Sensitive Industries

Your clients trust you with what they cannot afford to lose. The infrastructure behind that trust should be held to the same standard. Ours is.

→ You handle information that is legally protected — client communications, patient records, financial data → Your professional obligations extend to the tools and infrastructure you use → You've asked "is this GDPR compliant?" and accepted the answer without asking "but is it sovereign?" → You use Gmail, Microsoft 365, or Google Drive because there was no serious alternative — until now

Sovereign Mail

iRedMail on EU infrastructure, Proofpoint for security, CrossBox for a modern interface your team will actually use. Custom domain, full encryption in transit and at rest, audit logs that stay with you.

Encrypted Document Storage & Collaboration

Nextcloud on private infrastructure — document storage, sharing, calendar, contacts. Encrypted, access-controlled, hosted in our Zagreb or Vienna datacenters.

Private AI — Privileged by Design

Private LLM inference on dedicated EU hardware. Your documents feed the AI. The AI stays inside. No token is ever sent to OpenAI, Anthropic, Claude, Google, or any external service. Your entire team can use it all day at a fixed monthly cost — no per-query billing.

Identity & Access Control

Keycloak-based identity management with SSO, MFA, and granular access policies. Audit trail for every login, every document access, every permission change.

Secure Communications

Matrix/Element on private infrastructure — encrypted team messaging that stays on your servers, with full message history under your retention policy.

PILOT does not provide legal advice. But we understand what NIS2, DORA, GDPR, and EHDS require from your infrastructure — and we build to those requirements.

What we document for you:

• Data residency — exactly where your data lives, contractually guaranteed
• Access logs — every access event, retained under your policy
• Encryption standards — at rest and in transit, key management stays with you
• Incident response procedures — aligned with NIS2 notification requirements
• Supply chain documentation — the full infrastructure stack, auditable

Not your thing? Skip to Related missions.

• Mail — Postfix/Dovecot via iRedMail, Proofpoint as inbound/outbound gateway, CrossBox as IMAP-connected webmail UI. SPF, DKIM, DMARC fully configured.
• Storage — Nextcloud on Proxmox VM, encrypted volumes, S3-compatible object storage backend, LDAP-integrated user management.
• AI — Ollama or vLLM serving open-weight models on dedicated GPU. OpenAI-compatible API endpoint. AnythingLLM or Open WebUI as interface. RAG via Qdrant vector database.
• Identity — Keycloak with LDAP backend. OIDC/SAML for app federation. Hardware MFA (FIDO2/WebAuthn) supported.
• Messaging — Matrix Synapse on dedicated VM. Element Web as client. Federation disabled by default for maximum isolation.
• Jurisdiction — Zagreb (Croatia/EU) and Vienna (Austria/EU) datacenter options. No US-owned infrastructure in the stack.

Read the Pilot Book: Sensitive Industries Stack — full setup guide for sovereign mail, encrypted storage, and private AI for regulated environments.

• AI/ML Stack — deeper dive into private AI infrastructure and sovereign inference
• Developer Stack — sovereign infrastructure for technical teams
• Migration — moving your existing stack to sovereign infrastructure

• Managed Mail — mail stack details and configuration options
• Private Cloud — storage and collaboration infrastructure
• Managed Identity — SSO, MFA, and access control
• TOWER Monitoring — 24/7 visibility across your entire infrastructure

Your clients trust you. Your infrastructure should be worthy of that trust. Request access.