Security architecture

Secure AI with full compliance

Soev.ai is a secure AI platform where every layer is designed with security as the starting point. From data residency and privacy-friendly AI to audit logging, we leave nothing to chance.

GDPR-compliantISO 27001BIO 2.0EU AI Act

Data residency & NL hosting

At soev.ai, AI sovereignty and digital autonomy are at the core. All data is processed and stored within Dutch borders. We work exclusively with ISO 27001-certified hosting partners that meet the strictest standards.

Your organization retains full control over where data is stored at all times. Whether you choose private cloud hosting in the Netherlands or on-premise deployment, soev.ai facilitates it as a fully sovereign AI platform. Built with open-source technologies and open standards, including Open WebUI as user interface, MCP for tool integrations and HAVEN+ for platform autonomy, this ensures full transparency and independence from proprietary vendors.

The American Cloud Act gives US authorities access rights to data of American companies, even if that data is physically located in Europe. By exclusively using Dutch hosting partners, soev.ai falls outside the reach of the Cloud Act.

100% Dutch hosting
On-premise deployment available
No data transfer outside the Netherlands
Open source and no vendor lock-in
DUTCH CLOUD INFRASTRUCTUREsoev.ai platformProcessing + AI modelsVector databaseSemantic searchOriginal filesSecurely storedOpen-source modelsNo vendor lock-inYOUR DATA SOURCESSharePointOneDriveTeamsConfluenceCustom

Security architecture for secure AI

The security architecture of soev.ai is built on the principle of defense-in-depth: multiple security layers that together form a robustly secure AI platform for government and organizations.

Network security

Isolated networks, firewalls, DDoS protection and encrypted communication between all components.

Application security

Input validation, output sanitization and CSRF protection.

Data layer security

Encryption at rest and in transit, database isolation and automatic encrypted backups.

Identity & Access

SSO integration, multi-factor authentication, RBAC and the principle of least privilege.

Monitoring & Alerting

Real-time monitoring, anomaly detection, automatic alerts and incident response procedures.

Disaster Recovery

Automatic backups, multi-zone replication and tested recovery procedures with low RTO and RPO.

Compliance frameworks

GDPR

Full compliance with European privacy legislation

Compliant

EU AI Act

Built according to EU AI Act requirements

Compliant

ISO 27001

International standard for information security

Certified

BIO

Baseline Information Security for Dutch Government

Compliant

WCAG

Web Content Accessibility Guidelines

Compliant

Governance & logging

soev.ai offers extensive governance and logging capabilities that meet the strictest compliance requirements. Every action on the platform can be logged, from user interactions to system changes.

With the governance dashboard, you can gain real-time insight into who is doing what, when and with which data. This makes it easy to meet audit requirements and internal policy frameworks.

Full audit trail of every action possible
Real-time governance dashboard
Export capabilities for compliance reports
Configurable retention periods

We do not train on your data.

Your data is used exclusively to generate answers within your own environment, on the infrastructure of your choice.

ISO 27001 certification

ISO 27001 certified

Gradient, the company behind soev.ai, is ISO 27001 certified. This is the international standard for information security and confirms that our processes, systems and employees meet the highest security standards.

Gradient receives ISO 27001 certificate from DigiTrust

Book a free demo

Discover how soev.ai can help your organization with secure, sovereign AI and digital autonomy. Book a free demo or get in touch.

Book a demo nowGet in touch
Book a demo