Data Sovereignty
Compliance you can put in front of an auditor.
A clear data path, a known jurisdiction, and no foreign vendor in the loop. Enterprise nodes run on dedicated, single-tenant GPU infrastructure in the region you choose — prompts and completions never leave the machine, only aggregate telemetry does.
Sovereignty and compliance, by architecture.
Not policy promises — properties of how the system is built.
Data stays in-region
The node lives in the region you choose, starting with Switzerland. Token data never leaves the jurisdiction — region is a first-class property of every node.
CLOUD Act immune
No US-owned cloud in the request path, and open weights mean no US model vendor either. There is no foreign entity to compel.
GDPR aligned
Data processing agreement, processing inside Switzerland or the EU, and a full audit trail for where inference actually happens.
Telemetry-only control
We see health and aggregate counts. Never prompts, completions, or per-key data — the control plane cannot read your traffic.
The Trust Guarantees
Three properties define every enterprise node.
In-Region Hosting
Nodes run on dedicated in-region GPU infrastructure. Switzerland is the first available region, served from ISO 27001- and ISO 50001-certified datacenters in Rümlang (Zürich) and Lupfig (Aargau).
Telemetry-Only Uplink
The control plane receives health checks and aggregate usage counts only. Prompts, completions, and code context are never transmitted, logged, or stored centrally.
Single-Tenant Isolation
Each node is reserved for one organisation. No shared tenancy, no co-located customers — the GPU hardware is yours alone for the life of the subscription.
Where Your Nodes Run
Enterprise inference runs on dedicated in-region GPU infrastructure. The first available region is Switzerland, served from two Swiss datacenters:
- Rümlang (Zürich) — primary Swiss zone
- Lupfig (Aargau) — secondary Swiss zone
Both zones are operated in ISO 27001- and ISO 50001-certified facilities. Region is a first-class property of every node: the node — and all inference performed on it — stays in the region you select. Additional regions are planned; Switzerland is where we start, not the product identity.
What Leaves the Node — and What Never Does
The enterprise architecture is telemetry-only by design. There is no central proxy in the request path and no per-request content in the uplink.
Stays on the node, always:
- Prompts, completions, and streamed responses
- Code context and any request or response payloads
- Per-key, per-request usage detail
Leaves the node (telemetry only):
- Health and liveness checks
- Aggregate usage counts (for example, total tokens and request counts)
- Node lifecycle status for your dashboard
Because the control plane only ever sees aggregates, syndicAI cannot read your traffic — even if we wanted to. Enforcement is soft and non-destructive: the control plane can warn or, on billing lapse, disable serving, but it has no authority to read, exfiltrate, or reach into your data.
Node Security
- On-node TLS — each node terminates TLS itself and serves on its own endpoint. Traffic goes directly to your dedicated hardware.
- On-node key authentication — API keys are validated locally against synced hashes, with a revocation list. Plaintext keys are never distributed.
- No allow-all fallback — direct nodes reject requests when no keys are provisioned, rather than defaulting open.
- Single-tenant hardware — no shared tenancy and no spot reclamation; the box is dedicated to one organisation.
Questions About Compliance or Residency?
Start an enterprise workspace to provision an in-region node, or reach out to scope specific residency and certification requirements.