On-Premise and Air-Gapped AI Gateway

Full control over your AI infrastructure

For organizations that cannot send data to external services, SAIG can run entirely on-premise or in a fully air-gapped environment. All PII detection, policy enforcement, anonymization, and audit processing runs locally.

Deployment options

  • On-premise — deploy on your own servers using Docker Compose or Kubernetes. All PII detection, anonymization, OCR, and policy evaluation run locally. Provider egress is controlled by your sovereignty mode.
  • Air-gapped — fully isolated deployment with no external provider calls. Suitable for local or approved in-environment model setups.
  • Hybrid — gateway runs on-premise for data sovereignty, management plane in cloud for convenience.
  • Private VPC — your cloud, your rules. Terraxon supports, you control the infrastructure.
  • EU SaaS — hosted in EU (Hetzner, Germany) for teams that prefer fully managed operation.

Local processing

PII detection uses local NER models and regex — no calls to external NLP APIs. Audit records are written locally. Policy evaluation runs in-process. The only external calls are to the configured LLM providers when forwarding governed requests.

Infrastructure requirements

  • Docker Compose or Kubernetes
  • PostgreSQL 16 (Keycloak), SQLite or PostgreSQL (audit)
  • Redis 7 (optional — attachment store, OCR queue)
  • Reverse proxy (Caddy recommended)

Frequently Asked Questions

Does SAIG require internet access?

For air-gapped deployments, there are no external provider calls. For on-premise deployments with controlled egress, governance processing runs locally and forwarding to configured LLM providers is controlled by sovereignty policy.

Can I run SAIG on Kubernetes?

Yes. SAIG supports Docker Compose and Kubernetes deployments. Helm charts are available for orchestrated environments.

Is PII detection local?

Yes. All PII detection runs locally using on-device NER and regex — no external NLP APIs.

What about updates in air-gapped environments?

Updates are delivered as container images that can be transferred to air-gapped environments via standard offline deployment procedures.

Learn more

Book a Demo See How It Works