Your AI Traffic.
Your Jurisdiction.
MASQUE-protocol encrypted tunnels across 8 jurisdictions. Every AI request is routed to a jurisdiction-compliant tunnel with a cryptographically signed attestation.
8 Jurisdictions · Always Compliant
Traffic is routed to the lowest-latency ACTIVE tunnel in an allowed jurisdiction for the request's data class.
| Data Class | EU | US | UK | CA | SG | AU | JP | CH |
|---|---|---|---|---|---|---|---|---|
| GENERAL | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| PII | ✓ | ✓ | ✓ | ✓ | ~ | ~ | ~ | ✓ |
| FINANCIAL | ✓ | ✓ | ✓ | ✓ | ~ | ~ | ~ | ✓ |
| PHI | ✓ | ✓ | ✓ | ✓ | ✗ | ✗ | ✗ | ✓ |
| CLASSIFIED | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
8-jurisdiction data residency with classification matrix, DPIA, and adequacy decisions.
MASQUE_H3/H2/CONNECT_TCP protocols with TOFU TLS pinning and async health probing.
Per-tenant routing policy, HMAC-SHA256 attestations, and cross-border transfer rules.
All Tunnel Features
Enterprise-only sovereign routing layer.
EU, US, UK, CA, SG, AU, JP, CH jurisdictions with AI regulations, compliance frameworks, and data classification transfer rules matrix. Adequacy decisions for EU↔UK/CA/JP/CH.
MASQUE_H3, MASQUE_H2, CONNECT_TCP protocol support. TOFU TLS pinning via SHA-256 fingerprint. Lifecycle: PENDING → ACTIVE → DEGRADED → OFFLINE.
Picks lowest-latency ACTIVE tunnel in allowed jurisdictions. Prefers preferred_tunnel_id. Checks compliance before routing. BLOCK/DIRECT fallback modes.
HMAC-SHA256 signed attestations. Redis 7-year TTL. Verify endpoint for audit. 10,000 cap per tenant. SOVEREIGN_ATTEST_KEY env var.
Transfer rules per data class: CLASSIFIED (never), PHI (US/EU/UK/CA/CH only), PII/FINANCIAL/GENERAL (all, adequacy check). Sovereign Pod Tags per entity.
Per-tenant data-class overrides (PHI→US only, CLASSIFIED→none). BLOCK/DIRECT fallback. Redis-backed with in-memory fallback.
probe_tunnel() async TCP health-check on configured endpoint. Marks tunnel ACTIVE on first success, DEGRADED after 2 failures, OFFLINE after 5.
Caddy v2 UDP 443 for QUIC/HTTP3. Alt-Svc header injection. HSTS enforced. hostname-based routing: api/app/analytics/landing subdomains.
Adequacy decisions matrix: EU↔UK, EU↔CA, EU↔JP, EU↔CH. is_transfer_allowed() checks data class + source/dest jurisdiction. Non-adequate transfers blocked.
Data Protection Impact Assessment for sovereign routing decisions. Article 35 documentation, risk mitigations, residual risk scoring.
GET /sovereign/report — full jurisdiction compliance summary, active tunnels, attestation count, routing decisions, adequacy partners.
Every routing decision
gets a signed receipt
Each request routed through a sovereign tunnel generates an HMAC-SHA256 signed attestation stored in Redis with a 7-year TTL. Auditors can verify any historical routing decision.
{
"attest_id": "att_0Xk4aB7mN2p",
"request_id": "req_8f3a2c1d",
"tenant_id": "acme-corp",
"jurisdiction": "EU",
"tunnel_id": "tun_eu_h3_01",
"data_class": "PHI",
"compliant": true,
"issued_at": "2026-05-27T14:32:01Z",
"signature": "sha256:a3f9b2..."
} Sovereign AI Cloud is Enterprise-only
Enterprise plan at $249/month. Includes PQC, Sovereign AI Cloud, MasterAgent, and unlimited requests.