SPNT
Data Sovereignty

Your security data stays in your jurisdiction

EU-hosted infrastructure, GDPR-first architecture, and contractual data residency guarantees. SPNT is not a US entity and is not subject to the US CLOUD Act. No third-country transfers without explicit consent.

The Challenge

Why data sovereignty matters for security tools

Security platforms process your most sensitive data. Where that data lives determines who can access it.

Regulatory compliance

GDPR, NIS2, and sector-specific regulations require data to remain within controlled jurisdictions. US-hosted tools create compliance gaps that auditors increasingly flag.

Legal exposure

The US CLOUD Act allows US authorities to compel disclosure of data held by US companies, regardless of where that data is stored. EU hosting alone does not protect you.

Security posture

Your security tool knows your vulnerabilities, your attack surface, your compliance gaps. This data in the wrong hands is an adversary's dream.

Our Approach

The SPNT sovereignty model

We built Serpentine from day one for organizations that cannot compromise on data residency.

European company, outside the EU

SPNT DOOEL is a European company incorporated in North Macedonia (outside the EU). Serpentine is hosted in EU datacenters; SPNT is not a US entity and is not subject to the US CLOUD Act.

EU datacenter infrastructure

Production infrastructure runs in EU datacenters (OVH, Frankfurt/Amsterdam) operated by partners with ISO 27001 and SOC 2 Type II certifications. EU-hosted by default.

Contractual guarantees

Our DPA includes explicit data residency commitments. We will not transfer data outside the EU without your explicit written consent and appropriate safeguards.

Audit transparency

We publish our CSA STAR self-assessment and maintain a public Trust Center. You can verify our sovereignty claims, not just trust them.

Sovereign Tier

Maximum isolation for maximum control

For organizations that need dedicated infrastructure and enhanced data isolation.

Sovereign Tier

Custom Pricing
Dedicated single-tenant infrastructure
Customer-managed encryption keys (BYOK)
Private network connectivity (VPN/Direct Connect)
Custom data retention policies
On-premises deployment option
Dedicated security and compliance contact
Custom SLA with uptime guarantees
Source code escrow available