Hardware trust
Every appliance ships with TPM-bound LUKS2 disk encryption, a sealed BIOS password, and a signed kernel. The bootloader refuses to load an unsigned initramfs; the root filesystem is verified on every boot.
Security
Designed by people who’ve sat across from regulators.
The architecture is the answer. Your prompts don’t leave your building, our control plane doesn’t see your data, and every request is Merkle-signed. What follows is how we get there.
OS hardening
Debian stable with minimal package footprint. Services run under dedicated users, confined by systemd (NoNewPrivileges, ProtectSystem=strict, MemoryDenyWriteExecute). Outbound egress is IP-filtered; inbound is through apache2 with mTLS from the gateway.
Identity & access
Tenant users sign in via their own IdP (OIDC). Operayde staff access is separated — we have no shared admin account, and every action is attributed to an individual engineer.
Policy & keys
Virtual API keys scope access by tenant, room, model family, and budget. Policy is authored centrally, signed, pushed to the fleet, and enforced on-appliance. There is no ‘god’ key.
Merkle-signed audit
Each appliance hashes every request and response into a daily Merkle tree, signs the head with its enrolment key, and ships heads-only to the central plane. Bodies stay local. You can verify any request offline.
Fleet updates
Updates are signed manifests with hash-pinned images. The appliance verifies before applying. Roll-forward and roll-back are both 15-minute operations from the operator portal.
Compliance
We meet the regulations before we claim the certifications.
- GDPR
- EU appliances and central-plane region are EU-only. No sub-processor outside the EU.
- UAE PDPL
- UAE region residency with an in-country central plane. Local support hours.
- ISO 27001
- Control mapping underway — target certification Q2'27.
- SOC 2 Type II
- Audit engagement begins Q1'27; evidence pipeline already in place.
Ready to put AI behind your own firewall?
Spend 20 minutes with one of our deployment engineers. We’ll walk through your workload, pick the right tier, and ship an appliance to your office within two weeks.