Lokalaise

Your data stays with you. No exceptions. By architecture.

Models, knowledge layer, and workflows run on-premise — no cloud, no external APIs. Every answer is permission-checked and traceable.

Request a quoteExplore the platform
100% on-premiseNo cloud · no external APIsPermission-awareComplete audit trails

01The perimeter

Nothing leaves your company. No path to the outside.

Models, knowledge layer, and agents live inside your own infrastructure — no cloud, no external APIs, no detours.

No cloud

No external APIs, no third-party hosting, no data leaving your network.

blocked

Your network · your infrastructure

  • Models
  • Knowledge layer
  • Agents
  • Data

Inference, indexing, and storage happen exclusively on hardware that sits on your premises — operable fully air-gapped, without any internet connection.

02Permission-aware

The same question. Two permission levels.

Lokalaise checks permissions down to the document level — before an answer is generated. Even for salary data and personnel files: anyone without access rights never sees the content. Try it yourself.

Question to the knowledge layer

“Which salary band is on file for the site management role?”

Who is asking?

Role “HR · Personnel data” authorized · grounded answer

For the site management role, salary band E11: €68,000–82,000 gross per year is on file, plus the project allowance under §4 of the company compensation agreement.

Salary_bands_2026.xlsx · sheet “Engineering”Version 2 · last modified 03/2026

HR is authorized for personnel data — so the knowledge layer answers, backed by source, version, and audit path.

No access · answer blocked

No access — salary data requires HR authorization. Project management has no access rights to personnel data. No answer is generated, no preview, no workaround — nothing leaks through.

Permission required: “HR · Personnel data”

03Local vs. cloud

Sovereignty is not a feature. It is the architecture.

Public cloud AI sends your content outside. Lokalaise does not — the difference shows in every row.

Comparison: Lokalaise and public cloud AI by data location, inference, permissions, audit trail, GDPR, and air-gap capability
CriterionLokalaiselocal · on-premisePublic cloud AIgeneric · external
Data locationYour infrastructure, on siteThird-party data centers
InferenceLocal, on your hardwareVia external APIs
PermissionsPermission-aware down to the document levelCoarse, often without source attribution
Audit trailComplete · source, version, historyLimited, vendor-dependent
GDPRCompliant — data never leaves your companyRisk from third-country transfers
Air-gap capableOperable entirely without internetInternet connection mandatory

04Auditable

Every answer carries its proof. Built in.

Trust doesn't come from the model — it comes from the evidence. Every answer ships with source, version, history, and audit path.

4.1

Source in every answer

Every statement shows the underlying document, page, and section — one click to look it up.

Source referenceClickable evidence

4.2

Version & history

Answers reference a specific document version. Older states remain traceable, changes stay visible.

Version stateChange history

4.3

Complete audit trail

Who asked what and when, which sources were used, who had access — fully logged and exportable.

Access logExportable

4.4

Evidence-backed, not generic

Unlike generic RAG, Lokalaise doesn't produce plausible guesses. Without authorized evidence, there is no answer.

Governed KnowledgeNo hallucination

Governed Knowledge: Source, permission, version, and audit path aren't optional — they are built into every answer.

05Compliance & standards

Security you can audit. In concrete terms.

No promises — properties. These building blocks are included in the managed local stack, delivered and operated.

GDPR-compliant

Data processing exclusively under your control — no third-country transfers.

100% on-premise

Models, index, and storage run on hardware that sits on your premises.

AES-256 · data at rest

Confidential content is stored strongly encrypted at rest.

TLS 1.3 · in transit

Internal connections are secured end to end to current standards.

Permission-aware

Existing roles and permissions are respected down to the document level.

Air-gap capable

Operable in isolated networks entirely without an internet connection.

Audit trails

Queries, sources, and access are logged without gaps.

ISO 27001 processes

Information security processes aligned with ISO 27001 are being established.

06Common questions

What security teams ask us.

The key points on data sovereignty, operations, and compliance — answered clearly.

No — and not by policy, but by architecture. Models, knowledge layer, and agents run entirely on hardware within your own infrastructure. There is no cloud connection and no call to external APIs: inference, indexing, and storage happen exclusively inside your network. What technically has no path to the outside cannot leak — not documents, not queries, not metadata.

Lokalaise is a managed local AI stack: your company data is connected through a connector layer (file shares, SharePoint, DMS, email, PDF scanning), indexed permission-aware in the knowledge layer, and made usable through enterprise chat, agents, and knowledge workflows. All layers — including the language models themselves — run on dedicated hardware located on your premises. Data at rest is encrypted with AES-256; internal connections are secured with TLS 1.3.

Lokalaise adopts the existing roles and access rights from your source systems and enforces them down to the document level. The check happens before an answer is generated: documents the person asking has no access rights to never enter answer generation in the first place. That way, no summary, preview, or indirect phrasing can disclose content — salary data to roles outside HR, for example. When permissions change in the source systems, the new state applies in the knowledge layer as well.

Every interaction leaves a complete audit trail: who asked which question and when, which sources and document versions were used, and which permission check took place. In addition, every answer visibly carries its evidence — document, page, version state. Like everything else, the logs live in your infrastructure and are exportable, so your IT, your data protection officer, or external auditors can analyze them independently.

Operations and maintenance are part of the managed stack: we deliver vetted updates for platform and models as controlled releases that are applied deliberately — not as a silent cloud rollout. You stay in control of when an update enters your environment. In isolated networks, updates are applied via offline transfer; a permanent internet connection is never required for operation.

Yes. The entire stack is air-gap capable and can be operated in fully isolated networks without any internet connection. Inference, indexing, permission checks, and audit logging require no external connection — the models run locally and access only your internal knowledge. This matters for environments with particularly sensitive data, where even outbound traffic must be ruled out.

Processing happens exclusively on-premise, within your sphere of responsibility: there is no third-country transfer, no sharing with external model providers, and no use of your data for third-party training. Encryption (AES-256 at rest, TLS 1.3 in transit), document-level permissions, and exportable audit trails provide technical and organizational measures you can concretely demonstrate to data protection officers and auditors.

Security & data sovereignty

Sovereign AI for your company — without ever giving up your data.

Let us show you what permission-aware knowledge, audit trails, and air-gapped operation look like in your environment.

100% locally operated · GDPR-compliant · no cloud, no external APIs