The EU cloud is already sovereign. Edge runs it on your own hardware.
The managed cloud is already sovereign; most teams stop there. Edge runs the data plane inside your perimeter, same console.
When you need Edge, and when you don't.
The decision is simple. Pick Edge only when a hard rule says the data plane must run on your own hardware. If no rule binds you, the cloud is the faster answer.
Stay on the cloud
Nothing to run, patch or babysit. Swap one base_url and you're live in minutes, on infrastructure we keep current for you.
- EU-located, GDPR-compliant, residency enforced per request
- Self-serve in minutes, no infrastructure to stand up
- Tamper-evident audit ledger, exportable and verifiable
- Pseudonymization keeps PII and secrets off any non-EU path
Choose Edge
For teams under a rule that policy alone can't satisfy. The data plane runs on hardware you control, and prompts never leave it.
- An on-prem or air-gapped mandate: your network, your rack
- Prompts must never transit any third party, Sluis included
- Data-residency on hardware you physically control
- Still managed centrally: policy and keys from the same console
Control plane in the cloud. Data plane in your rack.
The console manages your fleet from the EU cloud; the gateway runs the data plane on your hardware. They meet on one outbound-only TLS tunnel: no inbound port, and no prompt ever crosses it.
Built to run where your data has to stay.
One static binary
The whole data plane in one binary with one data directory. No Postgres, Redis, Docker or inbound port; state lives in local SQLite.
Air-gapped or on-prem
Leave the tunnel unset and the gateway serves from local config with no cloud connection at all, ready for an air-gapped network.
Data never transits Sluis
Prompts, completions, the audit hash-chain, the usage ledger and your provider keys stay on your box. None of it is ever written to sluis.ai.
Fleet management
Register and monitor many gateways from one console, each with live heartbeat status (online within 90 seconds), and revoke any of them instantly.
Central control, local data plane
Policy, key hashes, budgets and provider keys push down the tunnel; usage and audit pull up on demand. The console never holds your data.
Resilient by design
If the tunnel drops, the gateway keeps serving from its last config and enforces budgets against the local ledger, never waiting on a cloud round-trip.
Verified install
The install verifies the binary's SHA-256 against the published checksum over HTTPS and refuses on any mismatch: what lands is exactly what we shipped.
Ready for your security team.
Sluis is built for teams that answer to regulators, so the paperwork is part of the product. Whatever your compliance team needs to say yes, bring it.
Signed DPA
A data-processing agreement on our paper or yours, with the sub-processor disclosure your tenant can generate and export at any time.
Security questionnaire
We answer your standard security and vendor-risk questionnaire: the same controls the rest of the product already enforces, in writing.
Self-hosted Sluis Edge
When policy alone isn't enough, the data plane runs entirely on your infrastructure; prompts never transit Sluis, managed from the same console.
Tell us your requirements
Have a control we haven't listed? Tell us what your security and compliance teams need, and we'll work through it with you directly.
Per gateway. Your servers, your keys: prompts never transit Sluis.
Priced per deployment; talk to sales for a quote.
Sovereign on the cloud by default. On your hardware when you have to be.
Start on the cloud; it's the right answer for almost everyone. The day a regulator needs the data plane inside your perimeter, Sluis Edge is one console away.
Not sure which you need? Talk to sales