AI that stays in-jurisdiction
and on the record.
Residency pinning, dedicated and VPC tenancy on Enterprise, an append-only audit trail for oversight, and procurement paperwork you can read before the first call.
DPA + SLA published · cross-region movement is opt-in only
- 9Residency regionsUS + EU GA, more on request
- 3Tenancy optionsManaged · dedicated · VPC
- Append-onlyAudit trailEvery administrative action
- DPA + SLALegal artifactsPublished and linkable
Pin the region. Pick the isolation.
Most agencies run on the managed, RLS-isolated gateway. When shared infrastructure is not acceptable, Enterprise adds a dedicated single-tenant deployment — or runs Nemo Router inside your own GCP, AWS, or Azure account so prompts never leave your perimeter. Either way the region is pinned at provision time and data never moves across regions without an explicit migration request.
- Managed: RLS-isolated, generally available, live in minutes
- Dedicated: isolated database + routing engine, region-pinned
- VPC / BYO-cloud: your account, your perimeter — we operate the control plane
- Append-only audit trail with actor, IP, and diff — CSV/JSON export for the oversight file
Tenancy 03 — VPC / BYO-cloud
Inside your cloud account
GCP · AWS · Azure — traffic never leaves your perimeter
Tenancy 02 — dedicated
Single-tenant deployment
Isolated database + routing engine · region-pinned
Tenancy 01 — managed
Shared, RLS-isolated gateway
Generally available · live in minutes · US default
All 9 residency regions
Need a region not listed? Most major cloud regions can be pinned on a dedicated deployment — ask sales.
Guardrails on every request
Prompt-injection detection and PII redaction run inline on constituent-facing assistants — included on every plan.
Program-level budgets
Hard and soft caps per org, team, and key, so AI cost is attributable to the program that incurred it.
Procurement-ready paperwork
DPA and SLA published and linkable; MSA on request, redlines welcome; completed security questionnaire available.
What we hold, and what we do not.
- No FedRAMP authorization today. We state this plainly. If your procurement requires a specific government authorization, raise it early and we will scope what is feasible.
- SOC 2 Type II is in progress (target Q3 2026); SOC 2-aligned controls operate today. The infrastructure substrate is independently SOC 2 Type II and ISO 27001 certified.
- GDPR-compliant, with a published DPA and EU Standard Contractual Clauses for subprocessors.
Running a procurement or security review? security@nemorouter.ai will send a completed questionnaire and a controls walkthrough.
Public-sector questions, answered
Can data stay inside our jurisdiction?
Yes. United States is the default footprint. EU residency is generally available on Enterprise, and the UK, Canada, Australia, Singapore, and India are available on request. Customer data is replicated within a single region and is never moved without an explicit migration request. For a region not listed, a dedicated deployment can usually be pinned to most major cloud regions.
Can Nemo Router run inside our own cloud environment?
On Enterprise, yes. Dedicated tenancy gives you a single-tenant Nemo Router deployment with an isolated database and routing engine. VPC / BYO-cloud deployment puts Nemo Router inside your own GCP, AWS, or Azure account so prompts and keys never leave your network perimeter. Both are scoped engagement-by-engagement with your cloud and security teams — we are candid about what is generally available versus a scoped engagement.
Is Nemo Router authorized under a government compliance program?
We are direct about this: Nemo Router does not currently hold FedRAMP authorization or other government-specific certifications. Nemo Router operates SOC 2-aligned controls today, with a formal SOC 2 Type II audit in progress (target Q3 2026), and the infrastructure substrate (Google Cloud Run, Supabase) is independently SOC 2 Type II and ISO 27001 certified. If your procurement requires a specific authorization, tell us early so we can scope what is and is not possible — we will not imply a certification we do not hold.
What does procurement get to review up front?
The Data Processing Addendum and Service Level Agreement are published and linkable today. The Master Service Agreement and a HIPAA BAA are issued on request through the Enterprise team, and redlines are welcome. A completed vendor security questionnaire and a controls walkthrough are available from security@nemorouter.ai.
Bring us your residency map and procurement checklist.
We will walk through tenancy options, the residency footprint, the audit trail, and the DPA — and be candid about any authorization we do not yet hold.
9 residency regions · dedicated + VPC tenancy on Enterprise · DPA + SLA published · SOC 2 Type II audit in progress