Loading…
A separately negotiated SKU of iDBQuery Desktop with no idbquery.com login, no weekly token refresh, no update poll, and no cloud-fetched prompts. Signed offline license, USB delivery, hands-on SE handoff. Built for defense, classified govt, healthcare, and banking customers who must verify zero outbound traffic.
Classified networks where no outbound traffic is permitted. Bring iDBQuery in via USB, run forever offline.
FedRAMP-equivalent or higher environments where third-party SaaS is non-starter. Verifiable with on-prem packet capture.
Patient data that can't touch a third-party LLM API. HIPAA-friendly by construction — there is no third party.
Trading floors, regulated lending, and isolated bank networks where customer data and queries must never leave the perimeter.
Same product surface — same agent loop, same connectors, same UI. The auth model and delivery process are different.
No idbquery.com login
First launch detects no network and skips the cloud login step entirely. No idbquery.com account is provisioned for these users.
No weekly token refresh
Standard SKU refreshes a 7-day JWT against the cloud weekly. Air-Gapped skips this — no token, no refresh, no banner about reconnecting.
No update poll
Standard SKU optionally polls updates.idbquery.com. Air-Gapped doesn't. Updates are delivered out of band when the customer requests them.
No cloud-fetched prompt blocks
Sensitive prompt blocks that Standard fetches at session start ship inside the bundle on Air-Gapped. Trade-off: those prompts can be inspected on disk; we accept it for this SKU.
Signed offline license file
license.json signed Ed25519 by Intrazero, validated on launch by an embedded public key. Typical validity 1–3 years. Renewal = new license file via secure channel.
Bundled model weights
Dedicated installer with the chosen on-device model weights pre-bundled (~15 GB). Customer never has to pull from a model registry.
Hands-on SE delivery
Solutions engineer escorts the install where chain-of-custody is required: USB transfer, SHA256 verification against published manifest, on-site validation.
Disconnect the machine at the OS level (or use a network namespace with no egress). Install. Drop the license file. Run any iDBQuery workflow — chat, schema introspection, folder ingest, report build, PDF export. Run tcpdump or Wireshark and confirm zero packets to anything except the customer-chosen data sources you've explicitly configured.
We scope your environment: hardware tier, model choice, license duration, delivery method (USB, signed PDF, courier — per your policy).
Installer + bundled model weights, SHA256-checksummed against a published manifest. Built once, fixed, no auto-update wired in.
Transfer via your approved media. Your team verifies SHA256 sums on receipt before installing on any production machine.
Customer runs installer offline. Intrazero issues a signed license.json (signed offline on our air-gapped key). Customer drops the file at the documented path; the app validates the signature with the embedded public key and unlocks.
For installs that require chain-of-custody (defense, certain federal contracts), an Intrazero solutions engineer can travel on-site and run through the install + signature verification with your team. The signing key for license.json lives on an air-gapped machine; we never sign on a networked host.
Air-Gapped bypasses our SaaS cohort metrics, requires hands-on delivery, and ships with bundled model weights and a signed offline license. We price it accordingly — typically 5–10× the cloud Enterprise tier — and every deal is scoped to the customer's environment.
Number of seats, hardware tier per seat, target model, license duration, delivery channel, on-site SE requirement, renewal cadence, your security questionnaire, and data-source connectivity that's allowed inside your perimeter.
We don't list the Air-Gapped SKU on the pricing page. Tell us about your environment and we'll come back with a fitted proposal.
No credit card required · 1M tokens / month free