Security

Security & Compliance

As an EU-based company, we provide enterprise-grade security with native GDPR compliance and full EU data sovereignty. Your data stays in Europe, under EU jurisdiction.

EU-Native Compliance

Built for European enterprises. Native compliance, not retrofitted.

ISO 27001

Information Security Management System certification demonstrating our commitment to systematic and ongoing management of information security risks.

Certified · Audited annually

EU Data Sovereignty

Your data stays in Europe. As an EU-established company, we process and store all data within EU borders. No transatlantic transfers, no US jurisdiction concerns.

View our DPA

Native GDPR

GDPR compliance from founding, not retrofitted. As a Romanian company, we're directly subject to EU data protection law — no SCCs or adequacy decisions needed.

View Privacy Policy

EU AI Act Compliant

Designed for the EU AI Act with comprehensive documentation, risk assessments, and transparency measures for our AI systems.

View Acceptable Use

Why EU-Based Matters

For European enterprises, working with an EU-based AI provider eliminates common compliance headaches.

No Schrems II Concerns

Data stays in EU jurisdiction. No transatlantic transfer complexity.

No CLOUD Act Exposure

Romanian company, EU jurisdiction only. No US government access.

Simplified Compliance

Direct GDPR subject. No adequacy decisions or SCCs required.

Security Practices

Defense in depth: multiple layers of security controls protect your data.

Infrastructure Security

EU-based cloud infrastructure with ISO 27001 certifications
All data encrypted at rest using AES-256 and in transit using TLS 1.3
Network segmentation and private VPCs with strict firewall rules
Regular vulnerability scanning and annual penetration testing
DDoS protection and Web Application Firewall (WAF)

Access Controls

Role-based access control (RBAC) with principle of least privilege
Multi-factor authentication (MFA) required for all employees
SSO integration with enterprise identity providers (SAML, OIDC)
Comprehensive audit logging of all access and actions
Quarterly access reviews and immediate deprovisioning

Data Protection

Customer data isolation with logical and physical separation
Automated backups with encryption and EU geographic redundancy
Data retention policies with secure deletion procedures
Customer data never used for model training without explicit consent
EU data residency by default

Organizational Security

Background checks for all employees with data access
Annual security awareness training and phishing simulations
Documented incident response plan with regular tabletop exercises
Business continuity and disaster recovery plans tested annually
Security monitoring and incident response

AI-Specific Security

Additional safeguards specific to AI systems and model security.

Model Isolation

Customer-specific models are isolated and never shared. Fine-tuned models are encrypted and access-controlled.

Input/Output Filtering

Content moderation and safety filters to prevent generation of harmful or inappropriate content.

Prompt Injection Protection

Multi-layer defenses against prompt injection and jailbreak attempts.

Audit Trails

Complete logging of API calls, model interactions, and administrative actions for compliance.

Data Minimization

We only process and retain the minimum data necessary for service delivery.

Red Team Testing

Regular adversarial testing of our AI systems to identify and address vulnerabilities.

Security Questions?

Our security team is here to help with questionnaires, audits, and compliance reviews.

[email protected] View our DPA

Responsible Disclosure: Report security vulnerabilities to [email protected]