Security & Compliance

Security by Hardware, Not Promises

Your data is encrypted inside Intel TDX hardware enclaves on NVIDIA H200 GPUs. We cannot see your data — and neither can anyone else. Not because we promise, but because the CPU enforces it.

Zero-Access Architecture

Every confidential agent request is processed inside an Intel TDX (Trust Domain Extensions) enclave. TDX creates a hardware-isolated execution environment where even the hypervisor, operating system, and VoltageGPU operators cannot access the data being processed.

Intel TDX Enclaves

CPU-level memory encryption with hardware-enforced isolation. Data is encrypted in RAM during computation. The encryption keys are managed by the CPU itself — no software, including our own, can access them.

NVIDIA H200 / H100 GPUs

Inference runs on NVIDIA H200 and H100 GPUs inside TDX-protected domains. GPU memory is isolated per workload. No shared GPU memory between tenants. Powered by Bittensor Subnet 4 (Targon) decentralized infrastructure.

Hardware Attestation

Every TDX enclave generates a cryptographic attestation report signed by the CPU. This report proves your workload ran inside a genuine Intel TDX enclave — independently verifiable, not dependent on our claims.

No Data Retention

Documents uploaded for analysis are processed in-memory and discarded after the response. We do not store your documents, conversation content, or analysis results. Only usage metadata (timestamps, token counts, costs) is retained for billing.

How We Handle Your Data

  • Documents are never stored. Uploaded files are parsed in memory, sent to the TDX enclave for analysis, and immediately discarded. No file storage, no logs of content.
  • Conversations are not logged. We do not store the content of your messages or agent responses. Only metadata (timestamps, token counts, model used) is recorded for billing.
  • No training on your data. Your documents and conversations are never used to train, fine-tune, or improve any AI model. This is a hard technical guarantee, not a policy.
  • API keys are per-user. Each user gets isolated API keys. Infrastructure-level isolation ensures one user cannot access another's workloads or data.
  • TLS 1.3 in transit. All data in transit is encrypted with TLS 1.3. Data at rest in our database (user accounts, billing) is encrypted with AES-256.
  • No third-party data sharing. We do not share, sell, or provide your data to any third party. Our infrastructure providers (Bittensor/Targon) cannot access data inside TDX enclaves.

Compliance & Certifications

VoltageGPU is a French company (VOLTAGE EI, SIREN 943 808 824) based in Solaize, France. We are EU-native and GDPR-compliant by design — not by retrofit.

Active

GDPR

EU-based company. Data processed in TDX enclaves (Art. 25 data protection by design). DPA available on request.

Active

Intel TDX Attestation

Hardware-signed attestation reports proving workloads run in genuine TDX enclaves. Independently verifiable.

In Progress

SOC 2 Type I

Audit initiated. Expected completion Q3 2026. Covers security, availability, and confidentiality trust service criteria.

Planned

SOC 2 Type II

Planned for Q4 2026, following Type I completion. Required for enterprise contracts in finance and healthcare.

Planned

HIPAA BAA

Business Associate Agreement for healthcare customers. Available upon SOC 2 Type I completion.

Available

DPA (GDPR)

Data Processing Agreement available for all enterprise customers. Standard Contractual Clauses (SCCs) included.

Infrastructure Security

  • Decentralized compute. GPU workloads run on Bittensor Subnet 4 (Targon) — a decentralized network of validated GPU providers. No single point of failure or control.
  • Serverless architecture. Confidential workloads scale to zero when not in use. No persistent GPU allocation = no persistent attack surface.
  • Database encryption. PostgreSQL on Neon with encryption at rest. Prisma ORM with parameterized queries (no SQL injection surface).
  • Rate limiting & abuse prevention. Per-user rate limiting, per-IP throttling, and fraud detection on all API endpoints.
  • No confidential fallback. If TDX hardware is unavailable, requests fail with an explicit error. We never silently route confidential data to non-confidential infrastructure.

Security Questions or Vulnerability Reports

For security inquiries, DPA requests, compliance documentation, or to report a vulnerability, contact our security team directly.

security@voltagegpu.com