Sovereignty is a property of the architecture, not a marketing line. Below is what that means in practice — where your data lives, how the system updates, what we can and cannot see, and the commitments that ship with every appliance.
The Arsenale appliance runs inference, agent execution, and learning on its own hardware. There is no cloud component in the loop for the system to function. The default posture is on-premises; everything else is opt-in.
Documents, conversations, agent state, and learning data sit on the appliance you own. The product does not require outbound connectivity to operate.
Hardware is purchased, not rented. There is no per-token billing, no per-seat licence on the inference itself, and no remote kill-switch tied to a subscription.
The runtime is UK-engineered. The corporate entity, registered office, and operations are UK-domiciled. The appliance is shipped from the UK.
The appliance functions on isolated networks for deployments where outbound connectivity is forbidden. Updates can be applied via signed offline packages.
Most customers want a remote dashboard. We offer three options across a spectrum from convenience to maximal privacy. We describe each accurately rather than claim end-to-end on the convenient default.
| Option | What it is | What can see content | Status |
|---|---|---|---|
| Managed tunnel default |
Reverse tunnel terminating TLS at a global edge network. Zero customer setup. Reachable from anywhere a browser is. | The edge provider and Arsenale, technically. Random observers see encrypted traffic only. | SHIPPED |
| VPN tunnel end-to-end |
Customer connects via a WireGuard or Tailscale client straight to the appliance. TLS terminates only on the appliance itself. | No third party — including us. Connection metadata is observable at the network layer; content is not. | SHIPPING |
| LAN only | Remote access disabled. Dashboard reachable only from devices on the same local network as the appliance. | No external party. Anything inside the network the customer controls. | SHIPPED |
| BYO domain | Customer points their own domain at the appliance and supplies their DNS credentials. Edge layer becomes theirs to choose or skip. | Whoever the customer puts in front of the appliance, or no one. | SHIPPED |
Customers can change between options at any time. The hardware and the data do not move; only the path by which the dashboard is reached.
Every appliance ships with five years of Syntex OS security patches at no additional charge. Security is not behind the optional annual licence — only feature updates are.
Updates are delivered through a cryptographically signed package channel. Unsigned or tampered packages are rejected by the appliance before being applied.
Every licence event, activation, and policy-relevant action is logged to an append-only ledger with a per-unit HMAC chain. Modifying or deleting any row breaks the chain and is detectable.
Licence keys validate against an offline checksum. The appliance does not phone home to verify the key, and continues to operate during network outages.
Each appliance is provisioned with its own cryptographic secrets. There is no shared default key across the fleet, and no master credential that, if extracted, compromises other deployments.
The appliance exposes the dashboard and the agent endpoints, nothing else. No remote management daemon, no admin SSH on by default, no inbound service the customer did not enable.
An honest description of constraints is as important as a list of features. The items below are deliberate.
The appliance does not send inference data, agent traces, or customer documents to us for analysis, telemetry, or model improvement. The product would still work if we vanished.
Inference runs against weights stored on the appliance. The system does not call out to commercial LLM APIs in the background to fill gaps or improve quality.
The appliance dashboard ships without third-party analytics, advertising tags, or session-replay tools embedded.
We do not retain a capability to remotely disable the appliance once it has been delivered. Operation does not depend on our continued willingness to authorise it.
Arsenale Limited
Registered in England and Wales
Company No. 17126962
71-75 Shelton Street, Covent Garden,
London, WC2H 9JQ
UK GDPR / Data Protection Act 2018. Customer operational data remains on the customer's appliance and is not transferred to Arsenale. For questions or rights requests, write to contact@arsenale.ai.
Researchers reporting suspected vulnerabilities are welcome. Please write to security@arsenale.ai with reproduction steps and your preferred coordinated-disclosure window.
For institutional procurement queries (information security questionnaires, contractual terms, supplier onboarding documentation), write to contact@arsenale.ai.
This page describes the posture of the production appliance and any item marked SHIPPED. Items marked SHIPPING are imminent and time-bounded; their planned availability is documented to procurement teams under NDA on request. If anything on this page conflicts with how the product actually behaves on the unit you have, the unit's behaviour is authoritative and we want to hear about it.