TensorX is built from the ground up for organisations that need private, compliant AI inference. Every architectural decision we make starts with data protection.
Zero Data Retention
Prompts and completions are processed in ephemeral enclaves and are never stored. We do not log, retain, or train on your inference data.
EU-Sovereign Infrastructure
All GPU infrastructure is physically located in the EU — Dublin and Helsinki. Your data never leaves EU jurisdiction.
GDPR Compliant
TensorX is an Irish-registered company, subject to Irish and EU data protection law. We operate as a Processor under the GDPR.
Encryption Everywhere
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. API keys are hashed and never stored in plaintext.
Data Handling
What We Process
When you use the TensorX API, your prompts and completions pass through our inference infrastructure. This data is:
- Processed in ephemeral memory only — no disk writes
- Not logged — we do not record prompt content or model outputs
- Not used for training — your data is never used to train or fine-tune models
- Not shared — your data is never shared with model providers, third parties, or other customers
What We Store
We store only the minimum data necessary to operate the platform:
- Account data: Name, email, hashed password, organisation membership
- Usage metadata: Token counts, model used, timestamps, spend (not prompt content)
- Billing data: Stripe customer ID, wallet balance, transaction history
- Security data: Login timestamps, IP addresses, device fingerprints
Who Is the Controller / Processor?
As between TensorX and the Customer, the Customer is the Controller and TensorX is the Processor. This relationship is governed by our Data Processing Agreement.
Infrastructure Security
Physical Security
GPU servers are housed in Tier III+ data centres in Dublin (Digital Realty) and Helsinki (Verda) with 24/7 physical security, biometric access controls, and CCTV monitoring.
Network Security
All API traffic is encrypted via TLS 1.2+. Infrastructure is protected by Cloudflare WAF, DDoS mitigation, and rate limiting. Internal networks are segmented with strict firewall rules.
Access Controls
Internal access follows the principle of least privilege. All administrative access requires multi-factor authentication. Access is reviewed regularly and revoked promptly upon role changes.
Monitoring & Incident Response
Infrastructure is monitored 24/7 with automated alerting. We maintain a documented incident response procedure with 72-hour breach notification in accordance with GDPR Article 33.
Compliance & Legal Framework
| Framework | Status |
|---|---|
| GDPR (EU General Data Protection Regulation) | ✅ Compliant — Irish Data Controller |
| Irish Data Protection Acts 1988 & 2018 | ✅ Compliant |
| UK GDPR & UK Data Protection Act 2018 | ✅ Compliant |
| EU AI Act | ✅ Compliant — General-purpose AI provider |
| EU Standard Contractual Clauses (SCCs) | ✅ In place for non-EU transfers |
| Data Processing Agreement (DPA) | ✅ Available |
| NVIDIA Inception Programme | ✅ Member |
| ISO 27001 | 🔄 In Progress (infrastructure partner certified) |
| ISO 42001 (AI Management System) | 🔄 Planned |
| DORA (Digital Operational Resilience Act) | ℹ️ Supportive — architecture supports customer obligations |
| NIS2 (Network & Information Security Directive) | ℹ️ Monitoring — Irish transposition pending |
| SOC 2 Type II | 🔄 Planned |
Legal Documents
Data Processing AgreementGDPR-compliant DPAPrivacy PolicyHow we handle personal dataTerms of ServiceService agreementSub-processorsThird-party data processorsAcceptable Use PolicyUsage guidelinesService Level AgreementUptime commitments
Frequently Asked Questions
Is TensorX a Controller or Processor?
TensorX is a Processor of Customer data. The Customer is the Controller. See our DPA for full details.
Does TensorX store my prompts or completions?
No. All prompts and completions are processed in ephemeral enclaves and are never persisted to disk, logged, or stored in any form.
Does TensorX train on my data?
No. We never use customer data to train, fine-tune, or improve models. We serve open-source models as-is.
Where is my data processed?
All inference workloads run on GPU infrastructure physically located in the European Union — specifically Dublin (Ireland) and Helsinki (Finland).
Does TensorX share data with model providers?
No. We host open-source models on our own infrastructure. No customer data is shared with model developers or any third parties not listed as Sub-processors.
Can I get a signed DPA?
Our DPA is automatically incorporated into our Terms of Service — no signature is required. If your procurement team requires a countersigned copy, contact [email protected].
What happens if there’s a data breach?
TensorX will notify affected customers within 72 hours of becoming aware of a Personal Data Breach, in compliance with GDPR Article 33. See Section 4 of our DPA for full details.
For security enquiries or to report a vulnerability, contact [email protected].
For legal or compliance questions, contact [email protected].