Manifold Foundry
Durable software infrastructure for structured operational systems.
We build the software backbone for operators in structured, regulated environments — multi-tenant platforms with strict data isolation, full audit trails, and architecture designed for compliance requirements. Built for organizations that answer to regulators — not just customers.
What we build
Herbert
A single system of record spanning cultivation, inventory, fulfillment, wholesale, logistics, and procurement. Built for multi-facility, multi-state operations.
Learn more →Argus
Facility surveillance and physical security management. Camera streams, recorded playback, event detection, and tiered access control with comprehensive audit logging.
Learn more →DeepField
Research initiative exploring semantic manifolds, structured computation, and event topology in operational systems.
Learn more →Security & Data Integrity
These are not aspirational goals. They are operational commitments embedded in the architecture of every system we ship.
Multi-tenant isolation
Every query is scoped by organization. Row-level security policies are enforced at the database layer, not the application layer. Tenants cannot access each other's data by construction.
Role-based and attribute-based access control
Four-tier permission hierarchies (VIEW, REVIEW, EXPORT, ADMIN), per-app access grants, facility-scoped device registration, and organization-level admin controls. Access is granted per resource, not globally.
Encryption at rest and in transit
TLS 1.3 for all data in transit. Encrypted storage for credentials, device tokens (SHA-256 hashed), and sensitive configuration. No plaintext secrets in the data layer.
Least privilege
API keys, device tokens, and user sessions are scoped to the minimum access required. Provisioning codes are single-use with one-hour expiry. Edge gateways use outbound-only connectivity.
Audit logging
All access to sensitive resources — camera feeds, data exports, permission changes, authentication events — is logged with user identity, timestamp, IP address, and user agent. Logs are immutable and queryable.
Incident response posture
Session revocation, device token invalidation, and gateway access revocation are available as immediate response actions. We maintain the tooling to isolate and contain without operational disruption.
We do not sell, share, or monetize customer data. Your operational data exists to serve your operation. It is not a product, a training set, or a revenue stream.
Designed for Regulated Environments
Our systems are architected to support compliance requirements in regulated industries. Where authorized, the platform supports integration with external tracking and reporting systems through configurable, authorization-based connectors.
The architecture adapts to per-market regulatory variation without forking the core system. Timezone-aware date handling, facility-scoped credentials, and marketplace-level configuration are built into the data model.
Read our compliance approach →If you operate in a regulated market and need infrastructure you can trust, we'd welcome the conversation.