Sovereignty as a default,
not an add-on.
XplicitTrust is built, hosted, and supported in Germany, and operated under European law. Identities, audit logs, and policy data stay inside the jurisdiction you operate in. Your data is end-to-end encrypted.
Control plane in Germany. Tunnels all around the world.
The boring, specific version of digital sovereignty: where the data sits, who can legally compel access, and which decisions you keep in your own hands.
Customer data and admin console
In Germany. One legal entity, one operator.
The control plane and the data it holds, accounts, policies, posture results, audit history, run inside Germany. One operator under one set of European obligations, not a chain of subprocessors across multiple jurisdictions.
Relays around the world, all blind
End-to-end encrypted between endpoints. Relays never see your data.
Tunnels are encrypted directly between the two endpoints. Relays forward ciphertext from one peer to the other. They don't terminate the session, they don't hold the keys, and they don't see your traffic. A global relay fabric becomes a performance feature, not a sovereignty exposure.
Identity stays with your IdP
Microsoft Entra, Google, Keycloak, BareID, with European data residency.
Authentication runs against the identity provider you already trust, in the European region you already configured. We never store user passwords and we don't issue parallel credentials. Removing a user from your IdP removes them from XplicitTrust.
Audit logs you actually own
Read, export, and delete on your schedule.
Connection events, policy decisions, and admin changes are yours to read, export to your SIEM, and delete according to your retention rules. Retention is a setting in the console, not a contract negotiation.
GDPR in spirit, not just on paper
Less collected by design, not as a checkbox. The GDPR exists to protect people from surveillance and to keep them in control of their data. Most products comply with the letter. We've tried to follow the spirit, by not collecting in the first place.
Data minimization by design
We don't see your traffic. We don't ask for what we don't need.
Tunnels are end-to-end encrypted, so the control plane never sees user payloads. Identity stays with your IdP, not duplicated in our database. Telemetry is scoped to operating the service, not to building behavioral profiles. Less data on our side is less data to lose.
No business model for your data
Sold through partners. No ads, no resale, no third-party trackers.
We earn money one way: licensing the product to certified partners who sell it to you. There is no advertising business, no analytics resale, no pixel from a marketing cloud sitting inside the agent. There is no incentive to collect more than the service needs.
Subject rights as product features
Access, export, deletion, and retention are admin console buttons.
Reading, exporting, and deleting personal data are operations in the admin console, not workflows mediated by lawyers. Retention is configurable per customer. The compliance story lives in what the product does, not in language buried in the data processing agreement.
A short, named sub-processor list
EU-only. No catch-all "we may use cloud providers" clause.
The third parties we rely on to run the service are listed by name and jurisdiction. The list is short, kept inside the EU, and any change is announced rather than absorbed into a generic clause. Easy to audit, harder to game.
Origin and hosting matter. They don't matter alone.
A flat tunnel on a sovereign stack still hands an attacker the whole network the moment one identity is compromised. Sovereignty without architecture is a paper claim.
Segmentation by identity, posture, location, time
A breach of one identity stays one identity.
Every connection is an identity decision, evaluated against device posture, location, and time of day. A compromised account reaches only what its policy permits, regardless of where the gateway happens to live.
End-to-end encryption between endpoints
No plaintext traffic on the control plane.
Data plane traffic is encrypted directly between endpoints. The control plane holds keys to authorize and orchestrate, not to read your sessions. A relay outage or seizure does not yield decrypted user traffic.
Replaceable parts, by design
Sovereignty is not just where the bytes sit. It's whether you can leave when you want to. The protocols and interfaces underneath XplicitTrust are open, documented, and used by other vendors too.
Tunneling: open and audited
Modern, peer-reviewed crypto on a public protocol. Your endpoints stay interoperable, not locked into a proprietary wire format.
Identity: OAuth 2.0 & OIDC
Open, widely adopted authentication standards. No proprietary broker between you and your directory.
Posture & telemetry: open APIs
Documented endpoints for events, posture, and asset data. Pipe into your SIEM, your asset DB, or your homegrown audit tooling.
Compliance: GDPR by default
Audit hooks for the workflows European auditors expect, including BSI IT-Grundschutz and NIS2 reviews.
Engineered in Germany. Operated in the EU. Sold across Europe.
Sovereignty is also about who you can pick up the phone and call. XplicitTrust is sold and supported through certified partners with European contracts and European invoices, in the language and time zone your team works in.
Engineering in Germany, control plane in the EU
Product and platform teams in Germany. Control-plane operations across EU regions, for redundancy without leaving the bloc. The relay fabric is global to keep latency low; tunnels are end-to-end encrypted, so the relays carry ciphertext only. The legal entity, support contracts, and data processing agreements are European.
European partners, local relationships
We sell only through certified partners. The relationship that matters most, the one with someone who knows your environment, is with your partner. We back them up.
Need a sovereign deployment?
Tell us about your residency, certification, or audit requirements. We can introduce you to a certified partner in your region and walk through the deployment options that fit.