02 · Sovereign RAG Platform

A retrieval platform that runs entirely inside your own cloud account.

A production-grade RAG platform defined in Terraform, instrumented, and running under your control inside your perimeter. Your documents stay in your account, and we deliver an eval harness that continues working as models improve.

Scope a deployment Read the reference architecture →
Timeline
6–8 weeks
Price
$150K–$300Kfixed scope
You leave with
A platformyour team owns and operates

What you get

Built to outlast the engagement.

Everything needed to run it after we leave: infrastructure as code, the dashboards to watch it, and the training to operate it.

  • 01Deployed RAG platform in your cloud provider account. It includes ingestion, parsing, embedding, vector store, retrieval, and open-weight inference, all inside your VPC.
  • 02Terraform modules — the whole stack as code that is reviewable, reproducible, and security auditable.
  • 03Dashboards & runbook — latency, cost, and retrieval-quality monitoring, plus the operational runbook.
  • 04Eval harness — automated checks on retrieval and answer quality so regressions surface before users do.
  • 05Handoff training — your engineers leave able to operate, extend, and debug it without us.

Fit

Who should take this on.

This is for you if

  • You have a defined document corpus and a real, current workload — lending files, credit memos, deal or compliance documents, claims.
  • The platform has to operate inside your perimeter for regulatory or contractual reasons.
  • You want your own team to own it afterward — not to depend on us indefinitely.

This isn't for you if

  • You want a chatbot demo to show an exec next week — we'll redirect you to the right scope.
  • You haven't decided which model to run — start with an evaluation first.
  • A managed service in your VPC would genuinely serve you better. If so, we'll tell you.

FAQ

Questions we get first.

How do you choose the model?
If you've done the evaluation engagement, the model is already chosen on evidence. If not, we scope a short selection step into the deployment. Either way the choice is defensible and the harness to re-test it ships with the platform.
How do you handle PII and PHI?
The data never leaves your account. We deploy with encryption in transit and at rest, customer-managed keys, IAM scoping, and PII/PHI redaction in the pipeline where the workload calls for it. Handling defaults are written into the SOW and surfaced in the dashboards.
Can it serve multiple teams or tenants?
Yes. We support multi-tenant patterns — per-tenant isolation, access controls, and usage accounting — scoped to what your environment actually needs rather than a generic everything-on default.
What about ongoing operations?
The point is that your team operates it. We provide the runbook, the dashboards, and the handoff training. If you want a defined support arrangement afterward, we'll scope one — but the platform is built to run without us.

Run AI where your data already lives.

Bring the workload and the corpus. We'll bring the platform and the eval discipline.

Scope a deployment