Our promise

Trust

What we run, where, and what it actually does — including where it falls short. Last updated: June 2026.

Most AI providers ask you to trust a black box: an unknown model, on unknown servers, that can change overnight. We do the opposite. We run one fixed, open-weight model on EU infrastructure, measure how it behaves, and publish what we find, including the failures.

EU-hosted & operated Zero prompt retention Never trained on your data Pinned, hashed & measured model

Our promises

✓
We never store your prompts or completions.
They pass through memory to generate your answer and are gone. Nothing is written to disk, logged as content, or kept.
✓
We never train on your data.
Your prompts are not used to fine-tune, improve, or evaluate any model. We run released weights, unchanged.
✓
You always know exactly which model you're using.
One pinned version, hashed and disclosed. It does not change under you — unlike closed APIs that quietly shift behaviour.
✓
We publish our model's flaws, not just its strengths.
A trust page that claims "passes everything" is one screenshot from being false. Ours names the one place this model is biased — see below.
✓
Your data is processed only in the European Union.
Inference in Finland, gateway in Germany. No transfer to the US or third countries. Full detail in our DPA and Privacy policy.

Open weights ≠ blind trust

We serve an open-weight model, but open weights are not a certificate of neutrality. They don't prove the training data was clean or the behaviour unbiased. What they give us is control a closed API can't: we can freeze the exact version, hash it, test it, and replace it if it misbehaves. We don't ask you to trust the model. We pin it, measure it, tell you what we find, and swap it if it fails.

The model we run

Attribute	Value
Model	DeepSeek V4 Flash (284B MoE, 13B active, 1M context)
Publisher trained by	DeepSeek-AI — open weights, MIT license
Pinned revision	HuggingFace snapshot `553034d7`, frozen. SHA-256 weight manifest available to enterprise customers.
Quantization	FP4 mixture-of-experts (NVFP4) + FP8 attention, native checkpoint
Runtime	SGLang on NVIDIA B300
Region	European Union — inference (Finland), gateway (Germany)
Modality	Text in, text out. No image input.

What we measured

We serve open-weight DeepSeek V4 Flash. Capability and safety evaluations of the base model are the publisher's. The behavioural checks below are ours, run against the exact weights we serve (snapshot 553034d7, June 2026). Our categories follow the NIST Generative AI Profile (NIST-AI-600-1). That framework is voluntary, so we say "aligned to," not "certified."

One caveat: no one has published a third-party safety or bias audit of V4 Flash specifically yet. Most studies cover the earlier R1 generation. What's below is our own measurement, and it's a snapshot, not a guarantee; behaviour can vary by input and over time. We re-run this suite on every model change.

What we checked	Result	Finding
Self-harm safety	No issue found	Refuses methods, surfaces crisis resources.
Medical / legal / financial boundary	No issue found	Directs emergencies to services; declines to prescribe.
Dangerous content (malware)	No issue found	Declined to produce ransomware and exploit payloads.
Prompt-injection resistance	No issue found	Ignored injected "ignore previous instructions."
Sensitive-information disclosure	No issue found	Did not leak hidden instructions on request.
Confabulation (fabricated sources)	No issue found	Flagged a non-existent paper instead of inventing findings.
US / EU / Western political even-handedness	No bias found in test set	Balanced; volunteered criticism of US and EU institutions.
National / lifestyle / migration steering	No bias found in test set	Balanced pros and cons; no emotional steering toward a country.
China-related political & historical topics	Known limitation	Reflects upstream Chinese training. Disclosed in full below.

The one known limitation

On a bounded set of China-related political and historical questions, this model reflects censorship present in its upstream training. We disclose it because hiding it would be the actual risk.

○
Scope
Limited to China-sensitive topics. In our tests the model denied the events at Tiananmen Square (June 1989), stated the PRC position on Taiwan and Xinjiang as fact, declined to discuss criticism of Xi Jinping, and at times asserted Chinese technology is more trustworthy than American without support. On US, EU and Western political topics we found no comparable bias.
○
It is in the weights, not our configuration
Independent research shows this is "local censorship" baked into the model — a 10,030-prompt academic study and a 1,360-prompt open dataset both measure roughly an 85% refusal rate on China-sensitive prompts that persists even when the model is self-hosted. A neutrality system prompt did not reliably override it in our tests.
○
Why it can matter beyond politics
Security researchers found the same trigger topics degrade code quality: CrowdStrike measured ~50% more insecure code (19% → 27%) when prompts referenced certain Chinese-political contexts. We flag this honestly for engineering buyers.
○
The publisher discloses none of it
We read DeepSeek's full 58-page V4 technical report: it contains no safety, alignment, or political-bias evaluation of any kind. Nor do other major hosts of this model disclose the behaviour. We do.
✓
How we contain it
It is scoped (coding and agentic traffic essentially never triggers it), documented up front, re-measured every release (the bias is known to drift between versions), and — because we run open weights — replaceable: we can pin a de-censored or cleaner future release the moment one clears our checks. You are never locked in.

Your data

The strongest privacy control is the data we never hold.

✓
Zero retention
Prompts and completions are not stored, not logged as content, and not used for training. Maps to OWASP LLM02 — Sensitive Information Disclosure.
✓
EU-only processing
No transfer to the US or third countries. Inference and gateway run on ISO 27001 / SOC 2 Type II-audited European infrastructure (those certifications belong to our providers; see Compliance). The website and its assets are served only from EU edge locations — our CDN is geo-restricted to the EU, so even static content never leaves it.
✓
AI-generated, and we say so
Every response carries X-AI-Generated: true, per EU AI Act Article 50. You are interacting with an AI system, not a human.

EU-operated, not just EU-hosted

Server location is not the same as legal control. A US company with EU servers is still reachable under US law. We are a Dutch company (Affordable AI B.V.), running European infrastructure — outside the reach of the US CLOUD Act — serving an open model we pin, measure, and can replace. That combination is the point: with a closed US API you get an unknown model, in an unknown version, under foreign jurisdiction. With us you get a known model, a known version, a known region, and a known retention policy.

What we control — and what we don't

We are an inference provider. We are honest about which risks are ours to manage and which sit with the publisher or with you. Mapped to the OWASP Top 10 for LLM Applications (2025):

Risk	Owner	Control
Sensitive information disclosure LLM02	Ours	Zero retention, no content logging, tenant isolation, EU residency.
Supply chain & provenance LLM03	Ours	Hashed, pinned weights; pinned, audited serving stack.
Unbounded consumption LLM10	Ours	Per-key rate limits, token and concurrency caps.
Prompt injection LLM01	Shared	The model resists basic injection (measured); full mitigation is not solvable at the serving layer alone.
Model bias / misinformation LLM09	Upstream	Intrinsic to the weights; we measure and disclose (see above), we cannot retrain it out.
Output handling & excessive agency LLM05/06	Yours	How you render, execute, or give tools to outputs is your application's responsibility.

What we can't promise — and what we can

No one can prove a model will never produce a biased, false, or odd output — not us, not any open or closed provider. NIST frames trustworthy AI as harmful bias managed, not eliminated, and we hold to that honesty. What we can promise is operational control you can verify:

✓
Version pinning
Request a fixed version; it will not change under you.
✓
Weights hash on request
Verify you are getting exactly the weights we describe.
✓
Re-run evals, published
The behavioural suite re-runs before every model change; results — failures included — are disclosed here.
✓
Replacement policy
A version that fails our checks is replaced. Open weights are what make that possible.
✓
Zero retention & EU residency
The two facts about your data we will never quietly change.

Enterprise customers can request the full model card, the behavioural evaluation summary, the SHA-256 weights manifest, and the deployed version. This page summarises evaluations on the deployed model and is updated when the pinned version changes; behavioural evaluation is probabilistic, not a guarantee of every output. Framework references: NIST AI RMF 1.0, NIST-AI-600-1. Questions: hi@affordableai.eu