Trust centre

Compliance you can verify, not just claims you can read.

Every guarantee on this page maps to a control an auditor can check.

audit chain · verifysealed
last 4 entriessha-256 linked
019f2a·c41dchat.completion
02c41d·7b03mcp.tool_call
037b03·e18fresidency.block
04e18f·40a6embeddings
chain intact ✓tamper-evident

Data goes only where your policy allows. EU by default: enforced, not promised.

Every request is checked against your policy before dispatch; if nothing qualifies, it's blocked at the gate. EU by default. Direct US and China routing is available only when you add it, every destination disclosed. Nothing leaves silently.

  • Sovereign EU: owned and hosted in the EU

    Mistral and Scaleway are French companies on French infrastructure. No foreign-government access regime reaches them. This is the default tier, the only one active until you change it.

  • Direct US or China: available, opt-in, never hidden

    Direct US and Chinese providers are available today. They route only when your policy allows, each flagged by jurisdiction and CLOUD Act exposure, and pseudonymization keeps PII and secrets off the wire. Leaving the EU stays your decision.

  • Your own endpoints, or your own iron

    Bring a private or self-hosted model: same policy, same ledger. Or run the whole data plane yourself with Sluis Edge, so prompts never transit Sluis.

residency.map · egress: your policyenforced
POLICYAmsterdam · NLParis · FRFrankfurt DE · US-ownedUS East · allowedCN · not in policy
EU-owned · sovereign (default)EU region · US-owned (CLOUD Act)non-EU · allowed by policynon-EU · not in policy

Exactly what we keep, exactly what we erase.

A right-to-erasure request that destroys your evidence isn't compliance; it's a liability. Sluis draws the line precisely: the content goes, the proof that the content was handled correctly stays.

compliance erase --tenant <id>chain still verifies
Purged: GDPR Art. 17
  • Request & response content: the prompts and completions held under opt-in retention.
  • Cache entries: exact and semantic cache rows for the tenant.
  • Provider credentials: stored upstream API keys, decrypted nowhere.
  • Content references: every content_ref pointer is nulled.
Retained: immutable proof
  • The audit metadata chain: audit_log + chain_heads stay intact, so verify-chain still passes.
  • Hashes, not content: the SHA-256 links remain; the bodies they covered are gone.
  • Routing decisions: which region and provider served each call.
  • Token & cost metadata: the real-money micro-euro ledger that backs your budgets.

Retention TTL purge

Retained content and cache rows carry an expiry. A scheduled purge deletes only the rows past their TTL: a cron-able job, not a manual sweep.

Content retention is opt-in

By default Sluis records the metadata, not the message. Storing prompt and response bodies is a per-tenant choice, off until you turn it on.

AEAD-encrypted at rest

Any retained content, and the entire response cache (exact + semantic), is sealed with authenticated encryption. No content key, no cache: the gateway falls back to no-cache.

Strict per-tenant isolation

Keys, policies, audit chains and cache are scoped to a single tenant, derived from the request's key and enforced on the hot path. One tenant can never read another's data or ledger.

Hand the auditor the chain. They can check it without trusting us.

Every call is hash-chained to the one before it. Alter any field and every later link breaks. Export it as JSON Lines and re-verify offline: the proof travels with the data.

audit.chain · last 4 entrieschain verified
14:22:07.118Z#4f9c2a e1b7d9 · scaleway-fr · PHI · maskedin-region
14:22:05.904Z#e1b7d9 7a3f10 · mistral-fr · PIIin-region
14:22:04.661Z#7a3f10 0c55ab · vertex-eu · generalfallback
14:22:02.330Z#0c55ab genesis · scaleway-fr · generalin-region

$ sluis audit verify-chain --tenant <id> → ok · 1,284,901 entries · genesis intact

The full list. Region and ownership, stated plainly.

These are the only third parties that can ever touch a request, and only when your policy routes to them. We name the legal owner alongside the hosting region, because under the CLOUD Act they are not the same question.

ProviderHosting regionLegal ownerExposure
MistralParis · FREU (France)sovereign
ScalewayParis · FREU (France)sovereign
Google VertexEU multiregionUS (Google)CLOUD Act
AWS BedrockEU regionUS (Amazon)CLOUD Act
Per-tenant disclosure is exportable on demand: compliance subprocessors --tenant <id> returns only the providers your keys and policy actually enable.

Sensitive data is caught before it reaches a model.

The first gate runs 60 deterministic detectors over every request for PII, PHI and secrets, tagging it before a single token moves downstream. They are built for European data: an EU national-ID pack that checksum-validates 12 countries (the NL BSN, PESEL, codice fiscale and more), IBAN check digits, E.164 phone numbers. Not a US-centric afterthought.

EU PII detectors
emailE.164 phoneIBAN · mod-97NL BSN · 11-proefPL PESELIT codice fiscalecredit card · Luhn
Secret detectors
API keysAWS access keysPEM private keys
Person-name detection

Names defeat pattern matching, so name detection is four layers you switch on deliberately, each a false-positive and latency tradeoff you own: context heuristics, email correlation, a tenant name directory, and Sluis's own multilingual recognition model. That model ships and runs inside your deployment, so a name is never sent to a third party to be scanned.

dlp.mode · per tenantrequest-side
mask
Rewrite the matched spans in place, then forward the redacted request upstream.
mode
block
Refuse the call at the gate (422, nothing leaves) when a class is not permitted.
mode
allow-log
Pass the request through, but note the detection in the audit trail for later review.
mode
pseudonymize
Swap each detected value for a reversible token before dispatch, then restore the real values in the response. The model never sees a name, number or secret.
mode
Reversible pseudonymization

Work with personal data and secrets. The model never sees them.

A control your auditor can verify: PII and secrets become stable tokens before the prompt leaves your network, so the provider only ever sees tokens. The real values are restored on the way back, and the map that links them is never written to disk.

your appSluisgatejohn@acme.com«EMAIL_1»«EMAIL_1»masks PIImodel«EMAIL_1»«EMAIL_1»only sees tokenSluisgate«EMAIL_1»john@acme.comjohn@acme.comrestoresyour app

Bring your auditors. We'll bring the chain.

Residency enforced on every request, content you can erase without losing the proof, and a ledger anyone can check offline. The controls are real. Come test them.

Regulated buyer? Ask about Sluis Edge →