Cloud Mode

Sandbox runs on Meridyen cloud infrastructure. Best for rapid scaling.

HTTPS + mTLS connectivityAuto-scaling & Monitoring

Your data is securely connected to our AI platform hosted in a managed data center within Turkey. All communication between your systems and the platform is encrypted. This setup is fully compliant with KVKK (Law No. 6698), ensuring your personal and corporate data is processed in accordance with Turkish data protection regulations. This option offers the fastest setup and requires no additional hardware from your side.

Swipe the diagram below to explore

cloud mode

Hybrid Mode

Docker container locally; Inference via Cloud. Data never leaves your network.

Outbound HTTPS onlyLocal DB access

MeridyenAI runs in our secure data center while your databases remain entirely on-premise. When the AI requests information, an on-site Sandbox queries your data locally and returns only processed, masked results—ensuring raw data never leaves your network. With end-to-end encryption and full KVKK compliance, you maintain total control over your personal data while leveraging the full power of our AI platform.

Swipe the diagram below to explore

hybrid mode

Airgapped Mode

Zero external connectivity. Local LLM via Ollama. Maximum security.

Internal-only Docker networkNo DNS resolution

The entire platform, including the AI engine and all data processing, runs 100% on-premise with zero internet connectivity. By ensuring no data ever leaves your network, this isolated environment provides the strongest KVKK compliance posture for organizations with the most stringent regulatory and confidentiality requirements.

Swipe the diagram below to explore

airgapped mode

Defense in Depth

Layer 1Network Isolation

Non-root user, read-only code, and container resource limits.

Layer 2Auth Chain

End-to-end validation. Hashed sb_ keys. No local caching.

Layer 3Code Sandbox

AST Analysis, Whitelisting, and OS-level process killing.

Layer 4Data Protection

Automatic column masking, row limits, and PII detection.

Layer 5Resource Hardening

Hard CPU/RAM caps (2 cores, 2GB) and query timeouts.

Mode Matrix

Cloud ModeHybrid ModeAirgapped Mode
LLM ServiceMeridyen-hostedMeridyen-hostedLocal LLM
Database AccessCloud DBsClient DBs (local)Client DBs (no internet)
Exfiltration RiskMediumLowNear-Zero
NetworkFull OutboundOutbound HTTPSNone (internal: true)

Python AST Protection

# Blocked Imports

os, sys, subprocess, socket, requests, pickle

# Blocked Calls

exec(), eval(), compile(), open(), __import__()

# Allowed (Whitelisted)

pandas, numpy, math, json, datetime, plotly

SQL Guardrails

Statement Whitelist: SELECT & WITH (CTEs) only

Blocked: INSERT, UPDATE, DROP, ALTER

Injection Detection: Sleep(), Union All, Outfile

Hard Timeout: 300s query enforcement