Sovereign by default

Your data does not leave the region you pinned.

Region routing is enforced in code, not in a policy PDF. We sign your DPA, your BAA, and your sovereign-cloud agreement on our paper. The contracts your Legal team asks for, in the regions your compliance team requires.


01 · Agreements on our paper

DPA

GDPR Article 28-compliant Data Processing Addendum. SCCs annex bundled.

Read the DPA →

BAA

HIPAA §164.504(e)-compliant Business Associate Agreement. In-scope on Dedicated for healthcare.

Request the BAA →

India DPDPA

Addendum aligned with India's Digital Personal Data Protection Act obligations.

Request the addendum →

Sovereign-cloud

Template agreement for EU regulated buyers requiring sovereign-cloud guarantees.

Request the template →

02 · Region map

Three regions. Strict residency. No silent failover.

Each region is a separate control plane with its own model serving fleet, its own metering pipeline, and its own data path. A US request never touches EU disks. An EU request never touches India disks. If a region is degraded, requests pinned to that region return errors rather than failing over silently.

USusEUeuIndiain
us · iadeu · fra · pinnedeu · mad · pinnedin · bom
strict-pin · 3 regions · 6 launch models
USus
Site

Northern Virginia · Phoenix

API

api.us.clusterbid.eu

Models

All 6 launch models incl. Hermes-3 (beta)

SKUs

Inference API · Dedicated · Fine-Tuning

Local agreements

DPA · BAA · CCPA addendum

EUeu
Site

Frankfurt am Main

API

api.eu.clusterbid.eu

Models

5 launch models · Hermes-3 in Phase 2

SKUs

Inference API · Dedicated · Fine-Tuning

Local agreements

GDPR · DPA · sovereign-cloud agreement template

Indiain
Site

Mumbai (Maharashtra)

API

api.in.clusterbid.eu

Models

5 launch models · Hermes-3 in Phase 2

SKUs

Inference API · Dedicated · Fine-Tuning

Local agreements

DPDPA addendum · DPA


03 · Compliance posture

What we have. What's in flight. What we'll never claim.

We do not list certifications we have not started. Current state below — refresh date in the trust center.

ItemStatusDetail
SOC 2 Type Iin progressReadiness assessment in flight. Audit period opens Q3.
SOC 2 Type IIaudit Q4Audit period opens after Type I; report ~Q1 next year.
GDPRcompliantArticle 28 DPA on our paper. SCCs annex bundled. Frankfurt-resident control plane.
HIPAABAA availableSection 164.504(e)-compliant BAA. In-scope on Dedicated for healthcare workloads.
India DPDPAaddendum availableAligned with data fiduciary obligations. Mumbai-resident control plane for IN.
EU AI Actsee whitepaperGPAI obligations + downstream provider mapping in the security whitepaper.

04 · Audit + assurance

Three ways your security team can verify us.

Customer-led penetration testing

Permitted on Dedicated deployments, scoped via Letter of Authorization. Pen-test runbook on request.

Annual SOC 2 report sharing

Under NDA, sent within 5 business days of audit completion. Subscribe via support@clusterbid.eu.

Custom audit on request

ACV $500K+ contracts get a custom audit pack — sub-processor diligence, encryption-at-rest evidence, BCP/DR test results.


By the numbers
Regions live
3
US · EU · India
Strict-pin guarantee
100%
no silent failover across regions
Sub-processors
4
full roster in trust center
Response SLA — security
24h
for verified disclosures

talk to us

Most sovereignty conversations are 30 minutes.

Bring your Legal counsel and your CISO. We bring the DPA, the sub-processor list, and the control plane architecture. No NDA needed for the first call.