SECTION 1 —
Every component in a Parioni Infra deployment is selected for one criterion above all others: does it allow the organisation to maintain complete, verifiable control over their data and systems?
Our core collaboration stack is built on a mature, open-source platform with an established audit trail, active security research, and no commercial relationship with any party that could override your access.
File storage runs on a dedicated server appliance physically held by your organisation. Collaboration, documents, calendar, contacts, and video meetings run through your platform instance, hosted on a regional VPS you control — accessible via a custom domain, with your branding, under your governance policies.
Email operates on your custom domain via a privacy-respecting hosted mail service, keeping your communications professional and sovereign without the complexity of fully self-hosted mail servers.
SECTION 2 —
We treat data location as a first-order architectural decision — not an afterthought.
Files and documents are stored on hardware on your premises. Your shared instance is deployed on a regional VPS you select, based on the jurisdictional requirements of your organisation. You choose the region. You hold the access credentials. The data does not move without your instruction.
We document every data pathway at deployment: what is stored where, how it flows between components, what is cached and for how long, and what happens if a component goes offline. You receive a data map as part of every engagement.
SECTION 3 —
Authentication and access control are managed natively within your shared instance deployment, with role-based access control configured to your organisational structure (similar to Google workspace, but with more sequential control).
For organisations with more complex identity requirements — multiple departments, external collaborators, regulatory audit trails — we incorporate Keycloak, an enterprise-grade open-source identity provider, to manage single sign-on, multi-factor authentication, and fine-grained permission policies.
No authentication event touches a third-party identity service. Your users log in through your system. Access logs are held by you.
SECTION 4 —
In a cloud environment, the platform provider retains a form of administrative authority over your instance. They can respond to government requests, enforce policy changes, suspend accounts, or access data for support purposes.
In a Parioni Infra deployment, there is no such override. We configure and hand over. After deployment, the only administrative authority over your systems is held by the people you designate. We retain no back-door access, no support credentials, and no ability to read your data.
This is not a feature. It is the foundational principle.
SECTION 5 —
Sovereignty without evidence is difficult to demonstrate to a regulator, an LP, or a client. We build for auditability from the ground up.
Access logs, file operations, authentication events, and system changes are all captured within your infrastructure. You can answer the question 'who accessed what, and when?' with evidence you generated and hold.
For organisations subject to external audit — financial regulators, data protection authorities, institutional investors — this is the difference between passing an audit and surviving one.
SECTION 6 —
For organisations that want to use AI tools without exporting their data to a third-party model provider, we offer a private AI inference layer.
This runs on a dedicated Mac Mini M4 (headless) deployed within your infrastructure. The model runs locally. Queries, documents, and outputs are processed on your hardware and never transmitted to an external API.
This is appropriate for organisations handling sensitive client data, confidential deal information, or any material that should not be used to train a commercial model — which, in practice, means most of our clients.