Security & trust · for IT and DPO

Air-gapped by architecture, not by policy

Someone sent you this link because Perimeter is under evaluation. This page is written for that review. Perimeter is an AI appliance that runs entirely inside your network: documents, index, models and answers stay on one box in your server room. It makes zero external calls. It works with the uplink unplugged.

Architecture and code review available on request

Egress: 0 bytes, foreverHardware: bought in the EU, in your nameModels: open-weight, inspectableAnswers: cite the source documentContract: Dutch BV, AmsterdamProof: pull the cable — it keeps working
Architecture in one screen

Everything inside your perimeter. Egress: 0 bytes

One appliance on your LAN. No SaaS control plane, no telemetry, no licence callbacks. The security boundary is your existing network perimeter — the one you already operate.

Your documents

Loaded onto the appliance from inside your network. No upload step exists. The corpus never leaves the box.

The appliance · your server room

Open-weight models, the semantic index and the query engine all run locally on the box. It opens no outbound connections.

Answers · your LAN

Users reach it from their browsers over your internal network, under your access rules. Every answer cites its source document.

You can verify the egress claim yourself: mirror the appliance's switch port and watch, or disconnect the uplink. The system keeps answering, because nothing it does requires the internet.

Compliance by reduction

No transfer. No transfer problem

Data that never leaves your premises never crosses a border. There is no processor in another jurisdiction, no transfer to assess, no Schrems II analysis to run — because the class of problem is removed, not mitigated.

The honest caveat: your obligations under GDPR Art. 32 remain yours. Perimeter removes the transfer problem, not your security duties. The appliance sits inside your network, under your access controls, your backups and your physical security — as any internal server does.

Removed: cross-border transfer
Removed: transfer impact assessment
Removed: cloud subprocessor chain
Stays yours: Art. 32 technical measures
Stays yours: access control & backups
Stays yours: DPIA for your processing
Supply chain

Every link is inspectable

Hardware

Bought from EU distributors, invoiced in your company's name. You own the box from day one. No leased hardware, no vendor-controlled firmware channel.

Models

Open-weight models with public provenance. You know which model runs on your box, where it came from, and you can inspect it. No proprietary black-box model, no remote model API.

Contract

Your counterparty is HumanOps B.V., a Dutch company in Amsterdam. Contract, SLA and support are under Dutch law, inside the EU.

On request: architecture review and code audit with your security team. For large deals: source code escrow, so the software you depend on does not depend on us.

Your checklist, answered

The questions you ask every vendor

The standard vendor-assessment questions, answered in advance. If your questionnaire asks something this table does not cover, send it to us — an engineer answers, not sales.

Vendor questionPerimeter answer
Where is our data stored and processed?On the appliance in your server room. Corpus, index and query logs never leave the box.
What data leaves our network?None. Zero external calls, no telemetry, no licence pings. Verifiable at your firewall or by unplugging the uplink.
Which subprocessors touch our data?None. Processing happens on the appliance only. There is no cloud API behind it.
What model runs, and where is it from?Open-weight models with public provenance. Model name and version are stated in your delivery documentation.
How are updates delivered?Applied during scheduled maintenance, under your supervision. The appliance never fetches updates itself. Model updates are included in annual support.
Who controls access?You do. The box joins your network like any internal server: your network segmentation, your access rules, your physical security.
Can we audit it?Yes. Architecture review and code audit on request. Source code escrow available for large deals.
What happens if we leave?You keep everything. The hardware is yours, the corpus and index live on it, and we hold no copies. There is nothing to return and nothing to delete on our side.
DPIA pack

The paperwork, pre-drafted

Download · DPIA template pack

A DPIA template pre-filled for the Perimeter architecture, plus the technical description your assessment needs: data flows, storage locations, the zero-egress claim and how to verify it. Written to be handed to your DPO as a working draft, not marketing.

Prefer to skip the form? Email hello@humanops.pro with the subject "DPIA pack" — we reply with the documents.

Next step

Ask the hard questions to an engineer

Twenty minutes with someone who built the system, not a sales deck. Bring your security questionnaire — we answer it line by line.

Egress · 0 bytes — verifiable at your firewall
Data location · your server room, nowhere else
Subprocessors · none touch your data
Audit · architecture and code review on request