Your cloud account. Your contract. Your audit.
Controlled deploys the substrate into a dedicated VPC in your AWS, Azure, GCP, or sovereign-region account. Your DPA, your encryption keys, your network controls. We operate the workload; you own the boundary.
Dedicated VPC, your account
Deploys into your AWS, Azure, GCP, or sovereign-region tenant. Your network controls, your IAM, your boundary.
BYO-KMS
Bring your own KMS / HSM. 1331 operates the workload; you hold the keys that decrypt it.
Region pinning
Inference pinned to Frankfurt, Paris, Dublin, London, Sydney, or your sovereign-region of record. No silent failover across jurisdictions.
Exit strategy on paper
DORA-grade exit artifacts — register-of-information entries, subcontractor map, 90-day exit plan — produced as exportable PDFs, not slide decks.
Schrems II, DORA Article 28, and your DPO all read the same way.
A US-parented SaaS endpoint with an EU region is still a CLOUD Act-reachable subprocessor in your DPA. Controlled puts the substrate inside a tenant you own, under contracts your supervisory authority has already accepted, with concentration-risk and exit-strategy evidence that doesn't have to be invented during the next examination.
Audit log delivery into your SIEM / DMS / EHR audit feed in structured formats — no scraping a vendor console.
GDPR Art. 28 DPA under an EU-domiciled counter-party, with named subprocessors and named regions.
4-hour incident export in the ESA reporting template format. Your DORA program lead inherits the artifacts.
Strong fit
- EU banks, insurers, mid-size asset managers under DORA
- Health systems pursuing HITRUST scope on PHI workloads
- Real-estate operators with cloud-of-record commitments
- Pharma and life sciences with GxP-validated environments
Pick a different posture
- Defense workloads where an FSO will reject anything with required egress
- Teams with no cloud account or no procurement path for one