Data Sovereignty: Technical Sheet

1. System Architecture

The kAIra Tools platform runs entirely on a physical server within the client's premises. All components — LLM models, vector database, web interface, AI tools — run in Docker containers on the internal network. There is no outbound connection to cloud services. The system can operate in air-gap mode (without internet).

2. Data Flow

User data is processed exclusively on the local server. LLM queries, RAG indexing and all AI operations run in local memory and storage. No data — neither prompts, nor documents, nor responses — is transmitted to external servers at any time.

3. Zero Cloud Dependency

• LLM models: local execution (LM Studio / Ollama)
• Vector database: PostgreSQL + pgvector (local)
• Web interface: OpenWebUI + kAIra Tools (local)
• Voice: Whisper (local)
• No telemetry, no external APIs, no cloud sync

4. GDPR Compliance

Since no personal data is transferred to third parties, the risks of international data transfers (Art. 44-49 GDPR) are eliminated. The data controller retains full control (Art. 5, 25, 32). Data minimisation and privacy by design are guaranteed by the on-premise architecture.

5. EU AI Act Compliance

Local infrastructure facilitates EU AI Act compliance: full inference traceability, model versioning, simplified audits and direct human oversight (Art. 14). The training obligation (Art. 4) is covered by our Key-User certification module.

6. Security and Encryption

• Full disk encryption (FileVault / LUKS)
• Internal HTTPS communication with own certificates
• Role-based access control (RBAC)
• Authentication with PBKDF2-HMAC-SHA256 hashing
• Isolatable network: dedicated VLAN or full air-gap

7. Data Lifecycle

Creation → Processing → Storage → Deletion: everything happens within the client's premises. In case of hardware return (leasing model), all data is securely and verifiably deleted on-site before collection.