Zero-Egress Architecture
The Core Policy
BidOptic operates entirely within the client's Virtual Private Cloud (VPC). The software possesses no egress capabilities, transmits no telemetry, and requires no outbound internet connection.
This is not a configuration option — it is an architectural constraint enforced at the container level. The Docker run command passes --network none, which instructs the Linux kernel to provide the container with no network interfaces other than loopback. At startup, the BidOptic entrypoint reads /proc/net/dev and aborts with a non-zero exit code if any non-loopback interface is present. There is no flag to re-enable networking. There is no callback URL. There is no licence server.
Because no personal data or proprietary auction logs are transmitted to BidOptic servers, BidOptic acts strictly as locally installed software, not a Data Processor under GDPR.
What the Architecture Looks Like
+----------------------------------------------------------+
| Your VPC / Cloud |
| |
| +--------------------------------------------------+ |
| | BidOptic Docker Container | |
| | (--network none | encrypted image) | |
| | | |
| | /app/client/data/logs.parquet --> Calibrator | |
| | | | |
| | v | |
| | Simulation | |
| | | | |
| | v | |
| | /app/client/output/ | |
| +--------------------------------------------------+ |
| | |
| (volume mount) |
| | |
| Your local filesystem only |
| |
+----------------------------------------------------------+
X
No outbound path
Data Handling
Auction logs are read from a bind-mounted volume on your host filesystem. They are processed in-memory by the BidOptic calibration pipeline.
- No data is written outside the designated output directory. The
client/output/directory is the same bind-mounted volume, meaning all output lands on your filesystem, under your control. - BidOptic does not persist logs. When the container exits, no copy of your data remains inside the image layer.
- Trained model artefacts are written locally. The seven calibration models (Ghost Market win rate, supply floor price, CTR, CVR, LTV, conversion delay, and infrastructure latency) plus the Audience DNA clustering model are serialised to your output directory. They do not leave your environment.
- No telemetry, no crash reporting, no analytics beacons. The container has no mechanism to transmit data because it has no network stack.
Encrypted Container Distribution
The BidOptic image is distributed as an encrypted .tar archive (bidoptic.tar.gz). Clients receive a license.bin token scoped to their licence period and hardware-locked to their host machine ID (read from /etc/machine-id at runtime via a read-only bind mount). The container verifies this token locally at startup using offline cryptography (Fernet + NaCl). If verification fails, the process exits cleanly with a non-zero exit code. The verification check requires no internet connection.
Compliance Summary
| Control | Status |
|---|---|
| Data egress to BidOptic infrastructure | Not possible (--network none) |
| PII transmission | Not possible |
| Auction log retention by BidOptic | No log retention mechanism exists |
| GDPR Data Processor classification | Does not apply (no data transmitted) |
| SOC 2 / ISO 27001 vendor questionnaire | N/A — BidOptic is locally installed software, not a SaaS vendor |
| Outbound internet dependency at runtime | None |
| Licence validation requires internet | No — offline token verification via license.bin |