Most AI compliance starts with the platform. We start with the team.
Three Gates is the AI control plane for regulated industries, built by Hearth and Alloy, Inc., a Tennessee corporation. Patent-pending three-gate architecture, designed for organizations where “we’ll figure it out” is not an answer.
The company behind the product
Three Gates is the first product of Hearth and Alloy, Inc., a Tennessee corporation building AI control-plane infrastructure for regulated industries. Healthcare ships first; the same three-gate architecture extends to government, legal, and financial verticals on the roadmap. The platform is vendor-independent and deployment-agnostic by design.
The patent-pending architecture rests on a single discipline: detected sensitive content is replaced with typed semantic tokens before any general-purpose AI model is invoked. Every AI request passes through three sequential gates that classify the data, evaluate the user’s authority, and route to a compliant destination, with an immutable audit trail behind every decision. The platform is designed to support HIPAA Security Rule obligations today; SOC 2 Type II audit is planned, customer-engagement-gated.
For a deeper view of the corporate platform and our positioning across regulated industries, see the parent company at hearthandalloy.com.
Keith Williams
Founder
17+ years building secure data systems
Founder’s Perspective
Start with the team, not the tool.
AI adoption in regulated industries fails at the people layer long before it fails at the platform layer. Most healthcare organizations do not actually know what their teams would do with a ChatGPT tab open and a patient chart on the other screen. They have policies. They have training modules. They do not have measurement.
That is why the front door to Three Gates is a free PHI AI Readiness Assessment, not a sales pitch. Administrators see an anonymized organizational scorecard with the gaps named clearly and the regulatory citations attached, and only then decide whether the platform underneath the assessment is worth a longer conversation.
“Measure the team first. Earn the platform conversation second.”
Designed to support HIPAA. SOC 2 Type II audit planned, customer-engagement-gated. Patent-pending three-gate architecture. 7-year immutable audit retention. Deploy in our environment or yours.
Three ways to start.
Pick the door that matches where your organization is today.
Free
Take the AI readiness assessment.
Three modules, about 30 minutes per employee. Anonymized organizational scorecard unlocks at five completions, with regulatory citations and a remediation path.
See the platform
Request a platform demo.
A working walkthrough of the three-gate pipeline against scenarios from your environment. Tailored to your vertical and your stack.
Founder access
Apply to the Design Partner Program.
A small number of regulated organizations help shape Three Gates pre-GA. Preferred pricing, roadmap influence, and direct access to the founding team.