Sovereign evidence for every scored asset.
EU-sovereign infrastructure, tenant isolation, and auditable TAS outputs for leasing-risk, board reporting, and Battery Passport readiness.
EU-sovereign by default
Compute runs in GKE Hamina, database stays in the EU, and TAS scoring remains deterministic. The point is not generic “AI compliance”, but evidence that stays under Finnish and EU jurisdiction.
Board-ready audit evidence
Arctura packages TAS, battery-health, and reporting outputs into a traceable evidence layer. That gives operators, risk owners, and boards something concrete to review instead of a black-box dashboard claim.
Battery Passport readiness
Battery-health snapshots, score versions, confidence fields, and limitations are documented so the same surface can support residual value work today and Battery Passport workflows next.
Alikäsittelijät (Sub-processors)
| Palvelu | Käyttötarkoitus | Sijainti |
|---|---|---|
| Google Cloud (GKE, BigQuery) | Compute, Analytics | 🇫🇮 Hamina (europe-north1) |
| Gemma / Mistral (planned self-hosted) | AI-prosessointi (roadmap) | 🇫🇮 GKE EU (planned) |
| Supabase | Database, Auth | 🇪🇺 EU (Irlanti) |
| Stripe | Maksut | 🇮🇪 EU (Irlanti) |
| Google Vertex AI | AI (opt-in, ei PII:tä) | 🇪🇺 EU / 🇺🇸 Global |
| Resend | Sähköposti | 🇺🇸 USA (DPF) |
DPA saatavilla pyydettäessä.
Control Surface
- Tenant isolation (RLS + tenant validation)
- Audit trail (versioned evidence outputs)
- Auth gates (JWT + API key)
- Cloud Armor WAF + rate limiting
- Restricted CORS + service boundaries
- Runtime hardening (runAsNonRoot, drop ALL)
- Semgrep SAST + Trivy CI
- Documented DPA and sub-processor list
- SOC 2 Type II (roadmapilla)
- ISO 27001 (roadmapilla)
Dokumentaatio & Lupa-asiat
DPA (Data Processing Agreement)
GDPR Art. 28 -mukainen sopimus.
Alikäsittelijät (Sub-processors)
Ajantasainen lista kolmansien osapuolien palveluista.
Tietosuojailmoitus
Rekisteröidyn oikeudet ja tietojen käyttö.
Evidence pack
Control narrative for operators, risk owners, and board-level review.
Need the full Security & Integration Proof Pack?
Architecture overview, data residency confirmation, WAF/RLS details, and SOC 2 roadmap — delivered to your CISO or DPO.
Request Proof Pack →