Built in Sweden. Designed for EU regulatory compliance from the ground up. Your AI, your data, your hardware.
Stera runs entirely on your own hardware. Unlike cloud AI services, no data ever leaves your device unless you explicitly choose federation. This is not a privacy feature — it is the fundamental architecture of the system.
All AI inference, training, and data processing happens locally. No API calls to external servers. No telemetry, no crash reports, no analytics. Conversations, memories, and learned behaviors are stored exclusively on your filesystem. You control updates, model selection, and system behavior. Nothing changes without your explicit consent.
The EU Artificial Intelligence Act (Regulation 2024/1689) classifies AI systems by risk level. Stera operates as a limited-risk general-purpose AI system with full transparency obligations met.
Transparency — users always know they interact with AI. Human oversight is built in at every level. Technical documentation, data governance, record-keeping, and risk management all satisfy Articles 9 through 52.
Stera includes built-in self-diagnostics, a process supervisor, and complete audit trails — all running locally on your machine.
As a Swedish company, Stera is subject to the General Data Protection Regulation (EU 2016/679). Our architecture inherently satisfies GDPR because all personal data processing occurs on your own hardware.
Data minimization — Stera processes only what you provide. Right to erasure — all data lives on your hardware, delete anything at any time. Data portability — all formats are open and documented. Purpose limitation — your AI serves only you. It does not aggregate data across users or share patterns with third parties.
Because Stera runs entirely on your hardware with no cloud connection, Sweden Top Science & Technology AB does not act as a data controller or processor for your AI interactions. You are the sole controller of your data.
For enterprise deployments, Stera includes a built-in compliance framework supporting GDPR, HIPAA, SOC 2, PCI-DSS, and ISO 27001. The engine enforces data residency rules, breach detection with 72-hour notification timelines, data subject request handling, and audit-immutable logging — all configurable per organization.
Stera supports federated deployments across multiple geographic regions with strict data sovereignty controls. PII stays in the EU. PHI stays in-country. Cross-region task routing requires explicit policy approval. Even in disaster recovery, data stays in allowed regions.
For compliance inquiries, data protection questions, or to request our full technical documentation, contact us at compliance@stera.se.
Sweden Top Science & Technology AB · Stockholm, Sweden