AI that runs inside your boundaries
Where does the data live? Who owns the keys? What happens when the internet is cut? Sovereignty questions are settled before deployment, not after. NOVA answers them with three paths: in-Kingdom cloud by default, your own private cloud (VPC) with keys you own, or a full on-premises deployment: including environments completely air-gapped from the internet.
Three paths, one governance model
The deployment decision summarized on one page: full technical detail on architecture, upgrades and support on the deployment & sovereignty page.
Launch today: your data never leaves the Kingdom
Fully managed infrastructure in Saudi data centers: automatic updates, elastic scale and round-the-clock monitoring: while your team focuses on the flows, not the servers.
- Data residency in Saudi Arabia by default
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Backups and disaster recovery
- Ready immediately: no infrastructure to manage
Inside your cloud, under your policies
NOVA runs inside your own cloud account: your network, your keys, your security policies: with managed updates from us that never touch your data.
- Runs inside your private network, fully isolated
- Encryption keys you own and manage
- Aligns with your security policies and single sign-on (SSO)
- Managed upgrades under an agreed maintenance window
Full sovereignty: even without internet
For government entities and sensitive sectors: NOVA installs entirely inside your data center, with support for environments fully isolated from the internet (air-gapped), plus licensing and on-site support.
- Installs in your infrastructure: containers or Kubernetes
- Operates fully air-gapped from the internet
- Integrates with your identity and monitoring systems
- Field support and a service-level agreement (SLA)
Readiness that is measured, not narrated
One dashboard for control coverage, the evidence register and the review queue: so your team walks into the security review with a ready file, not promises.
Illustrative readiness dashboard: data is fictional, for demonstration.
Every deployment decision leaves a provable trail
A security review does not just ask "what did you do?": it asks you to prove it. In NOVA, deployment and operations decisions are documented automatically: who enabled what, when, under which verification reference: and exported as ready bundles for internal or external review.
That supports your audit readiness from day one: see the security model and audit readiness.
Every event carries its actor, time and reference: a record you review, not debate.
A security review bundle, an audit readiness bundle and a data residency report: exported on demand.
From the first security question to go-live
A path we know well because we walk it with every entity that has sovereign requirements: step by step, no surprises.
Scope & sovereignty sessionOne session
We define your data classification, residency requirements and best-fit path: in-Kingdom cloud, VPC, or on-premises.
Control documentation & security questionnaireWe aim to respond within one business day
We provide your review team with control and architecture details on request and answer your security questionnaire: the same substance is published in the Trust Center.
Deployment design with your teamsPaced by environment readiness
Network, identity and monitoring: we map the integration with your security and infrastructure teams: with your keys and policies in the private paths.
A governed pilotAgreed scope
A limited-scope flow on agreed data, with the audit trail enabled from the first minute: so readiness is measured on reality, not slides.
Contract & operateContracts in Saudi Riyals
The data processing agreement (DPA) and service-level agreement (SLA) inside the contract, then expansion flow by flow.
Sovereignty is an architectural decision: where the data lives, who owns the keys: and who can prove it.A NOVA design principle
What security teams ask before deploying
Yes: the on-premises path installs NOVA inside your data center using containers or Kubernetes, and operates fully isolated from the internet, with licensing, on-site field support, and integration with your identity and monitoring systems.
On NOVA Cloud, encryption is managed: TLS 1.3 in transit and AES-256 at rest. In your private cloud (VPC) or on-premises, the encryption keys are owned and fully managed by you.
We claim no official certification from any regulator, and we do not use that language. What we say is verifiable: NOVA's controls are designed to support your compliance journey and audit readiness: the details are published in the Trust Center and on the Saudi compliance page.
It depends on your environment's readiness and your procurement cycle more than on us. The review path on this page defines the stages clearly, and you can start a governed pilot on NOVA's in-Kingdom cloud today while the private deployment completes.
Deepen the review at its sources
Deployment & sovereignty
The full technical detail of all three paths: architecture, upgrades and support.
Read the detailsSecurity at NOVA
Encryption, permissions, the audit trail and environment isolation: phrased so reviewers can quote it.
The security modelSaudi compliance
How the controls are designed to support your compliance journey: with a readiness assessment.
Assess your readinessIllustrative case templates
How AI deploys inside organizational boundaries: sector templates with stated assumptions.
Browse the templatesDeploy with confidence: and prove it.
Bring your security team to the same session: we discuss sovereignty requirements, answer the questionnaire, and map the right deployment path: before any commitment.