Every layer of VoltageGPU is designed so we do not have technical means to access your data. Hardware enclaves, no prompt/output retention by design, EU hosting.
See how hardware-sealed confidential AI compares to software-isolated cloud AI.
Your data transits through shared infrastructure with no hardware isolation. Prompts may be stored and used for training.
Confidential VMs protect GPU memory, but setup is complex, expensive, and no agents are included.
End-to-end hardware encryption via Intel TDX. Pre-built agents, EU hosted, zero data retention.
Confidential AI pays for itself — here's how.
Confidential AI costs less than the risk of a data breach.
Built to meet the strictest regulatory frameworks for regulated industries.
VOLTAGE EI — registered in France (SIREN 943 808 824). Subject to GDPR, not US CLOUD Act.
Data protection by design and by default. No personal data leaves the hardware enclave.
Intel TDX generates a cryptographic proof that code runs unmodified inside a sealed enclave.
The architecture is designed so we do not have technical means to read your data in plaintext — including during processing. CPU-fused AES keys encrypt all memory.
Data Processing Agreement available on request for enterprise accounts.
Prompts and outputs are destroyed after each request. Nothing is logged or stored.
Independent attestations are how regulated buyers verify a vendor's posture. Below is the authoritative status of VoltageGPU's certifications and the realistic timeline for the ones we have not yet earned. We tag every line so procurement and risk teams can rely on this page as a single source of truth.
| Framework | Status | Target | What it covers |
|---|---|---|---|
| GDPR Art. 28 DPA | In place | — | Customer-signable Data Processing Agreement, SCCs, subprocessor list. |
| Intel TDX attestation | In place | — | TD Quote evidence available per session, verified off-chain against Intel PKI via DCAP. |
| RFC 9116 (security.txt) | In place | — | Coordinated vulnerability disclosure contact published at /.well-known/security.txt. |
| SOC 2 Type I | NOT YET HELD — auditor selection in progress | Q4 2026 | Independent attestation of security, availability and confidentiality controls (point-in-time). |
| SOC 2 Type II | NOT YET HELD | Q4 2027 (12-month observation window after Type I) | Operating-effectiveness attestation over a continuous monitoring period. |
| ISO/IEC 27001 | NOT YET HELD — gap assessment scheduled | Q1 2027 | Information security management system certification. |
| ISO/IEC 42001 | NOT YET HELD — in scope after 27001 | 2027 | AI management system standard — relevant to EU AI Act readiness. |
| HDS (Hébergeur de Données de Santé) | NOT YET HELD | 2027 (if customer demand confirms scope) | French health-data hosting certification required for some healthcare workloads. |
| HIPAA BAA | Architecture aligned with §164.312 technical safeguards. No BAA offered yet. | Available on request for enterprise contracts post-SOC 2 Type I | HIPAA is not a certification — covered-entity status remains with the customer. |
| DORA / NIS2 | Architected to support Art. 30 / Art. 21 obligations. Final assessment is the customer's responsibility. | Continuous | EU regulations applicable to financial entities and essential service operators. |
We do not claim certifications we have not earned. VoltageGPU is not currently SOC 2, ISO 27001, ISO 42001 or HDS certified. Anywhere our marketing previously used a stronger word ("compliant", "certified"), it has been corrected to reflect architecture-readiness language. The dated targets above are commitments, not promises — they will move if scope or customer demand changes, and this page is the authoritative source.
We welcome coordinated disclosure from security researchers. The program below is the official policy referenced by our /.well-known/security.txt file (RFC 9116).
Email security@voltagegpu.com with a clear reproduction. We acknowledge receipt within 3 business days and provide a triage update within 10 business days.
voltagegpu.com, app.voltagegpu.com, api.voltagegpu.com, docs.voltagegpu.com, our API surface, and the agent runtime.
DoS, social engineering, physical attacks, missing security headers without impact, self-XSS, and reports requiring already-compromised devices or networks.
Research conducted under this policy in good faith is authorized. We will not pursue legal action against researchers who follow the rules, avoid privacy violations, and give us reasonable time to remediate before public disclosure (90 days standard).
A paid bounty program is not currently offered. High-quality reports are eligible for public acknowledgment below and, at our discretion, service credits.
We accept reports in English and French.
We recognize researchers who have responsibly disclosed valid issues. As a young company we have no acknowledgments yet — if you find something, you could be the first.
No public acknowledgments yet. Reports welcome at security@voltagegpu.com.
Our inference API runs on Chutes TEE nodes — models execute inside Intel TDX enclaves with zero data retention.
Each inference request runs inside a dedicated Intel TDX Trust Domain with AES-256 encrypted memory.
GPU-to-CPU link is hardware-encrypted. Data in transit between processor and accelerator stays sealed.
Cryptographic proof that the enclave code has not been tampered with, verifiable before sending data.
Filesystem encryption with keys released only after successful attestation. Data at rest is always encrypted.
Model weights are hash-verified on load to ensure the exact expected model is running inside the enclave.
Continuous runtime integrity checks ensure the enclave remains sealed throughout the session.
TLS 1.3 with post-quantum key exchange protects data in transit against future quantum attacks.
Every response includes a hardware attestation certificate proving it was generated inside a sealed enclave.