Private Beta

AI deep research that never
leaves EU jurisdiction.

LumaVista runs research agents on European infrastructure, encrypts data with keys on your device, and gives you cited reports with full evidence trails. No US providers. No CLOUD Act exposure. No master key.

Request a Demo Security Whitepaper

Multi-model EU GPU inference AES-256-GCM device encryption Per-user data isolation GDPR deletion: absolute

Only European companies in the data path

Infrastructure: European. AI models: multiple open-source models, each matched to task. Search: self-hosted. Storage: per-user encrypted databases on EU servers.

We don't use AWS, Azure, Google Cloud, OpenAI, or Anthropic — because the CLOUD Act reaches all of them, regardless of server location.

Multi-agent, multi-model research engine

Your question is decomposed by a planner (reasoning model), executed by search agents (fast model), validated for source reliability, and synthesized into a cited report by a writer (large model). Each agent gets the model best suited for its task.

Every conclusion traces to its source. Watch the research graph expand in real time.

Keys on your device

At account creation, an encryption key is generated in your device's Secure Enclave (iOS) or StrongBox (Android). This key never leaves your device in plaintext.

It encrypts everything — research, documents, memory, settings. We hold no master key. If all your devices are lost, your data is irrecoverable — by design.

Auditable by design

Model provenance (which AI, where hosted), content sensitivity classification, redaction decisions, and access patterns — all logged to a tamper-evident audit trail.

Built for the security review, not around it.

Architecture at a glance

AI Models	Multiple open-source models on dedicated EU GPU servers Right model per task — reasoning, search, synthesis. No third-party inference API.
Search	Self-hosted SearxNG No queries to Google, Bing, or any third-party search API
Compute	Scaleway / OVHcloud / Hetzner French and German jurisdiction
Storage	Per-user BadgerDB (embedded) GDPR deletion = rm -rf data/<userID>/
Encryption	AES-256-GCM, device-controlled keys Secure Enclave (iOS) / StrongBox (Android)
Protocol	Binary protobuf over WebSocket No REST API data in server logs
Security Mesh	InboundFilter + OutboundGuard Every external connector filtered and monitored
CLOUD Act Exposure	None No US-headquartered company in stack

How it works

Define your question

Regulatory analysis, competitive intelligence, due diligence, literature review — describe the research goal.

Agents execute

Planner decomposes. Searchers find sources. Reasoners validate. Writer synthesizes. You watch and steer.

Receive cited report

Every claim linked to its source. Full evidence trail. Export as PDF, Markdown, or explore the research graph.

Your infrastructure, your rules

Fastest start

LumaVista Cloud

Hosted on EU-sovereign infrastructure. Managed, updated, monitored. You bring your research questions.

Dedicated Instance

Your own isolated deployment on EU cloud providers. Dedicated compute, storage, and network. We manage it.

Maximum control

On-Premise

Deploy on your own servers. Air-gapped environments supported. Bring your own models. Full control.

Technical FAQ

What does "no CLOUD Act exposure" mean precisely?

The CLOUD Act (2018) allows US authorities to compel any US-controlled company to produce data, regardless of server location. Our stack contains no US-headquartered company: AI inference runs on privately hosted GPU servers in EU data centers, compute from European providers (Scaleway/OVHcloud/Hetzner, France/Germany), search is self-hosted SearxNG. No third-party API ever sees your queries. There is no legal mechanism for US authorities to compel data production from our infrastructure.

Why not use OpenAI or Anthropic APIs?

OpenAI and Anthropic are US-headquartered companies subject to the CLOUD Act and FISA 702. Even API calls create metadata under US jurisdiction. We run multiple open-source models on dedicated GPU servers in European data centers — each selected for the task (reasoning, search, synthesis). No API provider ever sees your prompts. Open-source frontier models now reach 90%+ of closed-model quality, and we control the full inference stack.

How does device-controlled encryption work?

At account creation, a Data Encryption Key (DEK) is generated inside your device's hardware security module (Secure Enclave on iOS, StrongBox on Android). The DEK encrypts all your data using AES-256-GCM before it leaves your device. We store only ciphertext. The DEK never exists in plaintext on our servers. Recovery requires a second enrolled device or a printed QR code.

Do you have SOC 2 / ISO 27001?

In progress. Our security whitepaper provides full technical documentation: encryption architecture, threat model, key management, data flow diagrams, and security mesh design. Many enterprise evaluators have found this level of transparency more actionable than a certification checkbox.

What happens if LumaVista ceases operations?

Your data is encrypted with keys only you hold. Without our platform, ciphertext remains on infrastructure you can export. The research engine is built on open standards (protobuf, BadgerDB, open-source models). On-premise customers run the full stack — including model inference — independently.

See the architecture.

Read our security whitepaper, then decide if your current research tools meet the same standard.

Read the Whitepaper Request a Demo

AI deep research that never leaves EU jurisdiction.