Installed on your infrastructure. Runs in your environment. Your data never leaves.

SAGA installs on your infrastructure as a standard server tenancy — a virtual machine or bare-metal host you already provision for regulated workloads. The install package is offline-installable; nothing about the install step reaches out to a Verheim-operated service at any point.

There is no phone-home telemetry, no licence-server handshake, no background ping to a vendor control plane. The runtime you install is the runtime you keep — yours, behind your firewall, upgradeable on your schedule, decommissioned on your terms.

Regional hosting choices are yours. SAGA runs on any hosting target that meets your regulated-workload standard — a European provider of your choice, your existing data centre, or whichever tenancy your programme already relies on.

At runtime SAGA sits inside your firewall perimeter. Identity is consumed from your identity provider — SAML, OIDC, or whatever your organisation already operates — so every action SAGA records is attributable to a person in your directory, not to a Verheim-issued account.

Audit events flow to your log sink. If you operate a SIEM or a central audit store, SAGA writes there on the integration pattern your security team already reviews. No Verheim-hosted dashboard is the source of truth for what your validation team did today.

There are no outbound connections to third-party services during operation. The runtime talks to the identity provider, to the document system, and to your log sink — nothing beyond your perimeter, on any code path.

Every validation artefact, every prompt, every generated protocol stays inside your perimeter. There is no Verheim-hosted data plane that sees your content. The sentence "your data never leaves your perimeter" is a property of the architecture, not a marketing posture.

For European customers SAGA is designed to meet GDPR data-residency expectations and is assessed against the Schrems II posture on US-processor access per our internal risk assessment. Every operational decision — retention schedule, export policy, deletion workflow, access review — remains under your authority.

If a regulator or an auditor asks where the evidence for a signed dossier lives, the answer is your infrastructure. There is no second copy. There is no Verheim replica. There is no backup path outside your control.

Output flows to your existing document management system — Veeva Vault, MasterControl, or your in-house quality suite — via standard integration patterns. SAGA never becomes the system of record; your DMS retains authority over every signed document, every revision, every approval.

The integration pattern SAGA uses is the one your validation team already knows. Artefacts land in the DMS as first-class documents, under the approval workflow your quality system enforces, in the folder structure your team already navigates. There is no parallel filing hierarchy, no Verheim-owned document state, no workflow parallel to the one Veeva or MasterControl already runs for you.

Human review is the gate. Every SAGA-authored artefact is reviewed and approved by your quality team in the DMS, on the signature workflow your Part 11 controls already govern. SAGA hands off a complete record; your document management system keeps it.

If this posture matches what your validation programme needs, the next step is a focused review — your environment, your DMS, your constraints. One session, no sales theatre, clear outputs.