Beneficiary data sits in a tangle of federated systems, and a careless query can put real people at risk. amanat handles credentials through Auth0 Token Vault, requires human-in-the-loop approval for sensitive access via CIBA (a Guardian push to the analyst’s phone before any file is deleted or sharing revoked), and reasons over case records on-prem with IBM Granite 4. PII detection runs as a hybrid pipeline combining regex patterns with Granite 4 Micro. Findings are evaluated against ICRC Handbook, IASC Guidance, GDPR, and Sphere Standards via BM25 RAG.
The name (Arabic: أمانة) means a sacred trust, something held in stewardship for someone else.