EU-resident, audit-signed, and built so the data path stays yours.

Stacklink Cloud runs in EU regions only. The application tier is pinned to Frankfurt with EU-only failover; the backend services run in Paris; cold object storage stays under an EU jurisdiction guarantee. There is no non-EU region in the failover set, and no fallback path that quietly routes traffic outside the bloc.

Every call to a language model or embedding provider is screened by an application-layer allowlist before it leaves the platform. If a provider region is not on the EU allowlist, the call is refused at the proxy — not logged, not retried elsewhere. This is the load-bearing guarantee behind the EU-residency promise.

If you need full data-plane control (your network, your keys, your hardware), see the sovereignty section below.

Every agent action — a model call, a tool invocation, a published artifact — emits an audit event signed with an Ed25519 key scoped to your workspace. Events are linked by hash into a per-workspace chain, and each day's chain root is signed separately so an operator can verify a full day in a single signature.

The audit log is produced by an out-of-process sidecar, not by the application that emits the event. That separation means a compromised agent runtime cannot silently rewrite history: the only way to retroactively modify the chain is to break the Ed25519 signature scheme. Replay verification is a single CLI call.

Three deployment shapes cover every posture from a single evaluation VM up to a network with no upstream egress:

• Compose — a single-VM Docker Compose stack for evaluation and small teams. Stand it up in an afternoon; tear it down just as cleanly.
• Helm — the production Kubernetes chart with an observability overlay (traces, metrics, evaluation telemetry) sized for staged rollouts across multiple clusters.
• Air-gapped bundle — an offline install artifact (container images, charts, a signed manifest) for networks that cannot reach the public internet. No upstream calls, no telemetry leak, no surprise dependencies at install time.

Stacklink maintains an internal mapping table that walks every obligation under the EU AI Act (Articles 9–15) and the equivalent NIST AI Risk Management Framework categories to a concrete artifact the platform produces: a configuration entry, a telemetry export, or an audit-chain query. The mapping is the working document our customers' compliance teams use during their own internal review.

A built-in export skill produces an audit-ready bundle on demand: every active policy, the current trust-boundary state, a hash-chain digest, and a mapping report against both frameworks. It is what operators run before a regulator visit or an annual review.

A small set of architectural rules is enforced at build time so the boundaries between sensitive components stay real — not just documented, but mechanically prevented from being crossed. The cuts that matter most for a privacy or security review:

• The agent runtime cannot reach any third-party connector code path. Connector credentials live in a separate process; the agent never holds them.
• This marketing site is built without any authentication, customer-data, or model-access libraries linked in. It cannot access the product database even if it tried.
• The self-hosted bundle and the cloud bundle ship with different provider strategies, but customer-facing code is the same. One implementation, configured differently — never a fork.
• Sandboxes that execute generated code receive only a short-lived session token; they never see upstream provider keys or customer credentials.