Data Sovereignty

Your prompts never leave
your control.

Forge Sovereign Mode guarantees that all inference runs on LANA-controlled infrastructure. No data is sent to OpenAI, Anthropic, Google, or any third-party provider.

Architecture

How your data flows through Forge

Your Application API call Forge Gateway Auth + Rate Limit + Routing Engine Sovereign? YES Self-Hosted Models Qwen3-VL-32B (GPU) NO Smart Router Cost + latency + quality OpenAI Anthropic Others DATA CONTROL LAYER Zero-Retention Mode No content stored Audit Log Egress Events to your webhook Dedicated Inference Isolated GPU (Enterprise) Response

How it works

One header. Complete data isolation.

Send with X-Sovereign

Add X-Sovereign: true to any API request. Or lock it at the organization level — every request is automatically sovereign.

Self-hosted inference only

Forge routes your request exclusively to open-source models running on GPU infrastructure we operate. No external API calls are made — not even as fallbacks.

Full audit trail

Every request is logged with routing decision, provider used, and sovereign enforcement status. Query your audit log via API for compliance reporting.

Guarantees

What sovereign mode enforces

No third-party data transfer

Your prompts and responses stay on LANA infrastructure. Zero data leaves to external AI providers.

No prompt storage

Prompt content is never logged, cached, or persisted. Only request metadata (model, tokens, latency) is recorded.

No external fallbacks

If self-hosted models are unavailable, Forge returns a clear error instead of silently routing to a third party.

TLS encryption in transit

All traffic to the Forge API is encrypted via TLS with certificates managed by our sovereign proxy infrastructure.

Traceback redaction

Error logs never include request context, stack traces, or prompt content. Only structured error messages are recorded.

Compliance

Audit trail for every request

What we log

  • Request ID and timestamp (microsecond precision)
  • Organization and API key identifier
  • Model requested and model actually used
  • Routing decision (internal vs. external)
  • Sovereign enforcement status
  • Token usage and latency
  • Fallback chain (if triggered)

What we never log

  • Prompt or message content
  • Model responses or completions
  • File uploads or document content
  • Stack traces with request context

Retention

Default 90-day retention with automatic expiration. Enterprise plans support custom retention periods to meet specific regulatory requirements.

Beyond routing

Sovereignty is more than where your data goes.

Sovereign routing keeps your data off third-party providers. These features control what happens to it on ours.

Zero-retention mode

When enabled, no request content, prompts, or responses are stored on LANA infrastructure. Only billing counters are retained. Nothing to subpoena, nothing to breach.

Available on Starter and above

Audit log egress

Forward every compliance event to your own infrastructure in real-time. Your webhook, your storage, your record. We write to your endpoint — we don't keep a copy.

Available on Starter and above

Dedicated inference

Enterprise customers run on isolated GPU infrastructure. No shared compute, no noisy neighbors, no cross-tenant exposure. Your requests never touch hardware shared with other organizations.

Enterprise plans

Available on Pro and above

Sovereign mode is available on Pro ($149/mo) and above. Organization-wide sovereign lock is available on Enterprise plans.

Pro

Sovereign mode
+ compliance audit log

Scale

Sovereign mode
+ audit log egress
+ zero-retention

Enterprise

Org-wide sovereign lock
+ dedicated infra
+ custom retention

View Plans