Skip to content

Security & sovereignty

The intelligence comes to your data.

Not the other way around. Every SynthetIQ deployment is designed to keep your data exactly where it already is — inside your perimeter, under your law.

Architecture

Intelligence at the edge. Data never moves.

Conventional cloud AI pulls your data to a central model. SynthetIQ inverts the architecture — the model comes to your data.

In a SynthetIQ deployment, the AI model and inference engine are deployed within your environment. Data never transits to an external service for processing.

No data egress required

Processing happens inside your environment. Prompts, context, and responses never transit a third-party network for inference.

No foreign jurisdiction

Because data never leaves your perimeter, no foreign data-protection law applies to the processing — only the law of the jurisdiction you operate in.

No shared tenancy risk

Your deployment is your deployment. There is no shared model, no shared memory, no shared log store with any other organisation.

Deployment

On your infrastructure. On your terms.

On-premises

Deploy on hardware you own and operate. No outbound network call is required at inference time. Designed for the most demanding data-sovereignty requirements.

Your cloud region

Deploy within a cloud region you control, keeping data residency inside your jurisdiction while benefiting from managed infrastructure you already operate.

Air-gapped capable

Designed to operate without internet egress where required. Suitable for environments where external connectivity is a security risk, not an operational assumption.

Deployment option capabilities are subject to your specific infrastructure configuration and licensing tier. Air-gapped operation requires on-device models.

Data residency & encryption

Your data, encrypted in transit and at rest.

SynthetIQ is designed to ensure data is protected throughout its lifecycle — both while it travels between components and while it rests in storage.

Encryption in transit

All inter-service communication within a SynthetIQ deployment is designed to use TLS, preventing interception between components even within a private network.

Encryption at rest

Data stored by the platform — indexes, logs, workflow state — is designed to be encrypted at rest using AES-256-GCM per-tenant keys, with a master key envelope managed by your infrastructure.

GDPR right-to-erasure support

The platform architecture is designed to support GDPR Article 17 right-to-erasure workflows — enabling deletion of personal data across the platform when a lawful erasure request is received.

EU data residency

When deployed in an EU region or on-premises within the EU, all data processing is designed to remain within EU jurisdiction, supporting GDPR data-transfer obligations.

Data residency and encryption properties depend on your specific deployment configuration. Consult your technical and legal teams to verify that your deployment meets your obligations.

Audit trail

Immutable. Tamper-evident. Verifiable.

The SynthetIQ audit trail is designed to separate verifiable semantic truth from AI generation — so your compliance team always has a clear chain of evidence.

Semantic truth vs. AI generation

Every AI response carries two separate layers: the verifiable source record (the document, data point, or structured fact the answer drew from) and the AI generation layer (how the model synthesised the answer). These are kept separate and independently examinable — so an auditor can verify what was real versus what was inferred.

Cryptographically signed records

Each audit log entry is signed on creation, making retrospective modification detectable. The signing key is managed separately from the data it protects.

Immutable append-only design

Audit log entries are designed to be append-only. Existing entries cannot be edited or deleted through normal platform operations.

Who, what, when — for every action

Every AI action records: who triggered it (user or automated actor), what data was accessed, what the model returned, and the precise timestamp — supporting forensic reconstruction of any event.

Audit trail integrity depends on the security of your infrastructure and key management practices. The platform provides the mechanism; the security of the mechanism depends on your operational controls.

Compliance posture

Compliance evidence — not certification claims.

SynthetIQ is designed to provide compliance-relevant evidence and controls. The following reflects our design posture and architectural intent — not formal certifications.

EU AI Act

Design target

The platform is designed to support EU AI Act high-risk AI system requirements including human oversight controls, audit logging, and transparency documentation — intended to support compliance evidence rather than certify conformity.

GDPR

Design target

Data residency, processing-boundary controls, right-to-erasure workflow support, and data-processor agreement capability are built into the platform architecture — designed to support GDPR obligations.

ISO 27001

Alignment target

Access controls, incident logging, policy enforcement, and audit trail capabilities are designed to align with ISO 27001 information-security management requirements.

These are architectural design goals and compliance-evidence capabilities, not formal certification claims or legal guarantees. Certification status, where pursued, will be documented separately. Consult your legal, compliance, and technical teams for your specific obligations before relying on any capability described here.

Model strategy

On-device or managed models. Your choice.

SynthetIQ does not lock you into a specific AI model or vendor. Your model strategy can evolve independently of the platform.

On-device models

Run inference entirely within your own hardware — no external API call at inference time. The highest possible isolation. Suitable for air-gapped or highly sensitive environments.

Managed models via secure API

Connect to an AI model via a configurable, secured API endpoint — your choice of provider, your choice of model. All routing goes through your own infrastructure, not a shared SynthetIQ relay.

Switchable at configuration time

Model selection is a configuration choice, not an architectural one. Switch between on-device and managed models, or run a hybrid, without re-architecting the platform.

No vendor lock-in. SynthetIQ does not require a specific AI model provider. If a model you rely on is discontinued, you switch the configuration — your workflows, data, and audit history remain intact.

Want to understand exactly how SynthetIQ protects your data?

We will walk through the architecture in the context of your specific infrastructure, jurisdiction, and regulatory obligations.