Your batch data stays in Europe.
While most AI platforms route your sensitive manufacturing data through US servers, BatchCortex stores and processes all data exclusively within EU infrastructure. EU data residency, EU servers, EU law.
Why data sovereignty is non-negotiable for pharma.
Pharmaceutical manufacturing data is among the most regulated in any industry. Batch records, sensor readings, deviation reports, and electronic signatures are subject to GMP requirements that demand full traceability, data integrity, and controlled access. When that data leaves your jurisdiction, you lose control over who can access it and under what legal framework.
The US CLOUD Act gives American authorities the legal power to compel any US-headquartered cloud provider to hand over data stored anywhere in the world — regardless of where the servers are physically located. If your AI vendor is a US company, your European batch data is potentially subject to US government access requests.
The Schrems II ruling invalidated the EU-US Privacy Shield and raised the bar for any transatlantic data transfer. Standard Contractual Clauses exist, but they don't override the CLOUD Act. The only way to guarantee that EU pharmaceutical data stays under EU law is to keep it on EU infrastructure operated by EU-jurisdictioned companies.
BatchCortex eliminates this risk at the infrastructure level. All data is stored and processed within the EU. Our sub-processors maintain EU data residency and are bound by EU Standard Contractual Clauses (SCCs). While some sub-processors are incorporated in the United States, all data processing occurs within EU borders under EU law. We are actively evaluating fully EU-incorporated alternatives as part of our sovereignty roadmap.
US CLOUD Act Reality
All data is stored and processed within EU infrastructure. Sub-processors with US parent companies are bound by EU Standard Contractual Clauses (SCCs). BatchCortex is actively evaluating fully EU-incorporated alternatives for all infrastructure services. See our sovereignty roadmap for details.
Where your data lives.
AI inference
Mistral AI
France
All production AI inference runs on EU-based servers. Your sensor data, model outputs, and batch analysis are processed exclusively within EU infrastructure.
Database
Supabase
EU region (Sweden)
PostgreSQL database on EU-based Supabase infrastructure. Each organisation gets isolated storage with point-in-time recovery enabled.
Application
Vercel
EU (Frankfurt)
Frontend and API routes pinned to Vercel's Frankfurt region. All serverless functions execute in the EU. No batch data is stored at the edge layer.
Notifications
Twilio + Resend
EU (Ireland)
SMS, voice calls, and email delivery routed through EU-based infrastructure. Twilio Ireland (IE1) for SMS/voice, Resend Ireland for email. No US routing.
WHAT HAPPENS DURING AN OUTAGE?
If Mistral AI experiences downtime, BatchCortex continues recording sensor data and maintaining audit trail integrity. AI inference pauses, but your production monitoring and data capture remain operational. When service resumes, inference catches up automatically. Your batch never has a gap in the record.
What happens when the internet drops?
BatchCortex edge devices store sensor readings locally when cloud connectivity is interrupted. No data is lost. When the connection is restored, all buffered readings sync automatically with full timestamps preserved.
In GMP manufacturing, data gaps in a batch record are a regulatory violation under ALCOA+ principles — data must be Attributable, Legible, Contemporaneous, Original, and Accurate. Our store-and-forward architecture ensures your batch record is complete even in the event of a network outage.
ALCOA+ COMPLIANT DATA ARCHITECTURE
BatchCortex edge agents run continuously for the full duration of every batch — hours, days, or weeks. If connectivity drops at any point, readings buffer to a local SQLite database and flush automatically every 30 seconds. Timestamps reflect the original moment of capture — not the moment of sync. Your batch record remains contemporaneous regardless of connectivity.
GDPR compliant by architecture, not by policy.
BatchCortex is GDPR Article 44 compliant by design. All data is stored and processed within EU infrastructure. Sub-processors maintain EU data residency and are bound by Standard Contractual Clauses (SCCs). We are actively evaluating fully EU-incorporated alternatives for all services.
Database-level isolation ensures that each organisation's data is scoped by Supabase Row Level Security — enforced by PostgreSQL, not application code. Even a compromised API cannot access another organisation's data.
We do not sell your data. We do not use your batch data to train models for other customers. Your data is yours. Period.
For full details on data subject rights and DSAR procedures, see our GDPR & Data Rights page.
Built for the EU AI Act.
The EU AI Act classifies AI systems used in pharmaceutical manufacturing as high-risk. BatchCortex was designed for these requirements before the regulation was finalised — because human-on-the-loop was always the right approach for GMP, not because regulation required it.
Human-on-the-loop
Every AI recommendation requires explicit human approval. The AI analyses and proposes — the qualified person decides.
No vendor lock-in
Built on open-weight European AI models. Mistral Large via Swedish data centres from 2027. Your compliance doesn't depend on a San Francisco boardroom.
Explainable outputs
Every recommendation includes a human-readable rationale, confidence score, and the specific sensor data that triggered it. No black boxes.
Model version control
Every batch record permanently identifies the exact AI model version active during monitoring. Models are immutable releases — never updated silently.
For the full regulatory breakdown, see our EU AI Act compliance details.
Need our data sovereignty documentation?
We provide full infrastructure documentation, data processing agreements, and sub-processor lists for your compliance team.
EU infrastructure · EU data residency · GDPR Article 44 compliant · The Silicon Valhalla