Copenhagen AI
CPH.AI
Approach
Capabilities
Insights
Research Institute
Copenhagen AI
COPENHAGEN AI
ENGINEERING EXCELLENCECREATIVE RENAISSANCEHYPER OPTIMIZATION

We function as the strategic bridge between sovereign infrastructure and autonomous intelligence. Bridging the gap between frontier breakthroughs and systematic industrial execution.

The AI Suite

  • Runestone
  • Bedrock
  • Ledger
  • Vector
  • Aegis
  • Prism

Institute

  • Academic Partnerships
  • Open Source
  • Research Blog

Careers

  • Open Roles
  • The Residency
  • Interviewing
  • Culture
Global Offices
© 2026 Kæraa Group. All Rights Reserved.
Terms of Service|Privacy Policy|Responsible Disclosure|Accessibility Statement
Legal Protocol 01
Last Updated: FEB 2026

Data Sovereignty
& Privacy Policy

This document outlines the cryptographic and procedural controls governing your information within the CPH.AI infrastructure. We balance sovereign control with the necessity of system optimization.

1. The Sovereignty Principle

CPH.AI distinguishes strictly between Tenant Data (your sensitive inputs/outputs) and System Data (infrastructure logs and usage patterns).

We do not sell personally identifiable client data. However, we reserve the right to process anonymized, aggregated metadata and usage statistics to optimize global system heuristics, security postures, and resource allocation algorithms.

2. Training Data Isolation

Our architecture prioritizes model hygiene:

  • Base Models: We utilize frozen base models that are not updated with your inference data by default.
  • Fine-Tuning: If we fine-tune a model for you, the resulting weights are isolated to your tenant environment.
  • Aggregate Improvement: CPH.AI may utilize non-identifiable, aggregate performance metrics from inference runs to improve the underlying orchestration logic of the Runestone framework.

3. Digital Telemetry & Cookies

While our core infrastructure is sovereign, our public-facing web presence utilizes standard analytics tools to improve user experience.

  • Web Analytics: We employ Google Analytics 4 (GA4) and PostHog to understand session duration, page interaction, and navigation flows.
  • Cookies: We use cookies to enhance site functionality and assist in marketing efforts. You maintain full control via our Consent Banner and can reject non-essential tracking at any time.

4. Data Collection Scope

We collect data required to ensure system stability and security:

Collected (System)Identification/Contact Data (Name, Email on signup), API Latency, Error rates, Compute metering, Auth timestamps.
Not Collected (Tenant)Prompt contents (unless logging explicitly enabled), Specific Inference outputs, Raw Vector embeddings.

5. Infrastructure & Residency

We utilize a GitOps-native infrastructure that supports Data Residency Pinning.

While we respect geographical boundaries for data processing where explicitly configured, routing optimizations may occasionally transit through intermediary nodes for performance unless strict "Air-Gap" mode is actively provisioned.

6. Third-Party Sub-processors

To deliver our services, we utilize trusted sub-processors (e.g., AWS, Azure, Pinecone).

  • We maintain commercially reasonable selection criteria for vendors (SOC2/ISO 27001).
  • While we enforce Data Processing Agreements (DPAs), CPH.AI assumes no liability for the acts, omissions, or security breaches of third-party infrastructure providers beyond our direct control.

7. Your Rights

We provide mechanisms for control:

  • Right to Erasure: Requesting deletion triggers a cryptographic erasure of your encryption keys. Note that system-level logs and aggregated metadata may be retained for security auditing and compliance purposes.
  • Right to Audit: Enterprise clients may request access to infrastructure audit logs, subject to reasonable notice and confidentiality agreements.

8. Contact & DPO

For inquiries regarding this protocol or specific residency requirements, establish a secure uplink with our Data Protection Officer:

privacy@cph.ai