SecurityEngineered for trust.
EU-hosted. Encrypted end to end. Compliant by design.
01
Hosting & Infrastructure
Where your data is processed and stored.
- 100% EU-hosted (Frankfurt, Germany)
- Built on Supabase (ISO 27001, SOC 2 Type II)
- Data never leaves the EU
- Edge delivery via Cloudflare
02
Encryption
Layered encryption across every connection and disk.
- TLS 1.3 for all data in transit
- AES-256 encryption at rest
- AES-256-GCM for API keys and tool secrets
- Bcrypt password hashing
03
Privacy & GDPR
Compliant with EU data protection law.
- Fully GDPR compliant
- Data Processing Agreement available on request
- Right to export, delete, and access your data
- Conversations are never used to train AI models
04
Access Control
Strict tenant isolation and role-based access.
- Row Level Security on all tenant data
- Role-based team permissions
- Secure session management
- Rate limiting on all public endpoints
05
Monitoring & Reliability
Continuous observability and audit logging.
- Real-time error tracking with Sentry
- Structured audit logging
- 99.9% uptime target
- Automated daily backups
06
Compliance status
What is in place today and what is on the roadmap.
- GDPR compliantActive
- Hosted on ISO 27001 certified infrastructureActive
- Hosted on SOC 2 Type II certified infrastructureActive
- Own ISO 27001 certificationRoadmap 2026
07
Sub-processors
All sub-processors are GDPR compliant and bound by a Data Processing Agreement.
| Provider | Purpose | Location | Compliance |
|---|
| Supabase | Database, auth, storage | Frankfurt, EU | ISO 27001, SOC 2 |
| Stripe | Payments | Ireland, EU | PCI DSS Level 1 |
| Sentry | Error monitoring | EU region | GDPR DPA |
| Cloudflare | CDN, edge security | Global edge | ISO 27001, SOC 2 |
| OpenAI / Anthropic / Google | Language model inference | Configurable per tenant | Provider-dependent |
Security questions?
Security questionnaires, DPAs, and architecture reviews on request.