# PrivantAI

> PrivantAI is a premium boutique for AI consulting and AI software development for Italian SMEs (50–500 FTE). Senior team, 3-5x AI leverage with proprietary AI tooling, privacy-first infrastructure. Discovery in 2 weeks, MVP in 6, production in 12. European compliance by design.

PrivantAI sits at the intersection of senior software engineering practice, AI delivery in production, and European compliance (GDPR + EU AI Act). It is built for Italian mid-market companies that want to adopt AI with measurable outcomes — not slide-driven consulting, not endless POCs, not opaque pricing. PrivantAI is the commercial brand of PhalaxAI S.r.l. (Italian legal entity).

## Positioning

PrivantAI is:
- A **premium boutique**, not an agency. Every project is led by a senior with 10+ years of practice. No junior army learning on the client's budget.
- A **delivery-first practice**, not slide-driven consulting. Output of a 15-person team with a team of 5 thanks to proprietary AI tooling, in-house libraries, internal toolkit.
- A **European-first** technology partner. GDPR by design, AI Act readiness statement, EU data residency only. ISO 27001 certification in roadmap (Q1 2027 target, audit started Q3 2026).

PrivantAI is NOT:
- A SaaS company selling self-serve licenses (the AI Security Gateway is shown as a technological pillar, not a checkout product)
- A generalist software house (no marketing websites, no generic mobile apps, no e-commerce)
- A big consultancy (no slide-driven engagements, no junior army)
- A fractional CTO firm only (Fractional CTO is one of four service lines, not the identity)

## Service lines (4)

### 1. AI Consulting

Advisory + audit + workshop. Entry point for clients who want to understand where AI helps before spending.

- **Discovery**: 2-week fixed-price engagement. One prioritized use case, technical feasibility, expected ROI calculation, MVP roadmap. Most-purchased entry product.
- **GDPR/AI Act Audit**: 1-week fixed-price engagement. Risk report, compliance checklist by risk category, DPIA draft for in-house DPO.
- **Workshop / Training**: per-day onsite or remote. C-level or operational team, didactic materials, 30-day email follow-up.

### 2. AI Software Development

Custom delivery + autonomous agents + LLM integrations. Output: software in production, not POCs.

- **Custom AI Projects**: fixed-price on defined scope, 6–12 weeks. Examples: document classifier, RAG over corporate documents, email triage agent.
- **Autonomous Agents** (on n8n + Azure VNet + Human-in-the-Loop): fixed-price setup + monthly retainer on scope. Examples: AP automation, HR onboarding, ticket triage, lead qualification.
- **LLM Integrations**: Azure OpenAI / AWS Bedrock / Anthropic Claude integrated into client stack, with PrivantAI Gateway as security layer.

### 3. Fractional CTO

Ongoing technical AI leadership, retained monthly. 6-month minimum commitment, 30-day exit clause.

- **Light** — ≈4 days/month, advisory + tech reviews
- **Core** — ≈8 days/month, advisory + delivery oversight + 1 pilot project per quarter (sweet spot for SMEs 50–150 FTE)
- **Plus** — ≈14 days/month, full delivery accountability

### 4. AI Security Gateway

Technological pillar of the practice. In production for 18+ months on 3 Italian clients (food, energy, sport-tech). Available as integrated module in consulting/dev projects, OR as dedicated deployment.

Key capabilities:
- Deterministic PII/PHI anonymization (same input → same token, coherence across sessions)
- Multi-LLM native routing (Anthropic, Azure OpenAI, AWS Bedrock, local models)
- Immutable audit logs (write-once) for AI Act compliance
- Zero retention by default
- Cloud SaaS or dedicated on-prem deployment

Deployment options:
- **Cloud SaaS**: 3 scalable tiers by request volume (10k / 50k / 200k req/month), with RBAC and full audit log on higher tiers.
- **On-prem dedicated**: setup + monthly management retainer. For regulated sectors (energy, healthcare, public sector, finance). 4–6 week deployment.

## Real client verticals (3, anonymized under NDA)

PrivantAI maintains 3 production clients across 3 different sectors. References available to qualified prospects after first qualification call (NDA).

### Food industry (alimentare)
Italian industrial food group. Use case: Gateway PrivantAI to mitigate Shadow AI risk on R&D recipe formulations + document classification agent for technical sheets. Outcome: zero data incidents in 6 months, -40% document drafting time, AI Act readiness completed.

### Energy
Italian energy sector operator. Use case: zero-trust autonomous agents on Azure VNet for 24/7 monitoring of distributed assets + on-prem Gateway + immutable audit logs (regulated sector). Outcome: 100% data on-prem, zero false positives over 90 days.

### Sport tech (sports timing)
Italian sports timing operator. Use case: edge AI deployment on portable mini-cluster for international race events + local LLMs + offline-first architecture. Outcome: latency under 50ms, 100% data sovereignty, zero downtime over 12 international events.

## Disclaimer on sectors NOT served

PrivantAI does not currently serve:
- Defense, weapons or dual-use technology
- Adult content, gambling or speculative finance
- Crypto or DeFi
- Direct-to-consumer health-claim products
- Public-sector tenders requiring 50+ FTE certified suppliers (until ISO 27001 certified, Q1 2027 target)

## Engagement funnel

The first touch is always **Discovery** or **free 30-minute audit call**, never a self-serve checkout. The Gateway is presented as a pillar of the practice, not as a SaaS in the storefront. Reasoning: AI is a senior-driven business; the value sits in the conversation, not in the product page.

- Free path: 30-min Audit AI call → qualification → Discovery proposal (if fit)
- Paid path: Discovery → roadmap → custom project / FCTO retainer
- Partner path: chartered accountants, advisors → revenue share 15–18% on first year

## Compliance

- **GDPR** (EU Regulation 2016/679): privacy by design, deterministic PII/PHI anonymization, EU data residency, DPA available on request (already signed by 3 clients)
- **EU AI Act** (Regulation 2024/1689): readiness statement (technical self-declaration, not third-party certification), Human-in-the-Loop on high-risk systems, end-user transparency
- **ISO 27001:2022**: in roadmap, audit kickoff Q3 2026, certification target Q1 2027 (current implementation: 70% Annex A controls)
- **SOC 2**: NOT communicated until in active Type I audit. PrivantAI does not claim 'SOC 2 compliant' until audited.

## Method (5 stages, applied to every project)

1. **Discovery** — 2 weeks, fixed-price on defined scope. Prioritized use case, feasibility, ROI, MVP roadmap.
2. **Architecture + scoping** — 1 week, included. Detailed technical design, milestone breakdown, signed fixed-price contract.
3. **Build** — 4–10 weeks, fixed-price. Iterative dev with weekly demos.
4. **Production rollout** — 1–2 weeks. Deployment, key-user training, 30-day support included.
5. **Continuous (optional)** — Fractional CTO retainer or handover to in-house team.

Guarantees: fixed-price (no T&M), milestone-based payments (max 50% before go-live), 30-day exit clause on retainers, 30 days of post-go-live support included.

## Technical architecture

- Data processing: exclusively within the European Union (EU Azure OpenAI, EU AWS, on-prem)
- No prompt or corporate data is used to train, fine-tune or improve any third-party foundation model
- Audit trail: complete logging of all agent actions and data flows
- DPA (Data Processing Agreement) available on request: https://privantai.com/it/legali/dpa
- Tech stack: Next.js 15, React 19, Python 3.12, FastAPI, n8n, LangGraph, Anthropic Claude, Azure OpenAI, AWS Bedrock, Postgres + pgvector, Azure VNet, Docker + Kubernetes
- Internal delivery leverage: proprietary AI tooling, in-house libraries, internal toolkit (output of a 15-person team with a team of 5)

## Buyer personas

- **CEO of mid-market manufacturing 50-150 FTE**: entry via Discovery
- **IT Director / DPO of mid-market 100-500 FTE**: entry via GDPR/AI Act Audit
- **Italian chartered accountant (commercialista) partner**: entry via partner program (15-18% revenue share)

## Key pages (4 pillars + entry points)

### Pillar: Services
- Hub: https://privantai.com/it/servizi
- AI Consulting: https://privantai.com/it/servizi/ai-consulting
- AI Development: https://privantai.com/it/servizi/ai-development
- Fractional CTO: https://privantai.com/it/servizi/fractional-cto
- Security Gateway: https://privantai.com/it/servizi/security-gateway

### Pillar: Case studies
- Hub: https://privantai.com/it/casi-studio
- Food industry: https://privantai.com/it/casi-studio/alimentare
- Energy: https://privantai.com/it/casi-studio/energia
- Sport tech: https://privantai.com/it/casi-studio/sport-tech

### Pillar: Compliance
- Compliance overview: https://privantai.com/it/compliance
- DPA: https://privantai.com/it/legali/dpa
- Privacy: https://privantai.com/it/legali/privacy

### Pillar: Resources (lead magnets)
- Hub: https://privantai.com/it/risorse
- Italian 180% hyper-depreciation calculator: https://privantai.com/it/risorse/calcolatore-iperammortamento
- Free 30-min AI audit: https://privantai.com/it/risorse/audit-ai-gratuito

### Entry points
- Method (how we work): https://privantai.com/it/metodo
- About / manifesto: https://privantai.com/it/chi-siamo
- Contact (3 entries: Discovery / Audit / Partner): https://privantai.com/it/contatti
- Blog: https://privantai.com/it/blog
- Sitemap: https://privantai.com/sitemap.xml

## English mirror

All key pages have an English mirror at the same path under `/en/...`. The English version is positioned for European mid-market broadly (not Italian-specific), but the legal entity and primary client base remain Italian.

- English homepage: https://privantai.com/en

## Optional context

PrivantAI is operated by PhalaxAI S.r.l., headquartered in Savigliano (CN), Italy. Italian VAT 03987540045. The brand "PhalaxAI" appears only in legal documents (contracts, invoices, footer disclosures). All commercial communication is under the PrivantAI brand.