Security · Frankfurt

No data leavesEurope.

Hosted in Frankfurt. GDPR from day one. No US cloud transfer, no add-on DPA, no forms.

Data residency

🇩🇪 Frankfurt

AWS eu-central-1 · primary

Hetzner FSN1 · secondary

Commitments

Not a policy. An architecture.

◎

GDPR

DPA as standard — not an add-on

Our DPA is included in the contract. No SCCs, no US transfer, no Privacy Shield debate.

◉

Encryption

TLS 1.3 · AES-256 · BYOK

In transit and at rest. Enterprise: bring your own AWS KMS key. Rotation every 90 days.

◈

AI training

Your data doesn't train our model

Opt-in, never default. Turn on if you want sharper DISC; turn off if you're a bank.

ISO

27001

Certified · 2025

SOC 2

Type II

Report on request

GDPR

DPA

Standard in contract

Uptime

99,97 %

Last 12 mos.

Pen-test

2x/year

Nordic Pentest Co.

US data

0 B

At all times

All in the EU. Changes announced 30 days in advance.

Vendor	Function	Region	Data
AWS	Hosting · primary	eu-central-1 · DE	Everything
Hetzner	Backup · secondary	FSN1 · DE	Backup
Mistral	LLM · inference	Paris · FR	Transcript, anonymized
Scaleway	Object storage	Paris · FR	Audio files
Postmark	Transactional email	Frankfurt · DE	Metadata
Stripe	Payments	Dublin · IE	Invoice data

GDPR · Frankfurt · EU-only

Send dine juridiske spørgsmål direkte. Vi svarer inden for fire arbejdstimer — med faktiske detaljer, ikke salgsvinkler.