Where the AI runs matters

Personal data and trade secrets never leave the client’s datacenter.

By design.

That’s the sentence that opens most of our conversations with IT directors at mid-to-large industrial companies. Not because we want to impress — because it’s the point where the AI-applied-to-operations conversation either starts, or never goes anywhere.

The question behind it is simple: where will the data live, and who operates the engine that acts on it?

The default answer from the AI SaaS market is: “in our cloud, we operate it.” For most consumer use cases, that works. For mid-to-large industry with process trade secrets, a contract with a major energy company, a sanitary audit, or a license under FDA — it doesn’t work. And “doesn’t work” isn’t an exotic requirement; it’s the real standard of the market that matters.

The “cloud or nothing” binary doesn’t hold

Anyone who has worked with technology for a while knows the frontier:

• Managed public cloud — economies of scale, continuous updates, zero capex. But the data lives outside the client’s perimeter; trade secrets become a contractual arrangement rather than a physical barrier.
• Traditional on-prem stack — absolute control, no external dependency. But it requires an internal operations team, long update cycles, and typically can’t match the product velocity of its SaaS counterpart.

Over the last 15 years, industry chose to run most of its critical systems in that second category — Protheus, SAP Business One, Sankhya, Senior, MES, QMS, all running inside the perimeter. For real reasons: the process trade secret, the contract margin, the procedure that was calibrated over 20 years of operation — none of that can leave.

When an AI vendor shows up offering “everything in our cloud,” the boundary locks up. Not because the client doesn’t want AI. Because the offer’s design doesn’t respect the perimeter they built over a decade.

The new category needs a different design.

Sovereign on-prem — what it is, what it delivers

In F7 KORE, “sovereign on-prem” means the following:

• The entire platform — IRIS Data Platform, AI engine, transactional database, audit log, process queue, ERP integration — runs inside the client’s datacenter. It can be a physical server in the company’s rack, the client’s private cloud, or a Kubernetes cluster on a private cloud — as long as the perimeter belongs to the client.
• No data leaves the perimeter. Audit logs, conversation transcripts, generated technical proposals, digitized forms, uploaded photos — everything stays in the datacenter. LGPD becomes trivial: personal data doesn’t flow to a third party. Trade secrets are answered by design: the vendor (F7) has no access to production data.
• Updates arrive via a managed pipeline, without the client needing to maintain their own DevOps team. The cycle is SaaS-like — except the data stays put.

For clients under sanitary audits, contracts with end customers that prohibit external data residency, or specific regulatory regimes (health, food, defense), this model is the only one that unlocks the conversation.

And it’s not a theoretical requirement. In environments like a regulated chemical plant, the sanitary audit boundary leaves no other path — wherever the category of operation demands it.

Dedicated SaaS — no technical multi-tenancy

The other model is SaaS managed by F7. But with one architectural difference that matters: a dedicated instance per client.

Most of the SaaS market runs on technical multi-tenancy — a single application instance serves N clients, with logical isolation by tenant_id. That works well for consumer apps, productivity tools, and horizontal software. For AI applied to industrial operations, the design is different:

• Each client on a separate instance. Separate database, separate process, separate audit log, separate execution queue. No technical multi-tenancy.
• No risk of cross-client data leakage. The question “what prevents client A’s data from leaking to client B?” has an architectural answer — “they don’t share an instance” — not a promise.
• F7 operates it, the client accesses via the web. No client-side infrastructure required; no internal operations team needed.
• The same platform that runs on-prem. Not a simplified version of the product; the same platform with the operator role switched.

This design serves clients who want the operational economy of SaaS without giving up the isolation guarantee that industry demands.

Recurring in both. Not a one-time sale.

Here’s a detail that often surprises people coming from the traditional on-prem world: both models are a recurring monthly subscription.

It’s not “buy the on-prem license and run it forever.” The offering includes:

• Continued use license.
• Structured technical support (SLA, escalation, support for the in-house operator).
• Continuous updates — new functionality, updated AI model, regression fixes, compliance adjustments as regulation evolves.
• Usage monitoring — adoption metrics, friction identification, adjustment recommendations for your in-house criteria.

That commitment applies equally to sovereign on-prem and dedicated SaaS. The difference between the two models is where the data lives and who operates the infrastructure — not the commercial structure.

The reason is straightforward: AI applied to industrial operations is not static software. It improves with every reviewed interaction, every updated model, every refined in-house pattern. Treating the product as a one-time sale means treating the client as abandoned — and serious industry doesn’t buy “abandoned” as a service.

IRIS Data Platform as the foundation

Both models run on the same technical foundation: IRIS Data Platform from InterSystems.

The choice isn’t stylistic. IRIS is, today, the only product technology that combines in a single core:

• Multi-model transactional database (relational + document + key-value + object) with volume and latency sustained in healthcare and industry for thirty years.
• Workflow/orchestration engine inside the same process — no network hops, no serialization between services, no external message broker complexity.
• Native structural audit with configurable retention by event class.
• Enterprise support with a real presence in Brazil (FATEC, partners, installed base) — not a remote vendor with no local support.

For sovereign on-prem, this matters because the client needs to operate a robust platform without building an internal DBA + DevOps + ML Ops team. For dedicated SaaS, this matters because F7 delivers real isolation between clients with a platform designed precisely for that.

The choice is the client’s

The offer ends where it should: “where the AI runs matters. We know that. So the choice is yours, not ours.”

A client with extreme sovereignty requirements chooses on-prem. A client focused on deployment speed without an internal IT team chooses dedicated SaaS. The platform is the same; the technical foundation is the same; the commitment to continuous evolution is the same.

What changes is where the data sleeps.

---

The company behind F7 KORE has been automating industrial processes for over a decade in both models — including B2B sales and regulated chemistry. Deployment details are on the FAQ page.

If you operate a mid-to-large industrial facility with real data sovereignty requirements and want to understand which model fits your operation — schedule a 30-minute conversation.