional obligations. Reviewed with Legal, Compliance, Risk and Security together. You leave the review knowing whether your AI deployment evidence is defensible before committing to production.

Sandbox-ready
by design.

The pilot is structured as a controlled deployment sandbox. It defines the users, AI surfaces, customer-record types, data boundaries, processing-location rules, approval workflow, monitoring rules, incident triggers, fallback paths and review process before the first governed interaction is recorded.

Scope

AI tools, APIs, departments and user groups included.

Controls

Policies, prompts, data restrictions, access rules and escalation paths.

Monitoring

Usage logs, anomaly detection, drift indicators, performance and incidents.

Review

Evidence pack, lessons learned, risk register updates and adoption recommendation.

Area	Example success metric
Governance coverage	100% of in-scope AI use cases and customer record types registered
Data residency	Storage location, processing location, cross-border flags and redaction status recorded
Control effectiveness	AI-readiness decisions applied: eligible, redacted, local-only, copilot-only, review, human-only or block
Monitoring	Drift, usage, failure and anomaly logs captured
Security	Prompt injection, data leakage and unauthorised access attempts logged
Fairness	Bias and local-language parity tests completed where relevant
Evidence	Final signed evidence pack reviewed by governance stakeholders

Who the pilot is built for.

Yes

Zimbabwean institutions under data protection, National AI Strategy, fintech, telecoms, mobile-money, remittance or public-sector context
South African organisations with POPIA exposure
Regulated organisations, 500–10,000 employees
Active AI usage your committee cannot see, and is accountable for anyway
Legal, compliance, risk or procurement at the table
A named point of contact in legal, risk, compliance or data protection

Not yet

Pre-revenue startups without regulatory exposure
Organisations with no AI usage in production
Security-only buyers without legal, risk or compliance in the room
Anyone looking for a free self-serve trial
Organisations expecting universal AI tool inspection across unmanaged devices

Pilot
roles.

Executive sponsor

Legal/compliance lead

Security lead

Data protection lead

Technical owner

Procurement lead

Due diligence topics.

Common diligence questions on deployment assurance, evidence quality, and operating boundaries. For deeper detail, request a scoped architecture review.

Request Architecture Review

The pilot

Pilot-priority surfaces include application and API traffic, ChatGPT Web on a managed browser path, OpenAI API, Anthropic API, Gemini API, and scoped internal LLM endpoints. Claude, Gemini, and Perplexity web are best-effort after ChatGPT. Microsoft Copilot and Microsoft 365 Copilot are partial or design-partner scope only. GitHub Copilot and IDE assistants are contained or detected-only unless a signed scope confirms the control path. Agent frameworks and cloud AI platforms are on the H2 2026 roadmap. Coverage is confirmed in your signed pilot scope. See the supported surfaces matrix.

Access and data handling

No standing access by default. Colloxa defaults to metadata-first capture: enough context to prove the decision without storing full prompt text by default. Fuller capture is opt-in per tenant under agreement. Internal access requires approval and creates an auditable record.

No. Governance applies only to AI tools and paths in your signed scope, not your full network. Scope is defined in the pilot agreement and can be narrowed at any time.

Deployment and operations

Governed paths fail closed by default: if policy, detection, or audit services cannot evaluate a request, Colloxa blocks or quarantines rather than allowing ungoverned submission. Fail-open exceptions require explicit written scope in a signed engagement.

Hosting geography and data residency are defined in signed scope, not assumed from a marketing page. Colloxa supports regional deployment models — including private cloud and on-premise options for higher-sensitivity requirements — confirmed during the 45-minute pilot scoping call.

Personal devices outside your corporate management programme are outside pilot scope. Where your organisation has authorised a control path on managed equipment, Colloxa can govern in-scope AI usage there. We document coverage gaps rather than implying universal device coverage.

The standard motion is a 21-day deployment assurance pilot with signed scope and success criteria. Production deployment timing after a pilot depends on channel scope, integrations, and workflow design.

Security posture

Colloxa runs regular third-party penetration tests and enforces least-privilege access with MFA. SOC 2 Type II is targeted for Q4 2026; current security posture materials and a security questionnaire are available on request during diligence.

Stage and disclosure

Marketing claims are governed by an internal claims hierarchy that separates legal-grade, diligence-grade, and public-marketing-grade statements. Anything labelled 'pilot-priority', 'in design with partners', 'scoped per pilot', 'targeted', or 'on the roadmap' is forward-looking and confirmed only inside a signed engagement.

Request
invitation.

One short conversation. We will tell you honestly whether the pilot fits, or whether your situation needs something different first. Either answer is useful to you.

Request invitation →Back to home

21 days.By invitation.

Colloxa governance feed demo: synthetic runtime log of Zimbabwe data protection and National AI Strategy context decisions with status, risk level, jurisdiction flags, and evidence IDs. All identities and events are fictional.

What the 21 daysactually look like.

Sandbox-readyby design.