JURISDICTION, STATED
A dev environment for code your DPO has to answer for. Hosted in France, by a company under French law.
Persistent dev environments running your team's own coding agents, on your own keys. Permia SAS has no US parent and no US point of presence. A warrant for your code reaches a French court first.
- Hosted in France
- Company under French law
- No US parent
- Signable DPA
- Bring your own keys
your devices
laptop · phone
your persistent terminal
code · env · history stay here
keys: byok (yours)
session live
the environment stays here
model vendor
the one you chose
what the agent sends travels to the vendor you chose, on your keys, on your account
RESIDENCY IS NOT THE WHOLE QUESTION
Where data sits, and who can compel access to it, are two different questions.
The US CLOUD Act lets US authorities compel US-controlled companies to produce data they hold, wherever the servers are. That is the statute, not a reading of it. A US-owned cloud with an EU region answers the first question and leaves the second one open.
Permia is structured to answer both. The operating entity is French, the ownership chain has no US link, and the infrastructure has no US point of presence. A US request finds no entity it can compel. An EU request goes through EU procedure, in front of an EU judge, the way it would for any processor here.
We state scope, not immunity. The jurisdictional reasoning is documented in the DPA.
ONE SESSION, ONE BOUNDARY
Where the session runs
your devices
laptop · phone
your persistent terminal
code · env · history stay here
keys: byok (yours)
session live
the environment stays here
model vendor
the one you chose
what the agent sends travels to the vendor you chose, on your keys, on your account
The session your team uses every day is a real tmux or zellij session on a Linux box, and it runs inside this boundary, in a French datacenter. The model provider your developers choose, Claude Code, Codex, Mistral or a local model, sits outside it, reached directly with their own keys, on their own account, no markup. We sell the environment and the hosting, never the model.
GDPR, as documents you can sign, trace and audit.
Sign it.
A DPA mapped to the GDPR articles it serves, downloadable on this page before any call, written for a processor role you can put in front of your lawyer.
Trace it.
The sub-processor list is published and the data residency documented. No transfer outside the EU by us; BYOK traffic runs on your keys and your account, and the diagram above shows exactly where it crosses.
Audit it.
Operational access is logged. Log retention and access scope are stated in the AUP, breach notification terms in the DPA.
FOR YOUR OWN CLIENTS
The DPA you sign with us is the one you show your clients.
If your contracts make you a processor for someone else's data, your sub-processors are their problem too. Every vendor you add is another line in your own sub-processor list. Permia's DPA is written to sit in your vendor file: named entity, named datacenter, documented residency. The answer to your client's security questionnaire becomes a forwarded document, not a meeting. Doesn't matter where your own company sits: if your clients are in the EU, this page is the file you forward them.
one DPA · enforceable downstream · under French lawWhat runs where, and what we can see.
Isolate your workloads.
Each environment runs in its own VM with its own filesystem. Per client, per project on the regulated line.
Keep your keys.
Agent keys are stored and used only inside your environment. We never proxy or resell model access, and the AUP says so in a clause, not a blog post.
What Permia can and cannot access
We will not claim zero access, because no host can honestly claim it. As the host we hold operational access for provisioning, backup and incident response, and that access is logged. We do not read your code in the course of operations, and we do not use your model keys, a prohibition written into the AUP and the DPA: they authenticate your account with your model vendor, not ours. Exact scope and log retention are in the AUP.
Single-tenant line, audit log and SSO: see Teams & Enterprise →What is contractual today, and what is not yet certified.
Permia is independently owned. No US shareholder, no hyperscaler underneath. Your exit is part of the product: everything in your environment is standard Linux, git and exportable backups, so reversibility is a documented procedure: export the backup, clone your repos, restore on any Linux box. The exit runbook is delivered at contract; the deletion-and-return commitment is in DPA §7, readable now. If you leave, you leave with everything.
In place today
| EU hosting, French datacenter | in place |
|---|---|
| Signable DPA | in place |
| Documented residency | in place |
| Public sub-processor list | in place |
Not yet held
| SecNumCloud | roadmap, not certified |
|---|---|
| HDS | roadmap, not certified |
Read the documents before you talk to anyone.
| Question | Answer |
|---|---|
| Does customer code leave the EU through Permia? | No |
| Does Permia use or hold your model keys? | No: contractually prohibited (AUP §3) |
| Does Permia provide or resell LLM access? | No |
| Is a DPA included? | Yes |
| Is the regulated line single-tenant? | Yes |
Paste this table into your vendor questionnaire. Each answer traces to a document above.
Asked by people in your job
Can a US authority compel access to my code through Permia?
There is no entity to serve. The CLOUD Act compels US-controlled companies; Permia SAS has no US parent, no US ownership link, and no US point of presence. An EU request goes through EU procedure. We state scope, not immunity; the jurisdictional reasoning is documented in the DPA.
Does Permia ever provide or resell LLM access?
No, never. The AUP carries an explicit no-LLM-resale clause you can read before signing anything. Your developers bring their own keys: their account, their pricing, no markup, and they can swap agents without moving.
Where do my prompts go under BYOK?
To the model vendor your developers choose, directly, on their own keys. If they pick Claude Code, prompt and code context reach Anthropic under your agreement with Anthropic, not through us. The boundary diagram above shows exactly where that traffic crosses. If you need it to cross nowhere, run a local model inside the environment.
Is the infrastructure multi-tenant?
Each environment is its own VM with its own filesystem, on every line. The regulated line is single-tenant on top of that: dedicated capacity, per client, per project. Depth on audit log and SSO is on Teams & Enterprise; SLA terms are provided with the quote.
What happens if we leave?
You leave with everything. The environment is standard Linux, your repos are git, backups are exportable: export the backup, clone your repos, restore on any Linux box. The exit runbook is delivered at contract; the deletion-and-return commitment is in DPA §7, readable today, not a clause you have to litigate.
Are you SecNumCloud or HDS certified?
No, not yet. Both are on the roadmap and we will not claim them early. What is contractual today: EU hosting in a French datacenter, a signable DPA, documented residency and a public sub-processor list. If your project legally requires HDS now, we are not your host yet, and we will tell you so on the call.
The documents are above. The proof is a 20-minute demo.
Bring your DPO and a lead dev to the same call. You will see the session survive a closed lid, and where it ran. Book a 20-min demo. A human in France answers.