GDPR

Diana is designed to be GDPR-compliant by architecture for customer-controlled deployments.

In a typical sovereign deployment, personal data you process under the GDPR stays inside your network boundary. Diana’s role is to run agents and models on your hardware so that processing does not depend on sending that data to Diana’s cloud for inference.

Technical documentation (architecture diagrams, network flows, and configuration guidance) is available to support your Data Protection Impact Assessment and vendor due diligence as part of a serious evaluation.

This page is a summary. It is not a substitute for your own legal analysis or a signed Data Processing Agreement. For next steps, see the Security section and the Manifesto.