Security you can verify.

PactusAI is built around the assumption that your documents are confidential and must stay that way. This page describes how — encryption, deployment, access control, and the data flow end to end.

Where the AI runs →

Security at every layer

From encryption to compliance, every aspect of PactusAI is designed with security as a first principle. The four properties below apply to every deployment of PactusAI: how data is encrypted, where it lives, who can see what, and what happens to the documents you upload.

End-to-end encryption

Documents are encrypted on the way in and while stored, on infrastructure we operate ourselves. Encryption keys can be managed on your side for enterprise deployments.

EU data residency

Most of the processing happens in-house, in EU data centres. Where a step optionally uses an external model provider, it runs under a formal data-processing agreement and only with your explicit consent.

Complete audit trail

Every access, query and operation is logged. You can review who did what at any time, which is what compliance reviews and internal audits actually need.

No AI training on your data

Documents you upload are never used to train any model — ours or a third party's. We also offer on-premise deployments where we are not the data controller at all, so the question does not arise.

How encryption is set up.

Data is encrypted on the network as it leaves your machine and again when it lands in storage. Both layers use industry-standard algorithms, and we are happy to walk your team through the specifics.

Each customer's data is processed in its own environment, so a request from one cannot reach another's documents. Enterprise customers can supply and rotate their own encryption keys, so even if we were compelled to hand over data, the bytes we hand over are encrypted ciphertext that we cannot read.

We work with each customer to tailor the security configuration to what their compliance and procurement teams require, rather than offering a take-it-or-leave-it default.

Deployment options

Choose where your data lives and your AI runs.

Hosted (SaaS)

Managed by us in EU data centers. Fastest time to value.

  • EU data residency
  • Automatic updates
  • 99.9% SLA
  • SOC 2-aligned controls

Your cloud

Deploy in your Azure, AWS, or GCP environment. Your network rules apply.

  • Full data sovereignty
  • Inside your network
  • Confidential computing supported
  • Kubernetes-ready

On-premise

Air-gapped deployment for regulated industries. Data never leaves your network.

  • Air-gapped environments
  • Your hardware
  • Dedicated GPU support
  • No external dependencies

Access management

SSO / SAML 2.0

Your employees sign in with the same credentials they use for everything else, through Azure AD, Okta or Google Workspace.

Multi-factor authentication

Two-factor sign-in is required by default. We support both authenticator apps and hardware keys.

Role-based permissions

You decide what each role in the company can see and do in PactusAI. Permissions can be as broad or as narrow as the matter at hand requires.

Admin dashboard

Day-to-day administration runs through a single admin console — adding users, setting policies, reviewing what was queried and when.

Where the AI itself runs.

Most "AI for X" tools live in one column of this table. PactusAI is built to run in any of them, including the rightmost one.

Public LLM APIPrivate LLM APIGPU VM in your cloudOn-prem GPU
Data stays on your network
No training on your data
Data stays in your region (US/EU)~
You own and operate the model
Consistent results across time~
Always the latest frontier model~~
No hardware to procure

Need more details?

Our team can walk you through our security architecture and provide documentation for your procurement or compliance review.

We respond to security inquiries within 24 hours.