Absolute Trust

Security & Confidentiality —
Your Data Is Sacred

NDANDA = Non-Disclosure Agreement. A bilateral legal contract signed BEFORE any exchange. We will never speak of your engagement, not even its existence. systematic. End-to-end encryption. Data destruction on demand. Deployment on your own servers. Physical meetings for the most sensitive cases.

AES-256 at rest
TLS 1.3 in transit
GDPR compliant
Zero AI — deterministic calculation
NDA
Encrypted Collection
Isolated Environment
EQOS Analysis
Certified Destruction
Client Journey

Working With EQOS — From First Contact to Result

Every engagement follows a rigorous protocol. Confidentiality begins before the first data exchange.

1

Confidential First Contact

  • Contact via email, phone, or secure form
  • Needs assessment: audit, prediction, modelling
2

NDA Signing

  • Bilateral non-disclosure agreement before any data exchange
  • Defined scope: which data, what use, what duration
  • GDPR compliant and French / European law
3

Data Collection

  • Multiple modes: digital, physical, hybrid, or ultra-secure
  • Free format: documents, interviews, observations, existing databases
  • AES-256 encryption in transit and at rest
4

Mathematical Analysis

  • Data processed by the EQOS Codex (proprietary system)
  • Deterministic mathematical framework — where AI guesses, EQOS calculates
  • Results in 48h (Express Verdict) to 30 days (Structural Mapping)
5

Results Delivery

  • In-person presentation or secure video conference
  • Detailed report: scores, dimensions, scenarios, recommendations
6

Follow-up (optional)

  • Permanent Watch: monthly re-measurement
  • Critical threshold alerts + support
7

Closure & Destruction

  • Complete destruction of all collected data
  • Destruction certificate provided
  • No retention, no unauthorized archiving
Multi-mode Collection

Four Modes — We Adapt to Your Reality

Digital Mode

  • Secure upload of documents and databases
  • Structured online forms
  • AES-256 encryption in transit and at rest

Physical Mode

  • On-site travel for information collection
  • Face-to-face interviews
  • Paper documents digitized by certified providers

Hybrid Mode

  • Digital + physical combination according to needs
  • Adapted to multi-site organizations
  • Maximum flexibility, constant security

Ultra-Secure Mode

  • Physical meetings exclusively — zero digital transmission
  • Secure rooms, government-level protocols
  • Air-gap environments, courier delivery
  • No copies, no external storage
"For cases where even an email is a risk."

Government-level security is available to all our clients

Company, family office, financial institution — no exception. Any client can demand the same level of confidentiality as a State.

CompaniesFamily OfficesCorporationsFFIInstitutionsGovernmentsDefense
Technical Architecture

End-to-End Security — 4 Independent Layers

If one falls, the others hold.

Layer 1

Encryption

  • AES-256 for data at rest
  • TLS 1.3 for data in transit
  • End-to-end encryption for communications
  • Per-client encryption keys, periodic rotation
"Even if our servers were compromised, your data remains unreadable."
Layer 2

Isolation

  • Siloed environment per client
  • No data sharing between engagements
  • Physically separated databases
  • Dedicated virtual networks (VLAN) per engagement
Layer 3

Authentication

  • Multi-factor authentication (MFA)
  • Principle of least privilege
  • Audited and timestamped access logs
  • Immediate revocation at end of engagement
Layer 4

Destruction

  • Secure erasure compliant with NIST SP 800-88
  • Destruction certificate on request
  • No retention beyond what is necessary
  • Independent third-party verification possible
"We only keep what you authorize us to keep."
Compliance testing

Tested against the world's most demanding standards.

No self-declarations. Scores. Verifiable.

Framework What it tests Score
OWASP ASVS L3
Application Security Verification Standard
 The most demanding application security test. 48 security controls covering authentication, sessions, cryptography, error handling. 100%
NIST 800-53 HIGH
Federal Information Security Standard
 The US federal standard. Level used for defence systems, nuclear and critical infrastructure. 100%
MITRE ATT&CK
Adversarial Tactics, Techniques & Common Knowledge
 37 real attack techniques (APT, ransomware, exfiltration, lateral movement). Full offensive simulation. 92.7%
PTES Pentest
Penetration Testing Execution Standard
 Full professional penetration test in 7 phases. Result: 0 exploitable vulnerabilities. 100%
ANSSI / SecNumCloud
French National Cybersecurity Agency
 French requirements for Critical Infrastructure Operators (nuclear plants, hospitals, defence, transport). 100%
4/5
Frameworks at 100%
0
Exploitable vulnerabilities
92.7%
MITRE ATT&CK (37 techniques)
OIV
ANSSI/SecNumCloud level

Why 92.7% on MITRE and not 100%?

Because 3 theoretical residual risks exist — and we prefer to explain them rather than hide them.

Residual risk Attack cost Our response
Binary reverse-engineering €170,000+ C-compiled binary, stripped, no readable symbols
Black-box I/O analysis €50,000+ Rate limiting + licence restricting query volume
Memory dump (root access) €80,000+ Memory obfuscation, post-computation wiping

Total attack cost: €300,000 minimum.

Non-viable. CAC40 CISOs accept this residual risk level — it is the same as Palantir's.

Methodology: these scores are from internal audits conducted according to each framework's official guidelines. External audit available on request for institutional-level engagements.

Deployment

You Choose

Three options. From secure cloud to total air-gapAir-gap = system physically disconnected from the Internet. No data can enter or exit digitally. Security level of nuclear plants and intelligence services..

Secure Cloud

  • European hosting (GDPR compliant)
  • Dedicated infrastructure, no shared cloud
  • Encrypted backups, 24/7 monitoring
For most engagements.

On-Premise — Black Box

  • Encrypted Python module on your infrastructure
  • Data never leaves your perimeter
  • Zero network output, zero API calls
  • Sealed and auditable module
"For organizations that demand total control."

Air-Gap Mode

  • No network connection
  • Physical media transfer only
  • For classified environments, defense, government
  • No "phoning home", no telemetry
"The highest security level we offer."
Enterprise architecture

We don't deliver a file. We deliver a sealed container.

For organisations demanding the highest level of protection, EQOS deploys as an opaque, autonomous module inside your infrastructure. Your data never leaves. Our equations never leave either.

Typical deployment — large enterprise / institution
Your infrastructure
Your internal LLM (Azure OpenAI, AWS Bedrock, on-premise...)
↓ “Analyse this supply chain”
EQOS Container (sealed)
Protection
Compiled binary (no .py)
Encrypted filesystem
No accessible shell
Isolation
No outbound network
Offline signed licence
Full audit logs
Interface
POST /api/analyse → JSON
Data goes in
Scores come out
Equations stay inside

Your data NEVER leaves your perimeter.

You NEVER see the equations.

Double protection: your intellectual property AND ours.

For the CISO

Sealed Docker container. No shell, no file access, no outbound network. Security audit on request. Compatible with your strictest security policies.

For the DPO

Zero data transfer outside perimeter. 100% local processing. GDPR compliant by design. Built-in audit logs for your traceability obligations.

For the CEO

You get the most precise mathematical verdicts on the market — without exposing a single piece of sensitive data externally. And without anyone being able to copy the engine.

Proprietary System

The EQOS Codex — Mathematical Black Box

The Codex is not AI. It does not understand your data. It measures it.

Proprietary Calculation System

The EQOS Codex is a proprietary deterministic calculation system. It contains no learning model, no neural network. For the same dataset, it always produces the same result.

No learning. The Codex doesn't learn from your data. It executes deterministic calculations.
No storage. Data is processed then erased from computation memory.
No transmission. Zero telemetry. No communication with an external server.
Auditable. Your security teams can audit the system before, during, and after the engagement.
Deployable. On-premise or air-gap module, no cloud dependency.
Deterministic. Same data = same results. Total reproducibility.
$$\text{Codex}: \mathbb{R}^{326} \rightarrow \{\varphi(S),\; U(S,m),\; \text{Scenarios},\; \text{Recommendations}\}$$

Input: 326 measured dimensions. Output: scores, trajectories, recommendations. Nothing else.

Compliance

Compliance — GDPR, NDA, European Law

GDPR

Compliant with the General Data Protection Regulation. Lawful processing, minimization, storage limitation.

Bilateral NDA

Systematic non-disclosure agreement. Mutual obligations, contractual penalties.

Absolute client confidentiality

We never disclose our clients' identity. No name, no reference without explicit written agreement.

Data subject rights

Right of access, rectification, and erasure guaranteed. Response within 30 days.

Designated DPO

Designated Data Protection Officer, single point of contact for data protection.

DPIA

Impact analyses carried out for any high-risk processing, before the engagement starts.

Transfers outside EU

Only with European Commission standard contractual clauses (SCC).

Breach notification

Notification to authority within 72h and information to individuals without undue delay.

Processing register

Register maintained and up to date, documenting each processing, its purpose, and its legal basis.

Secure Channels

Communication Tools — Zero Compromise

Encrypted messaging

End-to-end encrypted channels (Signal protocol level).

PGP Email

PGP encrypted emails. Public keys provided upon NDA signing.

SFTP Transfer

Secure file transfer via SFTP with dedicated client keys.

Physical courier

Results delivery by hand courier. Zero digital trace.

VPN / Dedicated Tunnel

VPN connection or encrypted tunnel for continuous monitoring engagements.

Private Infrastructure

Sovereign hosting. No data on Google Drive, Dropbox, Notion, or any other third-party cloud.

No client data passes through third-party cloud services.
International Coverage

Multilingual — Your Languages, Your Language

FrenchEnglishGermanSpanishItalianPortugueseالعربية中文日本語
Ethics & Commitments

Our 7 Commitments

Seven formal commitments. Contractual. Verifiable.

1

Systematic NDA

No exchange without a signed bilateral agreement. No exception.

2

Total Encryption

AES-256 at rest, TLS 1.3 in transit. Per-client keys, periodic rotation.

3

Strict Isolation

Your data never crosses another client's data.

4

Guaranteed Destruction

Secure erasure compliant with NIST SP 800-88. Certificate provided.

5

Deployment by choice

Secure cloud, on-premise, or air-gap. Your requirement defines the mode.

6

Zero AI

Pure deterministic calculation. No learning from your data. Total reproducibility.

7

Physical Meeting

For ultra-sensitive cases: zero digital transmission. Government protocols.

Take Action

Your Data Deserves the Highest Level of Protection

NDA. Encryption. Destruction. Deployment on your servers. Physical meetings. Deterministic mathematical framework.

Start under NDA → Request our full security policy →
Confidential Analysis
One email. One verdict.

326 dimensions. 37 operators. Your structural reality, projected.

Under NDA 24h Response No commitment Confidential

Or write to contact@eqosforecast.com

Go Further

Related Pages

Technology →

The technical architecture behind security.

Audit →

How the analysis works in practice.

Applications →

Use cases where security is critical.

EQOS vs AI →

Why EQOS doesn't send your data to the cloud.
Confidential Analysis
NDA · 24h · No commitment