Your data. Your infrastructure. Your intelligence.

Diana's sovereignty architecture is not a compliance checkbox. It is the foundational reason why professional services firms trust Diana with their most sensitive work.

Sovereign Deployment Available

Security checklist

Architecture, not policy — what Diana does and does not do.

Diana does

  • Run entirely on your hardware
  • Run AI inference locally using Small Language Models — no cloud compute required, no data transmitted for processing
  • Encrypt all data at rest (AES-256) and in transit (TLS 1.3)
  • Log every agent action with immutable audit trail
  • Allow your IT team to independently verify the architecture
  • Support air-gapped deployment for maximum security environments
  • Comply with GDPR, MiFID II, and equivalent frameworks by architecture

Diana does not

  • Send your data to any external server
  • Require your data to travel to a cloud server to run AI — inference happens entirely on your hardware
  • Use your data to train any model — ever
  • Share your data with Diana's team through the management tunnel
  • Store any inference results after a session
  • Have any pathway for your data to leave your environment
  • Ask you to trust a policy instead of an architecture

The Three Failures of Public AI Infrastructure

Data Vulnerability

Every interaction with a public AI tool transmits your sensitive data to shared, multi-tenant cloud infrastructure. For M&A deal data, client financials, and privileged legal communications, this is not acceptable. Diana executes entirely within your defined infrastructure perimeter.

Privacy & Training Data

Public AI models learn from your inputs. Your deal frameworks, negotiation strategies, and client relationships can become training signal for a model your competitors also use. Diana's architecture guarantees zero data egress. Nothing leaves. Nothing is used for training. Ever.

Black Box Processing

Public AI offers no visibility into how your data is processed, who can access it, or what happens to it after a session. Diana provides a fully auditable sovereign sandbox. Every computation is logged. Every output is versioned. You have complete oversight.

GDPR Shield Mode

GDPR compliance through architecture, not policy. Diana cannot share your data because it is architecturally impossible — not because a policy says so.

What GDPR Shield Does

Data encryption at rest and in transit
No training data collection
EU data residency options
Right to deletion
Data portability

Zero-Trust Execution

Strict guardrails ensure Diana only takes actions you explicitly authorize. God Mode audit streaming means you can watch every agent action in real time. No black boxes. No surprises.

Human-in-the-Loop

Set rules to require human approval before Diana executes high-stakes or irreversible actions.

Scoped Permissions

Diana operates strictly within the boundaries of the Model Context Protocol (MCP). She only sees what you let her see.

Immutable Audit Logs

Every API call, reasoning step, and action is logged in real-time for total transparency and compliance.

Compliance & Certifications

SOC2 Type II

Annual security audits

ISO 27001

Information security management

GDPR

EU data protection compliance

Air-Gapped Deployment Available

Enterprise tier

Enterprise-Grade Encryption

Your data is protected with military-grade encryption standards. Enterprise-grade encryption is the floor, not the ceiling. Diana's sovereignty architecture ensures that encrypted data never travels to infrastructure you do not control.

End-to-End Encryption

All data is encrypted using AES-256 encryption both at rest and in transit. We use industry-standard TLS 1.3 for all communications.

Encryption Standard
AES-256
TLS Version
TLS 1.3

Ready to deploy inside your infrastructure?

Diana was built for organisations where a data breach is not an inconvenience — it is a career-ending, litigation-triggering event. If that describes your environment, we should talk.