We cannot leak what we never store.
AqtaCore is an enforcement proxy that runs before the action executes. It signs every decision, enforces every policy, and returns a cryptographic receipt, without storing your prompts, responses, or PII. The architecture makes certain breach scenarios structurally impossible.
Regulatory Compliance
AqtaCore is designed to meet the technical requirements of major AI and data protection regulations. Infrastructure architecture maps to the following frameworks:
Articles 12, 14, 72: transparency, human oversight, record-keeping. Enforcement begins August 2026.
Official text →Article 25: data protection by design and by default. EU-based hosting, full data sovereignty.
Learn more →PHI redaction and encryption at rest and in transit. Architecture designed for healthcare deployments. BAA available for Enterprise.
AI management system standard. Certification in progress.
Network and information security for financial and critical infrastructure operators.
Security Infrastructure
Encryption
AES-256 at rest. TLS 1.3 in transit. Ed25519-signed receipts for every inference. SHA-256 hash-chained audit logs, tamper-evident from request one.
Access Controls
Role-based access management (RBAC). Multi-factor authentication enforced. Audit logs for every access event.
Data Sovereignty
EU-based hosting, Ireland region. VPC isolation. Dedicated region options on Enterprise plans.
No PII in Session Metadata
Session metadata contains model ID, timestamp, cost, and policy result. No prompt content. No response content. No user data. Sessions auto-expire per your retention tier.
Incident Response
72-hour breach notification per GDPR Article 33. Documented incident response plan. Security contact: security@aqta.ai
Company Information
Aqta Technologies Ltd
Registered in Ireland
Company Registration Number (CRO): 807530
Security: security@aqta.ai
General: hello@aqta.ai