AI & AutomationPrivate Infrastructure

Private AI Infrastructure

Every AI feature in SOPHIOS — from OCR extraction to the chat assistant — runs on dedicated private hardware. Your data never leaves our controlled infrastructure and is never sent to any external AI provider.

Why This Matters

Most platforms that offer AI features send your data to third-party services like OpenAI, Google, or Anthropic for processing. This means your invoices, crew records, and financial data pass through external servers governed by someone else’s terms of service.

SOPHIOS does not do this. All AI processing runs on dedicated Apple Silicon hardware that we own and operate.

⚠️

Most platforms send your invoices to cloud AI services for processing. SOPHIOS doesn’t. Your financial data, crew passport numbers, and operational details stay on private infrastructure at all times.

What This Means for You

Your Data Stays Private

  • Crew passport numbers, salaries, and personal details never leave the platform
  • Invoice amounts, vendor relationships, and financial patterns are not exposed to third parties
  • Operational data (routes, fuel consumption, maintenance records) remains confidential

No Third-Party AI Terms Apply

  • Your data is not used to train anyone else’s AI models
  • No external AI provider has access to your information
  • You do not need to accept additional terms of service from AI vendors

Simplified Compliance

  • Full GDPR compliance without additional Data Processing Agreements for AI services
  • Right to erasure applies cleanly — no copies of your data exist in third-party AI provider logs
  • Data residency is fully controlled — your data stays where you expect it to be

How Data Flows Through the System

Upload

You upload an invoice (or ask the AI assistant a question). The file or query is transmitted over TLS 1.2+ encrypted connections to SOPHIOS servers.

Encrypted Storage

Documents are stored in encrypted object storage (AES-256 at rest) within EU-hosted infrastructure. Only authorized users in your organization can access them.

AI Processing

The AI model processes your document or query on dedicated Apple Silicon hardware. No external API calls are made. The model runs entirely on infrastructure we control.

Results Stored

Extracted data (vendor name, amounts, line items, dates) or assistant responses are written to your organization’s encrypted PostgreSQL database.

You Review

Results appear in your SOPHIOS dashboard. Only users with the appropriate role and asset permissions can view the data.

Security Measures

Encryption

LayerStandard
In TransitTLS 1.2+ for all connections
At RestAES-256 encryption for stored files and database
File StorageEncrypted object storage with presigned URLs (time-limited access)

Access Control

  • Role-Based Access (RBAC) — 5 base roles (Owner, Admin, Accountant, Manager, Viewer) plus custom roles
  • Asset-Level Permissions — granular control per asset: canView, canEdit, canApprove, canDelete, canExport
  • Session Verification — every API request verifies the user session and resolves permissions before any data access

Authentication

  • SSO with Multi-Factor Authentication — enterprise single sign-on through Clerk
  • Session Management — automatic session expiration and renewal

Audit Trail

Every action is logged with:

  • Who performed the action
  • What was changed
  • When it happened
  • Previous and new values

Audit logs are accessible to organization administrators.

Comparison with Typical Approaches

  • AI runs on dedicated private hardware
  • No data sent to external AI providers
  • No third-party AI terms of service
  • No additional DPAs needed for AI processing
  • Full control over data residency
  • Your data is never used to train external models

Summary: SOPHIOS gives you AI-powered automation — OCR, chat assistant, auto-categorization — without the privacy trade-off. Everything runs on private hardware, encrypted end-to-end, with full audit logging and role-based access control.

Related Pages:

OCR & Auto-categorizationOverview