InovΛi Consultation
Free consultation

Sensitive data
never has to leave your company

We design AI workflows by data sensitivity, regulation and internal rules. Depending on the specific process, we choose cloud, a private environment or a local model at the client.

Data governance

Security starts with the data foundation

It’s not only about where the model runs. It’s also about the origin of the data, access rights, the audit trail and processing rules. We design the data and security layers together.

01

Origin of data and documents

Where the data comes from, who brought it into the workflow and in what state.

02

Access rights and roles

Who may see, change, approve or use the data in the workflow.

03

Logging and audit trail

For every output it should be traceable what it was based on, which rule was applied and who confirmed it.

04

Retention and processing

How long data is kept, when it is deleted and what may leave the company’s infrastructure.

Architecture by data

Cloud, private environment or local LLM

There’s no single right deployment for everyone. For each workflow we decide where the data is processed, who has access to it and how much control the client needs.

Option A low sensitivity

Cloud AI services

Fast deployment for less sensitive scenarios, pilots and internal assistants.

  • fast launch,
  • high model quality,
  • good operating economics.
Option B medium

Private / isolated environment

A dedicated environment for scenarios that need greater control over access, logs and integrations.

  • controlled access to data,
  • integration with the company IAM,
  • control over logs and retention.
Option C high sensitivity

Local / on-premise LLM

The model runs at the client. Data never has to leave the company’s infrastructure.

  • data stays at the client,
  • option of local evaluation,
  • less dependence on the public cloud.
Core rules

Security is not an optional layer

Regardless of the chosen architecture, it must be clear what data is processed, who decides and how the output can be verified.

We don’t use client data to train public models

With cloud services we handle this both contractually and technically. With local models, always under the client’s rules.

We process only the data that’s needed

We send into the workflow only what is necessary for the specific task.

We set retention and logs by process

We don’t keep data longer than makes sense for processing, audit or operations.

Critical decisions are validated by a human

The AI prepares the basis. Responsibility remains with the designated role.

Outputs have an audit trail

For every decision it should be traceable what it was based on and who confirmed it.

The client knows what the workflow runs on

We describe the services, models and components used transparently.

Compliance

GDPR, the AI Act and the client’s internal standards

We design workflows with the regulatory context, internal IT rules and the client’s security standards in mind.

Minimisation and purpose limitation

We design the solution with data minimisation, the purpose of processing, access and processing relationships in mind.

Human oversight and explainability

For regulated processes we account for documentation, logging, control and traceability of outputs.

ISO, IAM and change management

We respect internal IT policies, IAM, logging, change management and requirements such as ISO 27001 or ISO 9001.

Responsibility

Security is led by a person with enterprise experience

The security and data layer at Inovai is owned by Radek Palla. He has 14+ years of experience in enterprise IT security, BI, data governance and international teams.

01

Enterprise security

Experience from an international security environment at Forvia Hella Mohelnice.

02

Network, endpoint and incident response

Hands-on with firewalls, MFA, DMZ, endpoint protection, log analytics and security incidents.

03

BI and data governance

Experience with reporting and governance over manufacturing MES data.

Radek’s profile in About
FAQ

What clients ask us

The most common questions about security, data processing and choosing the architecture.

Where does client data physically go?

It depends on the chosen architecture. It can run in the cloud, in a private environment or locally at the client. With the on-premise option, data never has to leave the company’s infrastructure.

Is the data used to train the model?

Not with public models. With a local solution, controlled learning or evaluation on your own data can be an advantage, but always only under the client’s rules and with the client’s consent.

Can you deliver a solution without the cloud?

Yes. For sensitive scenarios we can design a local/on-premise option where the model runs in the client’s infrastructure.

How long is data retained?

It depends on the workflow and the client’s requirements. Typically only for as long as needed for processing, audit or operations.

Who is responsible for decisions?

For critical decisions, a human. The AI prepares a structured basis, but the final validation and responsibility remain with the designated role.