EU SOVEREIGNTY · BY ARCHITECTURE, NOT BY MARKETING

Your data never leaves Europe.

AuditOPE is built EU-sovereign by architecture. Self-hosted infrastructure in Romania + Germany. Self-hosted AI (no OpenAI, no Anthropic). No CLOUD Act exposure. Procurement-ready for NIS2, EAA, DORA.

🇪🇺100% EU infrastructure · 0% US clouds

📄 Download Sovereignty Brief (PDF)📅 Book CISO call (30 min)

Every component, every country

Full transparency on infrastructure, AI, storage, monitoring. No hidden US dependencies.

🌐

Web infrastructure

Caddy 2 edge proxy + Next.js frontend + FastAPI backend

🇷🇴 București · primary hosting CAI Technology

🧠

AI synthesis

Advanced model (Qwen-family) self-hosted via vLLM. NO OpenAI, NO Anthropic, NO Google Vertex.

🇷🇴 București · cluster CAI GPU (10.11.10.x)

🗄️

Database

Patroni PostgreSQL cluster (3 nodes high-availability) · Barman backup

🇷🇴 București · cluster CAI shared

📦

Object storage

MinIO cluster S3-compatible · 4 nodes · encryption at rest

🇩🇪 Frankfurt · cluster CAI Germany

✉️

Email infrastructure

Resend EU region for transactional · DKIM + SPF + DMARC + MTA-STS

🇮🇪 Dublin (Resend EU) · Aiven SMTP failover (EU only)

🔑

Identity provider

Keycloak SSO self-hosted · OIDC PKCE · 2FA TOTP + backup codes

🇷🇴 București · sso.caitech.local

💳

Payments

Stripe (Ireland EU entity) + NETOPIA (Romania, dual provider)

🇮🇪 Dublin (Stripe) · 🇷🇴 București (NETOPIA)

⚖️

Why EU sovereignty actually matters

The US CLOUD Act (2018) compels US-incorporated companies to disclose data to US authorities — regardless of where the data is physically stored. Using AWS Frankfurt doesn't protect you from US subpoenas if AWS Inc. is the legal owner.

AuditOPE is owned by CAI Technology SRL (Romania). No US legal entity. No US ownership chain. Data subpoenas can only come through Romanian/EU courts under GDPR + ePrivacy.

What this means in practice:

✓Sub-processor list: 100% EU entities
✓No data transit through US even briefly (not even CDN)
✓DPA template aligned cu GDPR Art.28 + Standard Contractual Clauses NOT needed (no third-country transfer)
✓Procurement-ready for NIS2, DORA, EAA, ISO 27001

AuditOPE vs the rest

Every direct competitor runs on US clouds. Verify before you buy.

Feature	AuditOPE	Sitechecker	Semrush	Ahrefs	Screaming Frog
EU-only hosting	🇪🇺 RO + DE	🇺🇸 AWS	🇺🇸 AWS	🇸🇬 + 🇺🇸	desktop app
EU legal entity	🇷🇴 SRL	🇺🇦 LLC	🇺🇸 Inc.	🇸🇬 Pte	🇬🇧 Ltd
Self-hosted AI	✓	⚠ OpenAI	⚠ OpenAI	⚠ OpenAI	none
CLOUD Act exposure	NONE	YES	YES	YES	YES
DPA template (no SCC needed)	✓	SCC required	SCC required	SCC required	depends
Public sub-processor list	✓	On request	On request	On request	n/a

Verified from public competitor docs (2026-05-27). Open an issue if you spot inaccuracies.

🏛️

SEAL-3 equivalent positioning

The EU Commission's Sovereignty Effectiveness Assurance Levels (SEAL-0 to SEAL-4) framework defines progressive EU-sovereignty tiers for cloud + SaaS procurement. AuditOPE positions cu SEAL-3 equivalent:

✓Hosted exclusively în EU jurisdictions
✓Owned + operated by EU legal entity (Romania)
✓No US/non-EU supply chain dependencies (AI, storage, identity)
✓Full audit trail + sub-processor transparency

*Independent SEAL certification not yet sought. Self-assessed equivalence based on EU Commission framework.

Procurement-ready collateral

Everything your CISO / DPO / procurement team needs to approve us.

✓Data Processing Agreement (DPA) template — GDPR Art.28 compliant

✓Sub-processor list — public + always up-to-date

✓NIS2 web-facing controls checklist

✓Security.txt vulnerability disclosure (RFC 9116)

✓PGP key for sensitive security correspondence

✓Sovereignty Brief PDF — 4 pages, procurement-ready summary

Browse legal docs →Request full bundle →

Ready to switch from US to EU?

If you're a CISO, DPO, or technical lead at an EU company — let's talk. 30-min call, no sales pitch, just answers.

📅 Book 30-min call (free)✉️ Email questions first

We respond within 24h. No automated qualification — you reach the operator directly.