HMS Sovereign enables EU-hosted voice AI calls with strong data residency guarantees, ensuring your data is processed and stored exclusively within the European Union. For organizations with the highest compliance requirements, we also offer fully on-premise deployment options.
πͺEU Data Residency - When configured with Gladia, Mistral, and Local TTS, your voice AI data is processed and stored exclusively within the European Union. All platform infrastructure is hosted by a German company on German servers.
HMS Sovereign's platform infrastructure runs on dedicated virtual servers provided by Hetzner Online GmbH, a German company headquartered in Gunzenhausen, Bavaria. Servers are located in Nuremberg, Germany. This means:
Data residency: All data is stored and processed exclusively within the EU (Germany)
Physical security: The data center is located in Germany and subject to EU regulations
Corporate jurisdiction: The infrastructure provider is a German company incorporated under German law, fully subject to EU data protection legislation and not subject to the US CLOUD Act
This is a meaningful distinction from many competing platforms that rely on US-headquartered cloud providers. The entire HMS Sovereign stack β from infrastructure to application to AI providers β involves only EU-incorporated entities.
*Gladia routes requests to EU-West by default. Gladia manages their own infrastructure failover; in rare cases of EU-West unavailability, Gladia may fall back to non-EU servers. See Gladia section below.
HMS Sovereign runs on servers provided by Hetzner Online GmbH, a German company. Servers are physically located in Nuremberg, Germany. As a German entity, Hetzner is subject to EU law and GDPR, and not subject to the US CLOUD Act.
Under normal operating conditions, data does not leave the European Union. The entire voice AI pipeline runs within EU borders (Germany and France). See the note on Gladia failover below.
Gladia routes requests to their EU-West region (France) by default. Gladia manages their own infrastructure and may automatically fail over to non-EU servers (us-east) in the event of EU-West unavailability. This is a Gladia infrastructure decision outside HMS Sovereign's control. For organizations that cannot accept any possibility of data leaving the EU, we recommend using on-premise STT via our Enterprise On-Premise Solutions.
HMS Sovereign offers a built-in recording consent flow that lets callers actively opt in before any recording or AI processing begins. This is an opt-in feature that can be enabled per assistant.
When enabled, the following happens before any AI interaction:
1.
The caller hears a TTS-spoken consent message (using the assistant's configured TTS provider)
2.
The caller presses 1 to agree β recording starts and the AI assistant begins
3.
The caller presses 2 to hang up β the call ends immediately, no data is stored
4.
If no key is pressed within 10 seconds, the message repeats once, then the call ends
Crucially, no audio is sent to any STT provider, no LLM is invoked, and no recording starts until the caller presses 1. The only external call before consent is the TTS synthesis of the consent message itself.
Enable the consent flow by adding recording_consent to your assistant configuration:
{"recording_consent":{"enabled":true,"message":"This call may be recorded and will be processed by an AI assistant. Press 1 to agree, or press 2 to hang up."}}
GDPR Article 6/7: Explicit consent for processing voice data, with a clear opt-out path
CCPA: Prior notice and opt-out for recording
Regulated industries: Healthcare, finance, and legal sectors that require explicit consent before AI interaction
Call centers: Replacing manual "this call may be recorded" announcements with a verifiable, logged consent step
The consent message is spoken by your assistant's own TTS provider, so it uses the same voice your callers will hear during the conversation. No extra voice configuration is needed.
All AI providers (Gladia, Mistral) are EU companies subject to EU data protection laws from the ground up. HMS Sovereign (Flireo B.V.) is a Dutch company. The infrastructure provider (Hetzner) is a German company. Data is processed and stored exclusively within the EU under normal operating conditions.
All processing occurs within EU borders (Germany and France) under normal operating conditions. The only exception is Gladia's infrastructure failover behavior, which is outside HMS Sovereign's control.
No transatlantic data transfers are required. Data stays within the EU, eliminating legal uncertainty from EU-US data flows. Note the Gladia failover caveat above.
The AI providers (Gladia, Mistral), HMS Sovereign (Flireo B.V.), and the infrastructure provider (Hetzner Online GmbH) are all EU-incorporated entities and are not subject to the US CLOUD Act. This is a meaningful advantage over platforms that rely on US cloud infrastructure.
Organizations in healthcare, finance, government, and legal sectors often have strict data residency requirements. Our standard EU stack provides strong data residency within the EU, with Hetzner (German GmbH) as the infrastructure provider. The one nuance is Gladia's potential failover behavior. For absolute data sovereignty guarantees β where no possibility of data leaving the EU exists β see our Enterprise On-Premise Solutions.
Legal Name: Flireo B.V.Entity Type: Dutch Besloten Vennootschap (BV)Jurisdiction: NetherlandsRole: Platform provider, application logic, and Local TTSData Processing: All platform data processed on EU-located servers in Nuremberg, Germany
Legal Name: Gladia SASEntity Type: French Societe par Actions SimplifieeJurisdiction: FranceRole: Speech-to-Text processingData Processing: Audio transcription in EU-West region (France) by default; see failover note above
Legal Name: Mistral AI SASEntity Type: French Societe par Actions SimplifieeJurisdiction: FranceRole: Language Model inferenceData Processing: LLM inference on European infrastructure
Legal Name: Hetzner Online GmbHEntity Type: German Gesellschaft mit beschrΓ€nkter Haftung (GmbH)Jurisdiction: GermanyRole: Virtual server hosting (compute and storage)Server Location: Nuremberg, Germany (EU)Data Access: No application-level access. Provides compute resources only. All data is encrypted at rest and in transit. As a German entity, fully subject to EU law and GDPR.
Is my data ever processed outside the EU?Under normal operating conditions, no. When using Gladia + Mistral + Local TTS, all data processing occurs within the European Union (Germany and France). The one exception is Gladia's infrastructure failover: in the event of EU-West unavailability, Gladia may route requests to non-EU servers. This is a Gladia infrastructure decision outside HMS Sovereign's control.Do I need Standard Contractual Clauses (SCCs)?No. Under normal operating conditions, data never leaves the EU, so SCCs for transatlantic data transfers are not required.What about the US CLOUD Act?The AI providers (Gladia, Mistral), HMS Sovereign (Flireo B.V.), and the infrastructure provider (Hetzner Online GmbH) are all EU-incorporated entities and are not subject to the US CLOUD Act. This is a strong advantage over platforms relying on US cloud infrastructure.Can I mix EU and non-EU providers?Yes, but you would reduce your data sovereignty posture. For maximum compliance, use all three EU providers together.Is there a latency difference?EU users typically experience lower latency with the EU stack since all processing happens geographically closer (Nuremberg and France). For users outside Europe, latency may be slightly higher.What if I need an absolute guarantee that data never leaves the EU?The standard EU stack provides strong data residency, but Gladia's failover behavior means an absolute guarantee cannot be given for STT. For that level of certainty, we offer dedicated on-premise deployment with on-premise STT models β see Enterprise On-Premise Solutions.
For enterprise clients in highly regulated industries -- such as government, defense, healthcare, finance, and critical infrastructure -- where absolute data sovereignty is required, HMS Sovereign offers fully on-premise and blackbox deployment options.
A self-contained, turnkey appliance that runs the entire HMS Sovereign stack on your own hardware or in your own data center:
Complete isolation: No external network dependencies. The entire voice AI pipeline (platform, STT, LLM, TTS) runs on infrastructure you own and control.
No third-party involvement: No non-EU entity at any level of the stack. Full corporate sovereignty.
Air-gapped capable: Can operate in fully air-gapped environments with no internet connectivity.
Your security perimeter: Fits within your existing physical security, network policies, and access controls.
Zero data egress: No data ever leaves your physical premises
Full CLOUD Act immunity: No US or non-EU entity is involved at any level
Schrems II irrelevant: No cross-border data transfers of any kind
Audit-ready: Full control over logging, monitoring, and access trails
Custom DPA: Tailored Data Processing Agreement to meet your specific regulatory requirements
Anything is possible. Whether you need a single rack in your own data center, a fully air-gapped deployment, or a custom hybrid architecture, we work with your security and compliance teams to deliver a solution that meets your exact requirements. No compromise.
For more information about our EU data sovereignty offering, contact us at support@flireo.com or consult with your legal team regarding specific compliance requirements.
