Your security data stays in your jurisdiction
EU-hosted infrastructure, GDPR-first architecture, and contractual data residency guarantees. SPNT is not a US entity and is not subject to the US CLOUD Act. No third-country transfers without explicit consent.
The Challenge
Why data sovereignty matters for security tools
Security platforms process your most sensitive data. Where that data lives determines who can access it.
Regulatory compliance
GDPR, NIS2, and sector-specific regulations require data to remain within controlled jurisdictions. US-hosted tools create compliance gaps that auditors increasingly flag.
Legal exposure
The US CLOUD Act allows US authorities to compel disclosure of data held by US companies, regardless of where that data is stored. EU hosting alone does not protect you.
Security posture
Your security tool knows your vulnerabilities, your attack surface, your compliance gaps. This data in the wrong hands is an adversary's dream.
Our Approach
The SPNT sovereignty model
We built Serpentine from day one for organizations that cannot compromise on data residency.
European company, outside the EU
SPNT DOOEL is a European company incorporated in North Macedonia (outside the EU). Serpentine is hosted in EU datacenters; SPNT is not a US entity and is not subject to the US CLOUD Act.
EU datacenter infrastructure
Production infrastructure runs in EU datacenters (OVH, Frankfurt/Amsterdam) operated by partners with ISO 27001 and SOC 2 Type II certifications. EU-hosted by default.
Contractual guarantees
Our DPA includes explicit data residency commitments. We will not transfer data outside the EU without your explicit written consent and appropriate safeguards.
Audit transparency
We publish our CSA STAR self-assessment and maintain a public Trust Center. You can verify our sovereignty claims, not just trust them.
Sovereign Tier
Maximum isolation for maximum control
For organizations that need dedicated infrastructure and enhanced data isolation.