Your region, your provider, your boundary — we deploy.
Sovereignty does not mean lock-in. Iftah is multi-cloud and hybrid by design — run sensitive workloads on-prem or in a sovereign region and others in public cloud (AWS, Azure, GCP, OCI), all governed from one control plane. Data, prompts, embeddings, logs, telemetry, and fine-tuning artifacts stay inside the deployment perimeter you control. No shared inference layer. No cross-tenant data path.
Designed for GCC sovereignty
- Deploys in UAE, KSA, Qatar, Bahrain, Oman
- Controls support review against Gulf data-residency and security expectations
- Multi-cloud and hybrid: one governed control plane across AWS, Azure, GCP, OCI, OpenShift, and on-prem
- Air-gapped option for fully disconnected environments
Everything stays inside the boundary you control.
Wherever you deploy — your data center, a sovereign region, or a disconnected network — the data plane never leaves it. Iftah's control plane carries no prompts, data, or model weights; only content-free signals.
Your deployment boundary
Everything below stays in the region and environment you control.
Your deployment boundary
Public internet · Iftah
Nothing leaves the boundary — no prompts, data, embeddings, or model weights; only content-free control signals.
Designed to support the GCC regimes you answer to.
Iftah does not claim certified compliance — that stays the data controller's obligation. The deployment model, in-region residency, content-free audit trail, and customer-held keys are designed to give your reviewers concrete, exportable evidence for each regime.
UAE PDPL
In-country residency, processing records, and data-subject-rights flows — with audit and trace evidence for your DPO's review.
Saudi PDPL
In-Kingdom deployment with data classification, retention, and transfer controls mapped to platform configuration.
NCA Essential Controls
Access governance, logging, and segmentation align to NCA Essential Cybersecurity Controls for review.
SAMA CSF
Logging, access, and incident-response controls designed for review under the SAMA Cyber Security Framework.
DIFC Data Protection Law
DIFC-resident processing; architecture artifacts support DPIAs for AI activities.
ADGM Data Protection
ADGM-resident deployment with reviewable controls mapped to accountability duties.
Qatar PDPPL
In-Qatar deployment; personal-data flow boundaries are reviewable through architecture artifacts.
Multi-cloud and hybrid — under one governed control plane.
A single management cluster governs N workload clusters across any cloud or on-prem. Keep sensitive workloads in a sovereign region or air-gapped, run general workloads in private cloud, and govern them all with one identity, policy, quota, and audit plane.
On-premises
Inside your own data center, behind your firewall. Standard Kubernetes — vanilla, OpenShift, Rancher.
Private cloud / VPC
A dedicated, isolated tenant in your AWS, Azure, GCP, or OCI account — customer-owned region and networking.
Sovereign cloud
Deployed on a regional sovereign provider chosen by your procurement and security teams.
Air-gapped
Fully disconnected — offline installer bundles, signed model artifacts, and an offline update workflow.
Give your reviewers proof, not promises.
Every sovereignty claim comes with something a regulator or auditor can inspect — generated inside your environment and exported on your terms.
- In-region residency map
A boundary diagram of where every class of data lives.
- Signed, content-free audit trail
Immutable, in-region, exportable — carrying no prompt or response bytes.
- Customer-held encryption keys
Keys in your KMS or Vault; Iftah never holds key material.
- Customer-owned retention & export
You choose storage, retention, and export targets — SIEM, log lake, or local archive.
- Decision & deny logs
Every authorization decision and denial reason, recorded for review.
- Identity & access governance
Federated SSO to your IdP; Iftah issues no human credentials.
Next step