Security & Compliance
Your data never leaves.
Verified, not promised.
Every byte of your data is processed on hardware you physically own, inside your building, on a network only your devices can reach. No cloud. No API calls. No telemetry. Verifiable by your IT team with a packet sniffer.
AES-256 at rest · TLS 1.3 + WireGuard in transit · Zero data egress · Air-gap capable
Security Architecture
Five layers. Zero trust required.
Enterprise appliances ask you to trust their black box. We give you an architecture you can verify yourself — every component is open source and inspectable.
🏢
Physical Isolation
Hardware is installed inside your building. You control physical access. Apple Mac Studio — consumer hardware with no management engine backdoors, no vendor kill switch. If we disappear tomorrow, the hardware keeps running.
🔒
Network Isolation
Tailscale WireGuard mesh — zero-trust, peer-to-peer, no traffic through our servers. Only devices you explicitly authorize can connect. No public IP. No open ports. Your IT team can verify with tcpdump.
🔐
Encryption
AES-256 encryption at rest via macOS FileVault (FIPS 140-2 validated). TLS 1.3 + WireGuard for all data in transit. No unencrypted data ever traverses any network segment.
👤
Access Control
Tailscale ACLs control per-device access. Open WebUI provides user-level authentication. Multi-user role-based access control (RBAC) with audit logging. Admin can revoke any user instantly.
📋
Audit Trail
All conversations logged locally with timestamps and user attribution. All remote management sessions logged. Logs stored on your hardware — exportable for compliance review. We cannot delete or modify them.
Compliance by Industry
Built for the industries that can't afford mistakes.
Our architecture doesn't just support compliance frameworks — it eliminates the primary risk vector (third-party data transmission) that makes compliance with cloud AI so complicated.
🏥 Healthcare
HIPAA · BAA PROVIDED
PHI never leaves your facility. No Business Associate chain to manage beyond us. We provide a signed BAA. Your EHR data, clinical notes, and patient communications stay on hardware you control.
⚖️ Law Firms
ATTORNEY-CLIENT PRIVILEGE
Privileged communications processed on hardware inside your firm. No third-party disclosure — privilege is protected by physics, not policy. Compliant with ABA Model Rule 1.6 confidentiality obligations.
🏦 Financial Services
GLBA · SOX · FINRA
Customer financial data never transmitted externally. Full audit trail for examiner review. Hardware ownership eliminates third-party vendor risk assessment requirements for this component.
🎓 Education
FERPA
Student records processed locally. No cloud provider to add to your FERPA compliance matrix. The institution maintains sole custody of all education records used with AI.
Before & After
Cloud AI vs. Sovereign ATX
Every row is a verifiable technical fact — not a marketing claim. Your IT team can confirm each one.
| Capability |
Cloud AI (ChatGPT, Claude) |
Sovereign ATX |
| Data leaves your building |
✗ Yes — every prompt sent to provider servers |
✓ Never — hardware is in your building |
| Encryption at rest |
Provider-managed keys (you don't control them) |
✓ AES-256 FileVault — your hardware, your keys |
| Encryption in transit |
TLS 1.3 to their servers |
✓ TLS 1.3 + WireGuard — never leaves your network |
| Audit trail |
✗ Limited — provider controls logs |
✓ Full local logs — timestamps, users, queries, responses |
| Training on your data |
Opt-out required (varies by provider) |
✓ Impossible — models run offline, no training pipeline |
| Works offline |
✗ No — requires internet |
✓ Yes — disconnect ethernet, it keeps running |
| Hardware ownership |
✗ You own nothing |
✓ You own the hardware outright (buy option) |
| Vendor dependency |
✗ Total — provider can change terms, pricing, or discontinue |
✓ Zero — if Sovereign ATX disappears, your hardware keeps running |
| Model auditability |
✗ Proprietary — you can't inspect the model |
✓ Open-weight models — checksums verifiable against public source |
| Contract required |
Enterprise agreements, multi-year common |
✓ Month-to-month available — cancel anytime |
| Per-user pricing |
✗ $20–60/user/month — scales with headcount |
✓ Flat rate — unlimited users, one price |
| Deployment time |
Minutes (sign up) |
✓ Same day — hardware ships pre-configured |
Technical Specifications
The specifics your security team needs.
✓
AES-256 at rest — macOS FileVault full-disk encryption, FIPS 140-2 validated cryptographic modules
✓
TLS 1.3 in transit — all HTTP traffic encrypted. Web UI served over HTTPS with modern cipher suites
✓
WireGuard tunnel (Tailscale) — zero-trust mesh network. Audited open-source. No traffic through relay servers by default
✓
Zero telemetry — no usage data, analytics, or diagnostic data sent anywhere. Verifiable via network monitoring
✓
No model training on client data — architecturally impossible. Models run via Ollama with no training pipeline. Weights are read-only
✓
Air-gap capable — once models are loaded, disconnect from internet entirely. Inference continues indefinitely
✓
RBAC — Open WebUI supports multi-user authentication with role-based permissions. Admin, user, and pending roles
✓
Apple Silicon — no management engine — unlike Intel (IME) or AMD (PSP), Apple M-series chips have no known remote management backdoors
✓
Local model weights — downloaded once during setup. SHA-256 checksums verified against upstream repositories (Hugging Face)
✓
Firewall hardened — only Tailscale ports open. No public-facing services. SSH restricted to authorized Tailscale IPs only
Open Source Guarantee
Every component is inspectable. No black boxes.
Enterprise AI appliances ship proprietary firmware on locked-down hardware. You can't inspect what's running. You can't audit the model. You can't verify the security claims. You just have to trust them.
We took the opposite approach. Every component of our stack is open source, publicly audited, and independently deployable. If you don't trust our word, read the code.
Our complete stack — every component is open source:
Ollama
llama.cpp
Open WebUI
OpenClaw
Tailscale
WireGuard
macOS (Darwin kernel)
AI models are open-weight, published by their respective research labs (Qwen, Meta Llama, DeepSeek). Weights are publicly available on Hugging Face with SHA-256 checksums for verification.
The no-lock-in guarantee: If Sovereign ATX ceased to exist tomorrow, your hardware would keep running. Your models would keep working. Your data would remain on your device. You'd just lose managed support — not functionality.
Remote Access Policy
What we can access — and what we can't.
We maintain remote access for updates and maintenance. Here's the exact scope — no ambiguity.
| Activity |
Our Access |
| System health (CPU, memory, disk, uptime) |
✓ Infrastructure metrics only |
| Model updates and software maintenance |
✓ Software layer only |
| Agent configuration and tuning |
✓ Config files only |
| Your prompts, queries, or conversations |
✗ Never — not transmitted, not accessible |
| Documents or files you upload |
✗ Never — processed locally, not stored in accessible paths |
| AI responses and outputs |
✗ Never — generated and stored locally |
| Client data, PHI, or privileged information |
✗ By architecture — not just by policy |
All remote sessions are logged. Logs are on your hardware. You can revoke our access at any time from your Tailscale admin panel — unilaterally, without contacting us.
FAQ
Questions regulators actually ask.
Where is data processed and stored?
On hardware physically installed inside your building. All AI inference, document processing, and conversation storage happens on that hardware. No data is transmitted to any external server — not ours, not a cloud provider's, not anyone's. Your IT team can verify this with network monitoring tools.
Is the AI model trained on our data?
No. This is architecturally impossible with our setup. Models run via Ollama/llama.cpp in inference-only mode — there is no fine-tuning or training pipeline installed. Model weights are read-only files. Even if someone wanted to train on your data, the software doesn't have that capability as deployed.
What happens to our data if we cancel service?
Your data stays on your hardware — we never had it. If you own the hardware (buy option), you keep everything. If you were renting, we retrieve the hardware and can perform a verified wipe (DoD 5220.22-M standard) on request, or you can wipe it yourself before return.
Do you have SOC 2 certification?
Not yet — we're a founder-stage company and SOC 2 is on our roadmap. Here's why we think our architecture is stronger than a SOC 2 badge: SOC 2 certifies that a cloud provider follows processes to protect your data on their servers. Our approach eliminates the need for that trust — your data is on your hardware, in your building, on a network only your devices can access. You can audit everything yourself, today, without waiting for an annual report.
Can we air-gap the system completely?
Yes. After initial setup and model download, the system runs entirely offline. Disconnect the ethernet cable — inference continues indefinitely. You would lose remote management support (we couldn't push updates or monitor health), but the AI itself works without any network connection.
Who has access to the system remotely?
By default, your authorized team members and one Sovereign ATX management node (for updates and monitoring). All access is via Tailscale — a WireGuard-based zero-trust mesh. You control the access list from your own Tailscale admin panel. You can remove our access at any time, unilaterally, without contacting us. All remote sessions are logged on your hardware.
Documentation
Compliance documents for your legal team.
Structured agreements, not boilerplate. Request an executed version — we respond within one business day.
Business Associate Agreement (BAA)
HIPAA — for healthcare providers and covered entities. Includes on-premises clause and breach notification per 45 CFR 164.504(e).
Data Processing Agreement (DPA)
GDPR — processing scope, sub-processors (none), breach notification, data residency clause.
Remote Access Policy
Technical documentation of remote management scope, access controls, and logging.
Request →
Network Architecture Diagram
Tailscale topology, firewall rules, and data flow diagram for your IT/security review.
Request →
Model Verification Checksums
SHA-256 checksums for all deployed model weights — verify against upstream Hugging Face sources.
Request →