1. Platform
  • HMS Sovereign API
  • Get started
    • Authentication
    • Introduction
    • Quickstart
  • Core concepts
    • Assistants
    • Calls
    • Phone Numbers
    • Webhooks
  • Platform
    • Billing & Credits
    • EU Data Sovereignty
    • Voice Selection
    • Whitelabel Portal
  • Webhooks
    • Assistant Request
    • End of Call Report
    • Webhooks Overview
    • Webhook Security
    • Status Update
    • Tool Calls
  • Configuration
    • Analysis Templates
    • Custom Tools
    • SIP Trunks
    • Tool Templates
  • Features
    • AI Generation
    • Autonomous Silence Handling
    • Call Analysis
    • Call Transfers
    • Campaigns Setup
    • Outbound Campaigns
    • Voicemail Detection
    • Web Calls
  • Integrations
    • BYOK Setup
    • Provider Pricing
    • xAI Grok Integration
  • Reference
    • Error Codes
    • Rate Limits
    • Troubleshooting
Documentation
API Reference
Documentation
API Reference
Book a meeting
Linkedin
Github
  1. Platform

EU Data Sovereignty

HMS Sovereign enables EU-hosted voice AI calls with strong data residency guarantees, ensuring your data is processed and stored exclusively within the European Union. For organizations with the highest compliance requirements, we also offer fully on-premise deployment options.
🇪
EU Data Residency - When configured with Gladia, Mistral, and Local TTS, your voice AI data never leaves EU soil. All processing occurs within EU data centers.

Infrastructure & Hosting#

HMS Sovereign's platform infrastructure runs on dedicated virtual servers located in Frankfurt, Germany. While the data center and all data processing are physically located within the EU and subject to EU data protection law, the underlying cloud infrastructure provider is a US-headquartered company. This means:
Data residency: All data is stored and processed exclusively within the EU (Frankfurt, Germany)
Physical security: The data center is located in the EU and subject to EU regulations
Corporate jurisdiction: The infrastructure provider's parent company is incorporated in the United States, which means it could theoretically be subject to US legal requests (e.g., under the US CLOUD Act)
For most use cases, this setup provides strong data residency and GDPR compliance. For organizations that require full corporate sovereignty (i.e., no involvement of any non-EU parent company at any level of the stack), we offer dedicated on-premise solutions -- see Enterprise On-Premise Solutions below.

The EU Stack#

ComponentProviderServer LocationProvider HQLegal Entity
PlatformHMS SovereignFrankfurt, DENetherlandsDutch BV
Speech-to-TextGladiaEU-West (France)FranceFrench SAS
Language ModelMistralEuropeFranceFrench SAS
Text-to-SpeechLocal ModelsFrankfurt, DENetherlandsDutch BV
InfrastructureThird-party VPSFrankfurt, DEUnited StatesUS Corporation

HMS Sovereign (Platform & TTS)#

Dutch BV headquartered in the Netherlands. All application logic and TTS models run on EU-located servers in Frankfurt, Germany.

Gladia (Speech-to-Text)#

French SAS headquartered in Paris. EU-West region for GDPR compliance.

Mistral (Language Model)#

French SAS headquartered in Paris. Models trained and hosted in Europe.

Infrastructure Provider#

The virtual servers hosting HMS Sovereign are provided by a US-headquartered cloud provider, but are physically located in Frankfurt, Germany. Data at rest and in transit remains within the EU at all times.

Data Flow#

At no point does data leave the European Union. The entire voice AI pipeline stays within EU borders (Frankfurt, Germany and France).

Setup Guide#

Step 1: Add Gladia API Key#

Navigate to Integrations in your HMS Sovereign dashboard, or add via API:
Get your Gladia API key at gladia.io

Step 2: Add Mistral API Key#

Add your Mistral API key for EU-based language model processing:
Get your Mistral API key at mistral.ai

Step 3: Configure Your Assistant#

Create or update your assistant with the EU-only configuration:

Step 4: Verify Configuration#

Your voice AI calls are now fully EU-sovereign. Test by making a call to your assistant's phone number.

Provider Details#

Gladia (Speech-to-Text)#

Company: Gladia SAS (French Societe par Actions Simplifiee)
Headquarters: Paris, France
Features:
EU-West region for GDPR-compliant processing
90+ languages supported
Code switching (automatic language detection mid-conversation)
Real-time translation capabilities
Custom vocabulary support
Recommended Settings:
{
  "provider": "gladia",
  "model": "solaria-1",
  "region": "eu-west",
  "code_switching": true
}

Mistral (Language Model)#

Company: Mistral AI SAS (French Societe par Actions Simplifiee)
Headquarters: Paris, France
Available Models:
ModelUse CaseSpeed
mistral-small-latestFast responsesFastest
mistral-medium-latestBalanced (recommended)Medium
mistral-large-latestMost capableSlower
ministral-8b-2410LightweightFast
codestral-latestCode-focused tasksMedium
Pricing: 5-10x more cost-effective than US alternatives

Local TTS (Text-to-Speech)#

Operated by: HMS Sovereign (Flireo B.V.)
Headquarters: Netherlands
Features:
Hosted entirely on HMS Sovereign infrastructure
No external API calls for voice synthesis
Low latency voice generation
Multiple voice options available
Local TTS keeps all voice synthesis within HMS Sovereign's EU infrastructure in Frankfurt, ensuring complete control over the final audio output.

Compliance Benefits#

GDPR Compliant#

All AI providers (Gladia, Mistral) are EU companies subject to EU data protection laws from the ground up. HMS Sovereign (Flireo B.V.) is a Dutch company. Data is processed and stored exclusively within the EU.

Data Residency#

All processing occurs within EU borders (Frankfurt, Germany and France). No data is transferred outside of the European Union at any point.

Schrems II#

No transatlantic data transfers are required. Data stays within the EU, eliminating legal uncertainty from EU-US data flows.

US CLOUD Act Considerations#

The AI providers (Gladia, Mistral) and HMS Sovereign itself are EU-incorporated and not subject to the US CLOUD Act. However, the underlying infrastructure provider is a US-headquartered company, which could theoretically be compelled under US law to provide access to data on its servers. In practice, all data is encrypted and the infrastructure provider does not have application-level access to your data. For organizations where this theoretical risk is unacceptable, we offer fully on-premise solutions.

Comparison: US vs EU Stack vs On-Premise#

AspectFully US-BasedHMS Sovereign (EU Stack)On-Premise / Blackbox
Data leaves EUYesNoNo
Subject to US CLOUD ActYesInfra provider only*No
GDPR-native AI providersPartialFullFull
Schrems II concernsYesMinimalNone
Requires SCCsYesNoNo
Typical latency (EU users)HigherLowerLowest
Full corporate sovereigntyNoPartialFull
*The AI providers and HMS Sovereign are EU-incorporated. Only the underlying infrastructure provider has a US parent company. Data is encrypted and the provider has no application-level access.
Important for Regulated Industries
Organizations in healthcare, finance, government, and legal sectors often have strict data residency requirements. Our standard EU stack provides strong data residency within the EU. For the highest level of sovereignty -- where no non-EU entity is involved at any level -- see our Enterprise On-Premise Solutions.

Legal Entities#

HMS Sovereign#

Legal Name: Flireo B.V.
Entity Type: Dutch Besloten Vennootschap (BV)
Jurisdiction: Netherlands
Role: Platform provider, application logic, and Local TTS
Data Processing: All platform data processed on EU-located servers in Frankfurt, Germany

Gladia#

Legal Name: Gladia SAS
Entity Type: French Societe par Actions Simplifiee
Jurisdiction: France
Role: Speech-to-Text processing
Data Processing: Audio transcription in EU-West region (France)

Mistral AI#

Legal Name: Mistral AI SAS
Entity Type: French Societe par Actions Simplifiee
Jurisdiction: France
Role: Language Model inference
Data Processing: LLM inference on European infrastructure

Infrastructure Provider#

Entity Type: US Corporation
Jurisdiction: United States
Role: Virtual server hosting (compute and storage)
Server Location: Frankfurt, Germany (EU)
Data Access: No application-level access. Provides compute resources only. All data is encrypted at rest and in transit.

FAQ#

Is my data ever processed outside the EU?
No. When using Gladia + Mistral + Local TTS, all data processing occurs exclusively within the European Union. Servers are located in Frankfurt, Germany and France.
Do I need Standard Contractual Clauses (SCCs)?
No. Data never leaves the EU, so SCCs for transatlantic data transfers are not required. This simplifies your legal compliance significantly.
What about the US CLOUD Act?
The AI providers (Gladia, Mistral) and HMS Sovereign (Flireo B.V.) are EU-incorporated and not subject to the US CLOUD Act. The underlying infrastructure provider is a US-headquartered company, which could theoretically be subject to US legal requests. However, all data is encrypted and the infrastructure provider has no application-level access. For organizations where this theoretical risk is unacceptable, we offer fully on-premise deployment -- see Enterprise On-Premise Solutions.
Can I mix EU and non-EU providers?
Yes, but you would reduce your data sovereignty posture. For maximum compliance, use all three EU providers together.
Is there a latency difference?
EU users typically experience lower latency with the EU stack since all processing happens geographically closer (Frankfurt and France). For users outside Europe, latency may be slightly higher.
What if I need full corporate sovereignty with no US-affiliated companies at any level?
We offer dedicated on-premise and blackbox deployment options for enterprise clients with the highest compliance requirements. In this model, all hardware and software runs on infrastructure you own or control, with no involvement of any non-EU entity. Contact us for details.

Enterprise On-Premise Solutions#

For enterprise clients in highly regulated industries -- such as government, defense, healthcare, finance, and critical infrastructure -- where absolute data sovereignty is required, HMS Sovereign offers fully on-premise and blackbox deployment options.

Blackbox On-Premise Deployment#

A self-contained, turnkey appliance that runs the entire HMS Sovereign stack on your own hardware or in your own data center:
Complete isolation: No external network dependencies. The entire voice AI pipeline (platform, STT, LLM, TTS) runs on infrastructure you own and control.
No third-party involvement: No US-affiliated (or any foreign) cloud provider at any level of the stack. Full corporate sovereignty.
Air-gapped capable: Can operate in fully air-gapped environments with no internet connectivity.
Your security perimeter: Fits within your existing physical security, network policies, and access controls.

What Is Included#

ComponentDetails
HMS Sovereign PlatformFull platform deployment on your infrastructure
Speech-to-TextOn-premise STT models
Language ModelOn-premise LLM inference
Text-to-SpeechOn-premise TTS engine
Management & MonitoringDashboard and tooling for operations

Compliance Guarantees#

Zero data egress: No data ever leaves your physical premises
Full CLOUD Act immunity: No US or non-EU entity is involved at any level
Schrems II irrelevant: No cross-border data transfers of any kind
Audit-ready: Full control over logging, monitoring, and access trails
Custom DPA: Tailored Data Processing Agreement to meet your specific regulatory requirements
Anything is possible. Whether you need a single rack in your own data center, a fully air-gapped deployment, or a custom hybrid architecture, we work with your security and compliance teams to deliver a solution that meets your exact requirements. No compromise.

Get Started#

Contact our enterprise team to discuss your on-premise requirements:
Email: enterprise@flireo.com
Subject: On-Premise / Blackbox Deployment Inquiry
Our team will work with your IT, security, and legal departments to scope and deliver a deployment tailored to your compliance needs.

Related Documentation#

BYOK Setup Guide - Learn how to add your own API keys for any provider
Assistant Configuration - API reference for creating and configuring assistants
For more information about our EU data sovereignty offering, contact us at support@flireo.com or consult with your legal team regarding specific compliance requirements.
Last updated: February 2026
Modified at 2026-03-17 10:59:50
Previous
Billing & Credits
Next
Voice Selection
Built with