In an era of increasing digital sovereignty concerns, organizations across Europe are demanding more than compliance—they're demanding control. Control over where their data is processed, how it's protected, and who can access it. This shift represents a fundamental change in how businesses evaluate security providers.
Your Security Under European Regulations
Data processing under EU law means something specific: GDPR compliance, adherence to national data protection regulations, and respect for European citizens' fundamental rights to privacy and data control. But true compliance goes deeper than checkboxes. It means architecting systems from the ground up with data protection and privacy as core design principles.
Perimetrical is designed with European regulatory requirements embedded into every layer of its architecture. This isn't a compliance layer added on top of infrastructure designed elsewhere—it's foundational to how the system operates.
We Open to Protect, Not to Spy
SSL/TLS termination at the edge is a technical capability that creates a privacy paradox. To protect your traffic, our WAF must examine the content of your encrypted connections. This inspection power creates the potential for surveillance—the same power that enables protection could enable privacy violation.
Perimetrical resolves this paradox through architectural choices that prioritize privacy by default.
Security in Volatile Memory
When encrypted traffic arrives at our edge locations, SSL/TLS termination happens in volatile RAM memory—not persistent storage. This means the decrypted traffic exists only in memory during the inspection process. Once the traffic is processed and a security decision is made, the decrypted content is never stored to disk.
Think of it like x-ray screening at an airport. The security scanner examines the contents of your luggage, but doesn't photograph or archive what it sees. The examination is thorough, but the data examined is not retained for later analysis.
Guaranteed Privacy
This architectural choice delivers a privacy guarantee that's unusual in the industry: your decrypted traffic is examined for security threats, but never archived, indexed, or made available for historical analysis by Perimetrical staff or administrators. Your privacy is protected not through access controls or audit logs, but through architectural constraints that make data retention impossible.
Data Sovereignty, Immunity from Third Parties
One of the most important concepts in European data protection is immunity from the CLOUD Act—the US legislation that enables US government agencies to compel US companies to hand over data stored in their systems, regardless of where the data is geographically located.
Perimetrical operates exclusively from European infrastructure, processed by European teams, under European law. This means:
- GDPR is your primary data protection framework, not an afterthought to US legislation
- ENS Alta certification confirms adherence to Spanish National Security Framework standards
- Your data is protected by European legal frameworks, not subject to foreign government compulsion
- No CLOUD Act risk because infrastructure is 100% European
- No data sharing with third parties, US government agencies, or foreign intelligence services
Data sovereignty isn't theoretical—it's practical. It means knowing with certainty where your data is processed, under what legal framework it's protected, and who can compel access to it.
Your Logs, Your Rules
Transparency about what happens to your security data is essential. Perimetrical offers multiple options for how you want to handle your security logs:
- Batch Mode: Logs are delivered in batch format to your preferred storage location (S3, GCS, Azure Blob, or any compatible system) on your schedule, not ours
- Audit Mode: Real-time audit logging through Apache Kafka streaming, enabling your security team to ingest logs into your SIEM, perform real-time analysis, and maintain complete log retention under your control
- Granular Control: Define exactly which events you want logged, which fields are included, and where logs are delivered
This isn't a limitation—it's a feature. You maintain complete visibility and control over your security data, not as a customer courtesy, but as a fundamental right under GDPR.
Frequently Asked Questions
Does Perimetrical see my encrypted traffic in plain text?
Yes, SSL/TLS termination means we must decrypt traffic to inspect it for threats. However, the decryption happens in volatile memory only, during the inspection process. Once inspection is complete, the decrypted content is never stored, archived, or retained. Your traffic is examined, but not recorded.
Where is my data stored?
All data processing happens on European infrastructure only. Logs are either delivered to your own storage systems (S3, GCS, Azure Blob) or streamed in real-time through Apache Kafka to your infrastructure. Perimetrical does not maintain persistent data storage of your security events—you do.
Can a foreign government compel you to hand over my data?
No. Perimetrical operates 100% under European law and European infrastructure. The CLOUD Act has no jurisdiction. Data protection obligations flow from GDPR and national data protection regulations, not from US legislation. We maintain no data that could be subject to compulsion under foreign legal frameworks.
Can you share my traffic patterns with third parties?
No. Your security data is your property, under your control. We do not aggregate data across customers, analyze patterns for behavioral profiling, or share insights with third parties. Your data remains your competitive advantage, not our analytics asset.
Control as a Design Principle
Data sovereignty isn't achieved through agreements or assurances. It's achieved through architectural design choices that make privacy violations technically impossible. Perimetrical's European DNA isn't a marketing claim—it's embedded in how the system is designed, where it operates, and how your data is protected.
When you choose Perimetrical, you're not just choosing a security provider. You're choosing control.
Need to strengthen your web security? Our technical team can help you design the perfect protection strategy for your use case.
Get started