Sovereign document intelligence · Cayman-registered, globally deployable

On-premise document AI for regulated industries.

OrcaVaults reads, summarises and extracts from your most sensitive documents on hardware that never leaves your building. Every action is recorded in a tamper-evident audit log you can defend to the Office of the Ombudsman, CIMA or your regulator.

Cayman-registered. Air-gapped by design. Aligned to the Data Protection Act (2021 Revision) and the CIMA Statement of Guidance on Outsourcing for Regulated Entities (April 2023).

Book a 30-minute briefing Download the Buyer Pack

Sovereign

Runs on your hardware in your building. No cloud round-trip. No external API. No vendor lock-in.

Auditable

Every extraction, summary and decision is signed and recorded in a tamper-evident audit log. Verifiable cryptographically.

Air-gapped

Default deployment has no outbound network connections. Verifiable by your IT team with standard tools.

Jurisdictionally aligned

Cayman-registered company. Built against Cayman law as the flagship reference. CIMA SOG-aligned. Bonfire-registered. Deployable in any jurisdiction with equivalent data-residency requirements.

Built for: DPA (2021 Revision) CIMA Outsourcing SOG · April 2023 CIMA Cybersecurity Rule · April 2023 BOTA (2026 Revision) Procurement Act (2023 Revision) WCAG 2.2 AA

The problem

Cloud AI is closed for regulated practices everywhere.

Sending client documents, KYC packs, structure charts and trust deeds through a cloud LLM is a cross-border transfer. Under data-protection law on both sides of the Atlantic, that triggers obligations your client never asked you to take on. Under outsourcing rules from CIMA, the FCA, FINMA and equivalents, it puts your Governing Body on the hook for vendors they cannot inspect. The documents themselves are sensitive enough that the wrong vendor choice has career-adjacent consequences.

For law firms

Harvey, Spellbook and CoCounsel work for firms whose clients are comfortable with cloud-hosted AI. For firms whose practice — trust administration, fund formation, private client, regulated M&A — involves documents that contractually cannot leave the firm's network, OrcaVaults is the alternative. Same workflow speed; data never leaves the building.

For regulated finance

The Cayman Islands Monetary Authority's Outsourcing SOG (April 2023) requires a contractual right of regulator inspection over your service provider. The FCA, FINMA, BaFin, MAS and equivalents demand the same. No major cloud LLM vendor will sign that clause for a small regulated entity. We do, by default, because there is no cloud to inspect.

For government

FOI redaction, internal investigations, classified policy work, beneficial-ownership audit. None of it can leave the network. None of it should leave the building. The Cayman Islands Government is our flagship reference market; the architecture deploys identically in any jurisdiction with equivalent data-residency requirements.

How OrcaVaults works

Three steps. One appliance. One signed audit log.

OrcaVaults is a single appliance you operate inside your network. There is no cloud component. There is no external API. The poetry of the architecture is the absence of complexity.

Ingest on your hardware

Drop documents into a watch-folder, drag-and-drop, or pipe them in from your existing document management system. OrcaVaults reads them locally — they never traverse the internet.

Extract, summarise, classify

Local LLMs running on your GPUs perform extraction, structured summary, classification and search. Your analysts steer the model with reusable templates that capture domain expertise.

Audit-evident output

Every action — read, extract, edit, export — is signed and written to an append-only Merkle audit log on your storage. Cryptographically verifiable. Defensible to your regulator.

See the architecture diagram for the full data flow, or the Trust Centre for security artefacts.

Editions

Free to start. Tiered for procurement.

Pricing tiers are designed to map cleanly onto the Cayman Islands Procurement Regulations (2022 Revision). Departmental pilots fit under the CI$100,000 direct-award threshold. Enterprise scales above it under formal Entity Procurement Committee review.

Community

FreeSource-auditable. Single node. Unlimited use.

For evaluators, security researchers, and small in-house teams who want to run OrcaVaults on their own workstation.

Full extraction and summarisation engine
Local Ollama models
Tamper-evident audit log (single node)
Source-auditable
Community forum support

Departmental Pilot

Fixed-fee30-day on-premise trial · indicative range published on /pricing

Loaner appliance, full Enterprise software, fixed-fee engagement, fully credited against first-year subscription if you proceed. Designed to fit under CI$100,000.

Reference appliance shipped to your office
Installation, hardening, operator training
30-day evaluation with pre-agreed success criteria
Dedicated support engineer
Fixed-fee proposal under direct-award threshold

Discuss a pilot

Enterprise

QuotationMulti-node, redundancy, SLA, audit support

Production deployment for whole departments, fund administrators and law firms. Multi-node redundancy, SLA-backed support, and audit-rights clauses pre-negotiated for CIMA inspection.

Multi-node hardware redundancy
Bronze / Silver / Gold SLA tiers
CIMA-compliant inspection rights
BOTA / AMLR / FOI workflow templates included
Direct-line founder support

Industries

Built for regulated workflows.

Offshore law

Trust, fund, private client

Beneficial owner extraction across ELPs, LLPs and foundation companies under BOTA (2026 Revision)
Trust deed analysis and Reportable Legal Entity mapping
FATCA/CRS compliance file preparation, fully offline
M&A due diligence on confidential data rooms

Read the legal use cases

CIMA-regulated finance

Banks, funds, trust administrators

AML/SAR drafting from transaction monitoring outputs
KYC pack review and exception extraction
Outsourcing SOG-aligned document workflows
Sanctions screening on local data, no API

Read the finance use cases

Government

CSD, DoEG, ministries

Electronic Content Management workflows for CSD
FOI Act 2007 redaction at scale
Cabinet paper drafting support, classified-network capable
Inquiry and investigation document review

Read the government use cases

Trust posture

Honest about what we have. Public about what's next.

Most vendors hide their compliance gaps. We publish ours. Below is the current state. The full trust portal — DPA, sub-processor list, architecture, SBOM, accessibility — is at /trust.

Standard	Status	Target
Cayman Data Protection Act (2021 Revision)	Aligned by design	Continuous
CIMA SOG on Outsourcing (April 2023)	Aligned by design	Continuous
CIMA Cybersecurity Rule and SOG (April 2023)	Aligned by design	Continuous
WCAG 2.2 Level AA	Aligned	Continuous
Cyber Essentials	In progress	Q3 2026
ISO 27001	Roadmapped	Q2 2027
SOC 2 Type I	Roadmapped	Q4 2026
ISO 42001 (AI management)	Roadmapped	Q4 2027

Open the Trust Centre

Leadership

Named. Cayman-registered. Accountable.

Procurement Officers, Data Protection Officers and CIMA-supervised CFOs need to know who they are dealing with. Anonymous founders fail their basic vendor screening. So we don't do that.

[Founder's Name]

Founder & Chief Executive · FlowOrca Ltd

Three decades of enterprise systems engineering across regulated industries, with a background in distributed systems architecture, applied cryptography, and on-premise software deployment. Founded FlowOrca to build sovereign document-intelligence infrastructure for the Cayman Islands and the wider offshore financial-centre community.

LinkedIn · hello@floworca.com · FlowOrca Ltd · Company No. [Cayman Co. No.] · George Town, Cayman Islands

Read the full leadership page