ENTERPRISE EDGE AI — SOVEREIGN & PROVABLE · ذكاء حافة المؤسسات — سيادي وقابل للإثبات

Run AI on your clients' books — without their files ever leaving your office.

Hema is an on-premise AI gateway built for Saudi audit and law firms. Client data is processed on hardware you own — never sent to a cloud AI service — and every inference produces a tamper-evident, hash-chained confidentiality record you can hand a client or SOCPA. Arabic-first. Built in Saudi Arabia.

حِمى — a protected sanctuary Client data never leaves your office Per-matter confidentiality evidence Arabic-first · Built in Saudi Arabia

Why now

Saudi Arabia is investing at national scale in sovereign AI infrastructure and Arabic models — HUMAIN, ALLaM, and NDMO's data-classification mandate signal that regulated firms will increasingly be expected to prove where their data and AI processing go. Hema gives a firm that proof today, on machines it already owns — processing locally, the way edge AI works on phones and watches: the device computes rather than sending everything to the cloud. Hema does this for the enterprise: your office is the edge.

See it work — right in your browser

Paste text. Watch Hema classify it.

This happens to every AI request inside a firm running Hema — classification, policy enforcement, and a signed evidence record — all in under a millisecond, on the firm's own hardware.

This demo runs entirely in your browser — nothing you type leaves this page. No analytics, no network calls from this form.

Nothing you type here is sent anywhere. The scan runs entirely in this browser tab.

Classification result · illustrative
data class
matched categories
policy action
illustrative evidence hash

SHA-256 computed locally by your browser — illustrative. Real deployments write a hash-chained evidence record on your machines.

This happens to every AI request inside your firm — with court-grade evidence, on hardware you own.

Confidentiality is architectural — the data never moves — not enclave-based on consumer hardware.

The Hema principle

Client-Data AI Exposure Self-Check

Is your firm's client data at risk when you use AI?

Answer 6 questions — takes 2 minutes. You'll see your risk band instantly and a sample of the confidentiality assurance report Hema produces for each client matter.

Question 1 of 6
When a partner or manager uses an AI tool (ChatGPT, Copilot, Gemini, etc.) to analyse client financial statements, where does that data go?
Question 2 of 6
Do you have a written policy governing which client data categories staff may submit to an AI tool?
Question 3 of 6
If a client or SOCPA asked you today to prove that their financial data was not processed by any external AI provider, could you provide evidence?
Question 4 of 6
Does your firm's AI tool handle Arabic client documents (financial statements, contracts, correspondence) with full fidelity?
Question 5 of 6
Under Saudi PDPL, processing personal data of Saudi individuals through an external cloud AI raises cross-border transfer obligations. Has your firm assessed this risk?
Question 6 of 6
If a client engagement letter today included a clause that AI tools must not process their data on external servers, could your firm comply without changing your AI setup?

Your result is ready

Enter your work details to see your risk band and a sample of the Client Confidentiality Assurance report Hema produces.

A work email helps us tailor your result — but you can continue.

The gateway

One line of code. Every inference, governed.

Point any OpenAI-compatible app at Hema — you change one base URL, nothing else. The on-prem gateway classifies each prompt for Saudi sensitive data — national ID, IBAN, patient and customer records — enforces your policy (keep on-prem, redact, or block), and writes a signed, hash-chained evidence record. Your prompts never reach us; only the metadata you choose to share ever leaves the building.

 your_app.py
# Your existing OpenAI code — one change:
from openai import OpenAI

client = OpenAI(
    base_url="https://hima.your-firm.sa/v1",  ← the only change
    api_key="sk-…",
)
# Client prompts now stay on-prem,
# and each call is logged as evidence.
Confidentiality evidence · per inference✓ chain verified
data class
sensitive
matched
saudi_nin, iban
action
kept on-premise
model
ALLaM-7B
prompt hash
9f3a8c1e…b724
cloud egress
none
1. Classify 2. Enforce policy 3. Serve on-prem 4. Sign evidence

Proof, not promises

A confidentiality dashboard your client and SOCPA can read

Other AI-governance tools document policy. Hema sits in the data path and produces the evidence — a live dashboard and a one-click bilingual Client Confidentiality Assurance export mapped to PDPL and NDMO. The cost case writes itself: every sensitive token served on your own hardware is a token you never paid a cloud API for.

1,284
Sensitive inferences kept on-premise
cloud egress: 0
SAR 47,900
Estimated saved vs cloud AI
this quarter
PDPL · NDMO
SOCPA
Confidentiality Assurance Export
bilingual AR / EN · signed

The platform underneath

Your own private AI — Arabic-first, sovereign by construction

The gateway rides on a full sovereign platform. Pool the Windows, Mac and Linux machines you already own into a single, private LAN compute pool; deploy Arabic and open models with one click; and turn your existing apps and data into governed AI agents. Heavy training and overflow can burst to an in-Kingdom sovereign cloud — only when you allow it.

One private compute pool

Pool the idle Windows, Mac and Linux machines you already own into a single-tenant LAN AI cluster. Start with one; scale by adding more.

One-click Arabic models

Deploy ALLaM, SILMA and a growing library of Arabic-first and open models across the fleet in a click — no procurement, no per-use bills.

Governed AI agents

Point agents at your real apps and data — every action runs through the gateway's policy and evidence, so autonomy never costs you compliance.

The decision

Hema vs. cloud AI vs. an AI-governance tool

What mattersHemaCloud AI serviceAI-governance (GRC) tool
Where sensitive data is processedInside your walls, on hardware you ownA third party's shared infrastructureWherever your AI already runs — it only documents
Enforces the data pathYes — classifies & blocks at the gatewayNo — you send the data to use itNo — it sits outside the data path
Per-inference confidentiality evidenceSigned, hash-chained, per callProvider logs, not your evidencePolicy attestations, not per-inference proof
PDPL / NDMO / SOCPA fitCompliant by construction — data never leavesOngoing residency & transfer reviewHelps you document; the risk still exists
CostFlat — on hardware you already ownPer-use, grows with every userA subscription on top of your AI spend
Arabic & Saudi-sector AIPurpose-built Arabic models, on-premGeneral models, no Saudi-sector focusNot an AI provider

Who it's for

Built for the institutions the cloud can't serve

If your data is too sensitive or too regulated to leave your control, Hema is for you — and the evidence layer turns "we think it's compliant" into something you can hand a regulator or a client.

Primary wedge

Audit & accounting firms

Client financial records, working papers and engagement files — analysed by AI on your hardware, with per-matter SOCPA-aligned confidentiality evidence. [SOCPA professional standards reference pending counsel verification]

Primary wedge

Law & IP firms

Contract review and ruling analysis in Arabic, with per-matter client confidentiality evidence. Client files never leave the firm's network.

Regulated

Finance & insurance

Takaful, Islamic-finance and AML/KYC workflows with SAMA-aligned, on-prem processing and signed evidence.

PropTech & real estate

Valuation, listings and lease drafting over national-ID, biometric and tenancy data — kept on-prem under PDPL.

Government & public sector

Formal Arabic correspondence and privacy scanning, fully sovereign and offline-capable.

Energy & telecom

Domain copilots and Saudi-dialect support over operational data that can't leave the enterprise.

Compliance

PDPL, NDMO, SOCPA & Vision 2030 — by construction

Hema removes the hardest part of any AI compliance case: the data leaving your control. Because sensitive information never crosses your boundary, the cross-border and third-party-access questions that stall cloud-AI projects simply don't arise — and now you can prove it, inference by inference.

Hema provides the controls and the per-inference evidence a compliance review evaluates; formal certification is completed with your own assessor and security team.

Common questions

What Saudi audit and law firms ask about AI

Can a Saudi audit firm use ChatGPT on client files?

Sending client financial records to a public AI service like ChatGPT means the data leaves the firm's control and is processed on a third party's infrastructure, which is hard to reconcile with an auditor's professional confidentiality duty and with Saudi PDPL. Hema avoids this entirely: it runs AI on hardware inside the firm's own office, so client files never leave the building, and it records per-inference evidence that the data stayed on-premise.

How can an accounting firm use AI without breaching client confidentiality?

Use an AI system that processes data on-premise instead of in the cloud. Hema is an on-premise AI gateway: prompts containing client data are classified and kept on machines the firm owns, never transmitted to an external AI provider, and each inference produces a tamper-evident, hash-chained confidentiality record the firm can show a client or regulator.

Is there a PDPL-compliant AI tool for accountants in KSA?

Hema is built for PDPL alignment by construction. Because sensitive personal data is processed on-premise inside Saudi Arabia and never transferred outside the firm or the Kingdom, the cross-border-transfer and third-party-access questions that usually block cloud AI under PDPL do not arise. Hema also classifies data sensitivity before each inference and logs signed evidence. Formal certification is completed with the firm's own assessor.

How do I prove to a client their data stayed confidential when using AI?

Hema produces a Client Confidentiality Assurance report: a bilingual (Arabic/English) export showing, per inference, that client data was classified, kept on-premise, and never sent to any external cloud, backed by a SHA-256 hash-chained evidence trail. The firm can hand this report to a client or to SOCPA as objective proof rather than a verbal assurance.

How much does private AI for an audit firm cost?

Hema runs on hardware the firm already owns, so there are no per-use cloud AI fees; cost is flat rather than growing with every user or document. Engagements start with a fixed-scope, six-week paid pilot from SAR 15,000 for one office; annual licensing is scoped to the firm's size after the pilot.

Is Hema edge AI?

Yes — Hema is enterprise edge AI. AI inference runs locally on the firm's own machines, with per-inference compliance evidence generated on those same machines, so content never leaves the premises. Just as edge AI on a phone processes locally rather than sending everything to the cloud, Hema processes AI workloads at the enterprise edge — on hardware inside the firm's walls — giving regulated firms the speed and sovereignty of local compute with the compliance evidence that cloud AI cannot produce.

Hema is an on-premise AI gateway for Saudi audit, accounting and law firms.

With Hema, client files never leave the firm's office — AI runs on hardware the firm already owns.

Hema records per-inference confidentiality evidence and produces a bilingual Client Confidentiality Assurance report mapped to PDPL and NDMO.

Hema classifies every prompt for Saudi sensitive data (national ID, IBAN, patient records) before it is processed, enforcing the firm's data-handling policy at the gateway.

Hema is Arabic-first and built in Saudi Arabia.

Hema engagements start with a paid six-week pilot from SAR 15,000 for one office.

See it inside your own walls.

Check your exposure in 2 minutes, or book a 30-minute demo — watch sovereign Arabic AI serve a sensitive prompt and sign the evidence, all on hardware you own. No credit card. No cloud agreement. Paid pilots from SAR 15,000.