What is VoltageGPU Confidential Chat?

A ChatGPT-style interface running inside Intel TDX hardware enclaves. Prompts and responses are encrypted in CPU memory at runtime and never leave the sealed Trust Domain. VoltageGPU cannot read user data, cannot log it, cannot train on it.

Do I need an account to try it?

No. Anonymous visitors get 3 free messages on Qwen3-32B-TEE without any signup, no credit card required. After the free trial, signup unlocks 50 free messages per month, Plus $20/mo unlocks 2000 messages with Qwen3-235B 262K context.

How is it different from ChatGPT Plus?

Same $20/mo price point but sealed in Intel TDX hardware. OpenAI trains on user data by default. VoltageGPU Plus cannot technically read user data — memory is encrypted with CPU-fused keys and even the hypervisor is outside the trust boundary. EU company (France, SIREN 943 808 824), native GDPR Article 28 DPA available.

Which TEE models are available?

3 models sealed in Intel TDX: Qwen3-32B-TEE (40K context, fast), Qwen3-235B-A22B-Instruct-2507-TEE (262K context, flagship, Plus/Pro), DeepSeek-R1-0528-TEE (163K context, reasoning model, Enterprise).

Can I use it for regulated work (legal, medical, finance)?

Yes. Beyond the generic chat, 8 specialized agents are available: Contract Analyst, Financial Analyst, Medical Records, Compliance Officer, Due Diligence, Cybersecurity, HR, Tax. GDPR Article 28, HIPAA, DORA, NIS2 ready. DPA available on request.

Yes — api.voltagegpu.com/v1 is OpenAI-compatible, pay-per-token starting at $0.15/M input tokens on Qwen3-32B-TEE. Drop-in replacement for the OpenAI SDK (change base_url).

Does VoltageGPU sign a GDPR Article 28 DPA?

Yes. We provide a native Article 28 Data Processing Agreement that does not require negotiation. VOLTAGE EI is an EU controller (France, SIREN 943 808 824). The DPA covers sub-processors, security measures, breach notification timelines and audit rights aligned with the strictest interpretation of GDPR.

GDPR AI Compliance TDX Attestation Live

French controller · VOLTAGE EI · SIREN 943 808 824

GDPR-compliant AI agents — Article 28 native DPA.

Hardware-sealed inference inside Intel TDX. Provider-blind processing. EU data residency. No SCCs to negotiate, no US sub-processors in the inference path.

GDPR + EU AI Act overlap

Two regulations, one stack.

GDPR governs personal data. The EU AI Act governs AI systems. Where AI processes personal data — almost every regulated workflow — both apply at once. The 2026 EU AI Office and EDPB joint guidance makes the overlap explicit: Article 32 GDPR confidentiality and Article 15 AI Act cybersecurity must be satisfied with the same technical measures. Hardware sealing covers both with one piece of evidence.

Art. 28 GDPR

Controller/processor agreement

Native DPA, no negotiation

Art. 32 GDPR

Confidentiality of processing

Intel TDX, AES-256 CPU-fused

Art. 35 GDPR

DPIA for high-risk processing

DPIA template + attestation evidence

Art. 44+ GDPR

No transfer outside EEA

EU regions only, French app layer

Art. 12 AI Act

Automatic event logging

Per-request ECDSA quote

Art. 26 AI Act

Deployer documentation

Model cards + attestation logs

Article 28 — native DPA

One DPA. No negotiation. No SCCs.

VOLTAGE EI is an EU controller subject to French data protection authority (CNIL) supervision. Our Article 28 DPA covers sub-processors, security measures, breach notification timelines (72 hours), audit rights and instructions on processing — aligned with the strictest reading of GDPR. Available on request, signed before production access.

What the DPA covers

Processor obligations (Art. 28(3) sub-clauses)
Sub-processor list with prior authorisation
Technical and organisational measures (Art. 32)
Breach notification within 72 hours
Data subject rights assistance
Audit rights and inspection cooperation
Return or deletion at end of processing
No international transfer outside EEA in inference path

Article 32 — confidentiality by hardware

Provider-blind by design.

Article 32(1)(b) requires confidentiality of processing as a technical measure appropriate to the risk. Hardware-sealed inference inside Intel TDX is the strictest available implementation: AES-256 memory encryption with keys fused into the CPU at boot, NVIDIA Protected PCIe between CPU and GPU, ECDSA attestation per request. VoltageGPU operators are technically incapable of reading user prompts. A French court order to dump RAM would return ciphertext.

AES-256 memory encryption

Keys fused inside the CPU at boot. RAM is opaque to operators and to the hypervisor.

Per-request attestation

ECDSA quote bound to the enclave measurement. Independently verifiable on /trust.

EU jurisdiction

VOLTAGE EI, France. Subject to CNIL. No FISA 702 exposure.

Native DPA

Article 28 DPA on file before production access. No SCCs to chase.

Sub-processor list

Two sub-processors. Both EU-aligned. Both in the DPA.

Sub-processorRoleData processedRegion

TargonConfidential GPU computeEncrypted inference inputs and outputsEU regions (TDX-attested)

ChutesTEE inference endpointsModel weights serving (Qwen3-TEE, DeepSeek-R1-TEE)EU TEE infrastructure

No US hyperscaler in the inference path. Application layer (auth, billing) hosted in France. Changes to the sub-processor list are notified in advance with right of objection.

FAQ

GDPR + AI questions buyers ask.

Do you sign a GDPR Article 28 DPA?

Yes. We provide a native Article 28 Data Processing Agreement that does not require negotiation. VOLTAGE EI is an EU controller (France, SIREN 943 808 824) subject to CNIL. The DPA covers sub-processors, security measures, breach notification timelines and audit rights aligned with the strictest interpretation of GDPR.

Who are the sub-processors?

Targon (Intel TDX confidential GPU compute, EU regions) for compute and Chutes (TEE inference endpoints) for model serving. Both are listed in the DPA. No US hyperscalers in the inference path. EU data residency in France for the application layer.

How is Article 32 confidentiality satisfied?

Hardware-sealed processing inside Intel TDX. AES-256 memory encryption with keys fused into the CPU, NVIDIA Protected PCIe between CPU and GPU, per-request ECDSA attestation. VoltageGPU operators are technically incapable of reading user prompts — this is the strictest defensible reading of Article 32(1)(b).

Is Schrems II a problem here?

No. Personal data does not leave the EEA in the inference path. There is no transfer to a third country requiring SCCs or transfer impact assessment. The application layer hosts in France; compute runs in EU regions on TDX-attested hardware.

Can I use this for special category data (Article 9)?

Yes, subject to a lawful basis under Article 9(2). Hardware sealing reinforces appropriate technical measures for health, biometric or judicial data. We provide a DPIA template aligned with Article 35 to support your assessment.

Related compliance pages

EU AI Act compliance pillar

Article 12, 14, 15 and 32 obligations enforceable from 2 August 2026.

DORA AI compliance

ICT third-party risk and operational resilience for financial entities.

NIS2 AI compliance

Essential and important entities, supply chain security, incident reporting.

Article 12 AI Act logging

Sample attestation log JSON, retention and API access.

Sovereign agentic AI

Vertical agents for legal, finance, regulated professionals — sealed in TDX.

Live attestation evidence