Documentation
Keep control of your data, your keys, and which jurisdictions your prompts reach — with an honest account of what the firewall guarantees and what it cannot.
“Sovereign AI” usually means three things at once: your data does not get retained, your credentials do not leave your control, and you decide whose infrastructure your prompts touch. The AI Firewall gives you real mechanisms for all three.
It is also a specific product with specific limits, and this section says plainly where they are. A compliance claim you cannot defend is worse than no claim.
| Compliance driver | The mechanism |
|---|---|
| “Our prompts must not be retained.” | Zero data retention — the default. No prompt or completion is written anywhere, ever. |
| “Our credentials must not sit in developer configs or third-party systems.” | Key custody — provider keys held KMS-encrypted, bound to your organisation, unreadable even by you. |
| “Data must not reach vendors we have no agreement with.” | Jurisdictional control — provider deny lists, enforced org-wide on every request. |
Composed, that is a stack where the gateway retains nothing, your keys never leave the vault, and traffic only ever reaches vendors you have approved.
What we do not have: region-pinned routing. There is no per-request choice of inference region, no EU-only endpoint, and no data-residency guarantee for the gateway itself. If your requirement is “inference must physically occur inside jurisdiction X”, the mechanism here is choosing providers that satisfy that — not a routing flag we can set for you.
Be precise about this with your auditors. See the threat model.