How to keep your AI logs in the EU and under your control

The short answer

You have two honest options. The Senthex SaaS is EU-hosted on Hetzner in Germany (Falkenstein/Frankfurt), with a stateless reverse proxy that stores metadata, not raw prompts, and never stores your LLM key. Or self-host the proxy in your own environment — on-prem, your own cloud, or a tested Microsoft Azure deployment — so the audit logs sit entirely in your perimeter. Self-host starts at €5,000/year.


How do I keep my AI logs in the EU or under my control?

Pick the deployment that matches your risk register:

  • EU-hosted SaaS. Senthex compute and metadata stay in Germany (Hetzner Falkenstein/Frankfurt). The proxy is stateless: request bodies are forwarded in flight, not persisted, and your LLM API key is forwarded as-is, never stored.
  • Self-host. Run the Senthex container in your own environment. The audit logs land in your database, on your infrastructure, with retention you control entirely. The offline verifier runs on your machines.

In both cases the design is metadata-first, so the log isn't a second copy of your customers' prompts.

What does self-host actually deploy?

Self-host gives you the proxy and shields as software you operate. Nothing leaves your perimeter unless you route it out: your app talks to your Senthex, your Senthex talks to the model provider you configured. Logs, retention and exports are yours to control, which is the clean answer to a procurement team asking "where does our data actually go." We have a tested deployment on Microsoft Azure as one supported target, alongside on-prem and your own cloud. Pricing starts at €5,000/year.

Where does the request actually go?

Your app → Senthex → the model provider you configured. On the SaaS, the Senthex hop is in Germany. The model-provider hop is whatever you set — OpenAI's EU residency, Mistral in France, the Anthropic region you chose. One honest caveat: Senthex cannot make a US-only provider European. We route to the provider you pick; data residency at that hop is the provider's, not ours. This is the GDPR Chapter V (third-country transfers) reality, stated plainly.

The honest limits

Three things we keep straight so you can too:

  • The SaaS is Hetzner (Germany), not Azure. Azure is a tested self-host target — it is not where our managed SaaS runs.
  • Corporate certifications are in progress. We are not SOC 2 / ISO 27001 at the corporate level yet; Hetzner holds ISO 27001 for the hosting layer independently, which is a separate scope we don't conflate.
  • The offline verifier is part of the v1.1.7 pilot. Metadata logging ships today; the verifiable hash-chain proof is the pilot.

Keeping AI audit logs under your control

PropertyGeneric global edge gatewaySenthex EU SaaS (Hetzner DE)Senthex self-host
Where compute & metadata liveNearest global PoP (anycast)Germany (Falkenstein/Frankfurt)Your environment
Who controls log retentionThe vendorConfigurable, on EU infraEntirely you
Audit logs sit in your perimeterNoNo — our EU infraYes
Your LLM keyVariesForwarded as-is, never storedNever leaves your perimeter
Starting priceVariesFree / €20 / €99 per monthFrom €5,000/year

Frequently asked questions

How do I keep my AI logs in the EU?

Use the EU-hosted Senthex SaaS, where compute and metadata stay in Germany (Hetzner Falkenstein/Frankfurt), or self-host the proxy in your own EU environment. The proxy is stateless and metadata-first: it stores verdicts and metadata, not raw prompts, and never stores your LLM key.

Can I run Senthex on-premise or in my own cloud?

Yes. Self-host deploys the proxy and shields as software you operate, on-prem or in your own cloud, with a tested Microsoft Azure deployment as one supported target. The audit logs land in your database with retention you control. Self-host starts at €5,000/year.

Is the SaaS hosted on Azure?

No. The managed SaaS is EU-hosted on Hetzner in Germany. Azure is a tested target for self-host deployments only. We keep that distinction explicit so nobody is surprised in a security review.

Does Senthex make my US model provider European?

No, and we won't pretend otherwise. Senthex routes to the provider you configure; the data residency at that hop is the provider's. We keep the Senthex hop EU-resident, but if you point us at a US-only provider, that call goes where the provider runs it. That's the GDPR Chapter V reality.

Do you store our prompts or our API key?

No to both by default. The reverse proxy forwards request bodies in flight without persisting them (metadata-first), and forwards your LLM API key as-is without storing it. On self-host, none of it leaves your perimeter at all.

Deploy it where your data has to stay

See the self-host offer for what gets deployed and the Azure path, or read how we handle data. Then contact us to scope a self-hosted deployment.