Cloud Horizon AI / Security
Security details that survive procurement.
The page your DPO, CISO, and procurement lead all need before they sign. Encryption, region controls, audit logs, sub-processors, incident response. No marketing fluff, no "enterprise-grade" hand waves.
Eight controls in plain language
The questions a procurement security review actually asks. The answers your team can paste into the questionnaire without legal rewriting them.
Encryption in transit
TLS 1.3 only on the public API. Internal service-to-service mTLS between gateway, model runners, and storage. No plaintext on any hop.
Encryption at rest
AES-256-GCM on every storage tier: prompt logs, request metadata, embeddings vector store, audit trail. Customer-managed keys via KMS on enterprise plans.
Region pinning
Every request can pin to eu-ams-1 or eu-fra-1 via the Cloud-Horizons-Region header. Returns 422 if the model is not available in that region rather than silently failing over.
Audit logs
Every request logged with timestamp, model, token counts, region, audit tag, latency. Streamed to your S3 bucket on team plans, retained 90 days on the gateway.
PII redaction
Optional inline redaction before the model sees the prompt. Names, emails, phone numbers, IBANs, BSN, NHS numbers, IP addresses. Returns the original to your application after completion.
No training on inputs
Contractual guarantee in the team and enterprise DPA. Open-weights models we run, no upstream provider training loop, no signal back to model vendors.
Log retention controls
Default 30 days. Per-request override via log_retention header (0d, 7d, 30d). Zero-retention mode prevents prompt and response from being persisted at all.
Bring your own key
Enterprise plan supports customer-managed KMS keys. Revoking the key makes prior logs unreadable. Standard envelope encryption pattern.
Sub-processors
The full list. Updated when it changes, with 30 days notice on team and enterprise plans before any new sub-processor goes live.
| Vendor | Purpose | Region | DPA |
|---|---|---|---|
| Cloudflare | Edge gateway, DDoS protection, WAF | EU PoPs only | In place |
| Hetzner Cloud | GPU inference compute | Falkenstein, Nuremberg | In place (NL law) |
| Equinix Metal | Backup inference capacity | Amsterdam AM6 | In place |
| Datadog EU | Operational metrics, no prompt content | Frankfurt | In place |
| Sentry EU | Error tracking, no prompt content | Frankfurt | In place |
| Postmark EU | Transactional email (waitlist, billing) | EU | In place |
| Stripe | Payment processing | EU + cross-border for card networks | In place |
Incident response
Four phases, target SLAs for each, what you hear from us at every step. The GDPR Article 33 timeline (72 hours to the supervisory authority for personal data breaches) is built into the notification phase.
| Phase | Target | What happens |
|---|---|---|
| Detection | Within 15 minutes | Datadog and PagerDuty alerts on error rates, latency, and authentication anomalies. |
| Triage | Within 30 minutes | On-call engineer classifies severity (S0 to S3) and pages the secondary on critical incidents. |
| Customer notification | Within 4 hours for S0/S1 | Status page update, plus targeted email to affected workspaces. GDPR Article 33 timeline applies for personal data breaches. |
| Resolution and postmortem | Postmortem within 5 business days | Public postmortem on status page for S0/S1. Internal-only for S2/S3. |
What we are not
We do not claim certifications we do not hold. Here is the honest posture today, and what is on the roadmap.
SOC 2
Architected for SOC 2 Type 2. Type 1 audit window opens Q4 2026, Type 2 window in Q3 2027. Bridge letter available on request from the auditor we engage.
ISO 27001
Statement of Applicability mapped against Annex A controls. Certification audit scheduled Q2 2027 with a Dutch certification body.
BSI C5
Frankfurt inference region in scope, Type 2 attestation on the enterprise plan, evidence pack maintained quarterly.
HIPAA
Not a HIPAA-covered offering today. EU healthcare workflows under GDPR and national healthcare law are supported. US healthcare customers should look elsewhere until further notice.
For your security review
Pre-filled questionnaire and DPA on request
SIG, CAIQ, and a custom security questionnaire pre-filled and ready to share. Standard EU Data Processing Agreement on team plans, signed within one business day. Email [email protected].
Join the waitlist