Inference and agents, in the KingdomPay per token · Saudi RiyalDCP-Agent for Saudi business · agents.dcp.saAgents can rent a GPU · npx -y github:dhnpmp-tech/dcp-mcpEarn Riyal from your GPUPDPL · Saudi data residencyInference and agents, in the KingdomPay per token · Saudi RiyalDCP-Agent for Saudi business · agents.dcp.saAgents can rent a GPU · npx -y github:dhnpmp-tech/dcp-mcpEarn Riyal from your GPUPDPL · Saudi data residency
DCP
Sign inStart free →
DCP
Explore
01Overviewنظرة عامةSovereign Arabic AI runtime02PricingالأسعارPer-million-token · SAR03GPU Podsحاويات GPURent a whole GPU on demand04AgentsالوكلاءZero-human onboarding · MCP05DocsالتوثيقOpenAI-compatible API06EarnاكسبEarn Riyal from your GPU07SupportالدعمTalk to the team
In-Kingdom · PDPL© 2026 · Riyadh
Security posture · enforced in productionCompanion to the trust center
Security

Sovereign by default, secured by design.

The production controls behind every DCP request — network, isolation, keys, billing integrity, and Saudi data residency. This is the security baseline the trust center references.

Request a security review →Trust center
🇸🇦 PDPL🇸🇦 KSA-resident🔒 TLS · WireGuard
01 — Control domainsHow a request stays safe
01

Network & transport

Provider rigs join a private WireGuard mesh; renter traffic reaches the platform over TLS only.

  • Per-peer WireGuard keys — no rig is reachable from the open internet.
  • Public API served over HTTPS with modern TLS and strict transport security.
  • Inference is routed only to rigs that pass a live reachability + inference probe.
02

Workload isolation

Renter inference runs inside an isolated runtime on the provider host — the prompt never touches the host filesystem.

  • Each job runs in a contained runtime, separate from the host and other tenants.
  • Providers serve compute, not custody — they never see renter data at rest.
  • Stronger sandboxing (gVisor-class) is on the roadmap for the sandboxed tier.
03

Keys & access

Renter and provider keys are scoped, revocable, and never logged in clear text.

  • API keys are minted per account and can be rotated or revoked at any time.
  • Secrets live in environment configuration, never hardcoded in source.
  • Administrative actions are gated and recorded for audit.
04

Billing integrity

Only successful inference is billed — metering is atomic, idempotent, and server-measured.

  • Charges settle server-side, in Saudi Riyal, against measured token usage.
  • A balance gate returns HTTP 402 before any unpaid work runs.
  • Settlement is idempotent — a retried request cannot double-charge.
02 — Data residencyIn-Kingdom by default

Your data stays in the Kingdom.

Sovereign requests run end-to-end on verified Saudi GPUs. A cross-border frontier model is the single exception — gated behind explicit per-tenant opt-in and logged distinctly.

in_kingdom_defaultSovereign requests touch only verified Saudi GPUs and never leave the Kingdom.
frontier_opt_inCross-border frontier models stay off until a tenant explicitly enables them.
pdpl_audit_trailEvery route is logged for PDPL residency compliance.
03 — How we operateDay-to-day practice
01

Input validation at every boundary

Untrusted input is validated before it is processed; the platform fails fast with clear errors.

02

Least privilege

Services and accounts get only the access they need, and admin surfaces are gated.

03

Audit-ready logging

Job lifecycle, payment, and administrative actions are aligned to exportable evidence.

04

Coordinated disclosure

Report a vulnerability to security@dcp.sa; we triage and respond before disclosure.

04 — On the roadmapTracked openly
Certifications in progress

SOC 2 Type II control mapping is active and ISO 27001 gap assessment is queued. Live status for each artifact lives in the trust center.

See the certification roadmap →
For procurement & security teams
Review the posture.

Open an enterprise security review and we will return a control-by-control plan, plus the trust artifacts your team needs.

Request a security review →security@dcp.sa