Architecture & Data Sovereignty

How Ajutant keeps your data in your tenant.

Deployment Model

Ajutant deploys entirely within your Azure subscription. There is no shared infrastructure, no multi-tenant backend, and no data relay to external services.

This is the fundamental architectural decision that differentiates Ajutant from public AI services: your data never leaves your tenant.

Architecture Overview

┌─────────────────────────────────────────────────┐
│                Your Azure Tenant                 │
│                                                  │
│  ┌──────────────┐     ┌──────────────────────┐  │
│  │  Azure AD /   │     │  Azure AI Foundry     │  │
│  │  Entra ID     │     │  (GPT-4o, etc.)       │  │
│  └──────┬───────┘     └──────────┬───────────┘  │
│         │                        │               │
│  ┌──────▼────────────────────────▼───────────┐  │
│  │         Virtual Network (Private)          │  │
│  │                                            │  │
│  │  ┌────────────┐   ┌─────────────────────┐ │  │
│  │  │ Container   │   │  PostgreSQL          │ │  │
│  │  │ Apps        │   │  + pgvector          │ │  │
│  │  │             │   │                      │ │  │
│  │  │ - Frontend  │   │  - Conversations     │ │  │
│  │  │ - API       │◄─►│  - Embeddings        │ │  │
│  │  │ - LiteLLM   │   │  - User data         │ │  │
│  │  │ - Tika      │   │                      │ │  │
│  │  └────────────┘   └─────────────────────┘ │  │
│  │                                            │  │
│  │  ┌────────────┐                            │  │
│  │  │ Key Vault   │                           │  │
│  │  │ (Secrets)   │                           │  │
│  │  └────────────┘                            │  │
│  └────────────────────────────────────────────┘  │
└─────────────────────────────────────────────────┘

Data Flow

User Conversations

  1. User authenticates via Azure AD
  2. Request reaches the frontend (Container Apps) over HTTPS
  3. Frontend calls the API layer within the same VNet
  4. API routes the prompt to LiteLLM, which forwards to Azure AI Foundry
  5. Response is returned to the user and stored in PostgreSQL
  6. All traffic stays within the VNet — no public endpoints

Document Processing

  1. User uploads a file through the chat interface
  2. File is stored temporarily in the container’s ephemeral storage
  3. Tika extracts text content
  4. Text is chunked and embedded via the configured embedding model
  5. Vectors are stored in PostgreSQL with pgvector
  6. Original file reference and metadata are recorded
  7. Temporary file is deleted after processing

What We Don’t Do

No telemetry. Ajutant does not phone home, send usage analytics, or transmit any data outside your tenant.

No shared models. Model endpoints are provisioned in your Azure AI Foundry instance. Your prompts and completions are processed by your model deployments, subject to your Azure data processing agreements.

No centralised storage. There is no Ajutant cloud database that aggregates customer data. Each deployment is an independent instance.

No admin backdoors. Ajutant’s team cannot access your deployment. We don’t have credentials, network access, or any mechanism to reach your environment.

Encryption

LayerMethod
Data at restAzure-managed encryption (AES-256) for PostgreSQL, Key Vault
Data in transitTLS 1.2+ for all internal and external communications
SecretsStored in Azure Key Vault with managed identity access

Network Isolation

All services communicate over private endpoints within the Virtual Network. No services expose public endpoints by default. If external access is required (e.g., for users accessing via browser), it is routed through Azure Container Apps ingress with Azure AD authentication enforced.