Autonomy you can
actually govern.
Regor acts on your storefront on its own. That only works if oversight is built in, not bolted on. This page describes how we keep autonomous change accountable, and how Regor is governed as a company.
Six principles behind every change
You set the autonomy level
Four levels, from observe-only to full autopilot. You decide how much Cortex does on its own and change it anytime.
Propose then approve
Changes are proposed and wait for your approval unless you enable low-risk auto-approval. High-impact changes are always held for review.
Full audit trail
Every autonomous action is logged with a forward and revert diff. See what changed, why, and when.
Always reversible
Every executed change carries one-click rollback. Nothing Cortex does is permanent.
Least privilege by default
Cortex operates with the minimum access required, scoped to the areas your provider does not actively manage.
Human accountability
Autonomy never means anonymity. A person owns every policy, and the system answers to the oversight rules you set.
How control works
You choose where Cortex sits on this scale, per agent, and move it up or down whenever you want.
Observe only
Cortex watches and reports. It proposes nothing and changes nothing.
Approve every change
Cortex proposes optimizations. Nothing reaches your storefront until you approve it.
Auto-approve low risk
Low-risk changes apply automatically. High-impact changes wait for your review.
Full autopilot
Cortex operates continuously within your guardrails, with everything logged and reversible.
How Regor is run
Legal entity
The Regor platform is operated by Regor AI LLC, a limited liability company formed in Wyoming, United States. "Regor" is the product and marketing name. "Regor AI LLC" is the contracting entity used in legal and postal contexts.
Structure and oversight
Regor is a small, founder-led company, operated independently. Accountability for decision-making, security, and data handling sits with a named owner rather than being diffused across layers, which keeps response times short. Access provisioning, offboarding, and separation-of-duties procedures are documented and enforced as the team grows.
Compliance commitments
- GDPR and CCPA/CPRA aligned, with a Data Processing Agreement available
- A documented security program covering encryption, access control, and incident response
- Sub-processor governance with 30-day advance notice of changes
- SOC 2 Type II preparation in progress, with ISO 27001 planned
Responsible data use
We collect the minimum data needed to operate product discovery. We do not sell customer data, and we do not use customer data to train shared models. Customers can export or delete their data at any time. Full detail lives in our Privacy Policy, DPA, and Trust & Transparency pages.
Contact
Governance, security, or compliance questions can be sent to security@regor.ai.
Free storefront audit. No credit card required.