00% SCROLL
SECURITY

Security isn’t a setting.
It’s the architecture.

On-premise, sovereign EU cloud or air-gapped — your data never leaves your network, and is never used to train a model.

See the architecture
ON-PREMISESOVEREIGN EU CLOUDAIR-GAPPABLEZERO DATA EGRESSNEVER TRAINED ONGDPR BY ARCHITECTURE

Three guarantees, enforced by design.

Not a policy you have to trust — properties of where and how Diana runs.

Nothing leaves your walls

Diana and its agents run on infrastructure you control and make no external call in normal use. Zero data egress — no path off your network.

ZERO EGRESS

Never trained on

Your documents and conversations are never used to train a model — ours or anyone’s. The one promise we will never break.

ZERO TRAINING

You hold everything

Your hardware, your keys, your audit log. Diana has zero standing access — management never touches your content.

YOUR KEYS · YOUR LOG

Your data never crosses the boundary.

Diana, your documents and your keys all live inside a perimeter you define. Nothing is sent to a third party, because there is no third party in the data path — and no sub-processor to assess.

YOUR PERIMETER
DocumentsKeysAudit log
Diana, your data and your keys live here — and never leave.
NO EXTERNAL CALLS · NO DATA EGRESS

You choose the boundary.

Three sovereign deployments — each keeps your data on infrastructure you control. The only question is how strict.

Fastest to deploy

Sovereign EU Cloud

A dedicated private server in a European data centre (OVHcloud, Hetzner or Scaleway). EU data residency, no shared tenancy, GDPR-compliant by architecture.

Dedicated server — no co-tenantsEU data residencyLive in 24 hours
Most popular

Sovereign On-Premise

A pre-configured appliance on your own network. Your data never leaves the building; we manage it over an isolated channel with zero access to your data.

Runs on your internal network onlyIsolated management channelAir-gap upgrade available
Maximum assurance

Air-Gapped

No external network connection of any kind. Diana ships pre-loaded; data physically cannot leave under any circumstances.

Zero external connectivityNo management tunnelFor the strictest environments

Where the architecture makes the difference.

The same task, two very different risk surfaces — this is what changes when the AI runs inside your perimeter instead of someone else’s cloud.

DimensionPublic-cloud AIDiana
Where data is processedThe provider’s cloudYour perimeter — on-premise, sovereign EU cloud, or air-gapped
Data egressLeaves your networkNone in normal use
Trained on your dataPossible unless contractually excludedNever
Sub-processorsThe provider and its chainNone
JurisdictionThe provider’s — including foreign lawEU — yours
AuditabilityLimited to what the provider exposesFull — tamper-evident Audit Stream

Built for the rulebook you answer to.

Diana doesn’t just claim compliance — it removes the risk surface that creates the work in the first place.

RegulationWhat it coversHow Diana addresses itFocus areas
GDPRData protection & cross-border transfer.Data stays inside your network boundary — so there is no transfer to assess and no sub-processor chain to vet. Erasure is in your hands.
  • Art. 28 · processor
  • Art. 32 · security of processing
  • Chapter V · no transfers
  • Right to erasure
DORAICT risk for financial entities.Run Diana on your own infrastructure and your AI stops being a critical ICT third party. Your exit plan is built in — the appliance is yours.
  • ICT third-party risk
  • Concentration risk
  • Exit strategy
  • Incident evidence
NIS2Cyber-resilience for essential entities.The Audit Stream gives a tamper-evident record for reporting timelines, and there is no external dependency in the data path to widen your attack surface.
  • Incident reporting
  • Supply-chain risk
  • Risk-management measures
EU AI ActGovernance of AI systems.A system you can govern, document and keep inside the EU. You control where it runs and what it can touch — nothing is processed on infrastructure you cannot audit.
  • Governance
  • Technical documentation
  • Human oversight

Least privilege, end to end.

Granular access control

Granted and revoked at the project, folder and file level, with inheritance — people see only what they should, and you can prove it.

You supply the key

The encryption key is customer-supplied and never leaves your environment. Automated rotation is on the roadmap.

Zero standing access

Diana staff cannot see your data. Remote management runs over an isolated channel that never touches your content.

Encrypted in transit & at rest

Document content is encrypted at rest with a key you supply, behind TLS 1.3 termination — inside a boundary only you control.

Every action, logged where the work lives.

The Audit Stream is a tamper-evident, time-stamped record of every read, edit, export and share — by people and by agents alike. It’s how you evidence DORA and NIS2 reporting, satisfy a GDPR access request, and answer “who touched this, and when?” without a ticket.

REAL-TIMETAMPER-EVIDENTEXPORTABLE
Audit StreamLive
14:05:12Alex exported Risk_Memo.docxSIGNED
14:03:48Researcheragent cited 3 sources in DPA-2749
14:02:10Alex opened Acme_MSA_v3.docx
11:48:33Jori shared “Acme — Due Diligence” with Legal
09:14:00System verified the audit chainOK
08:30:22Alex signed inSSO

No sub-processors. No egress. No surprises.

No sub-processors

Because your data never leaves your environment, no third party ever processes it. There is no sub-processor list to assess — there is no sub-processor.

Nothing retained you don’t control

Diana keeps only what your workspace keeps. Stop using it and the data was always yours — keep it, wipe it, or return the appliance.

No training, ever

Your documents and conversations are never used to train a model — ours or anyone else’s. The one promise we will never break.

0
bytes that leave your network, or train a model. Ever.
0
sub-processors touch your data — it never leaves your environment.
100%
of activity captured in a tamper-evident Audit Stream.

The questions you’ll be asked.

Where is our data processed and stored?
Inside your perimeter — on-premise, on a dedicated EU server, or fully air-gapped. Never on Diana’s servers.
Who at Diana can access our data?
No one. We have zero standing access; remote management runs over an isolated channel that never touches your content.
What sub-processors handle our data?
None. It never leaves your environment, so there is no sub-processor chain to assess or approve.
Is our data ever used to train models?
Never — not yours, not for our models, not for anyone’s.
How do we evidence DORA, NIS2 and GDPR?
The Audit Stream is a tamper-evident, time-stamped record of every action, and you control data residency end to end. Architecture documentation is available for your DPIA and vendor due diligence.
Can we audit the system ourselves?
Yes. Review the live Audit Stream inside your own deployment, and request our security and architecture overview during procurement.
What happens to our data if we stop using Diana?
It was always yours. Keep it, wipe it, or return the appliance — Diana never held it in the first place.
What about formal certifications?
Diana is built to the controls behind SOC 2 and ISO 27001, and certification is on our roadmap. Crucially, your data’s protection does not depend on us passing an audit — it is enforced by the architecture.

Put it to
the test.

Review the architecture, run a pilot on your own infrastructure, and let your security team audit every control. Trust you can verify — not take on faith.

See the architecture