Trust & Compliance

AI you can defend to your DPO

We build AI for European enterprises that have to answer to regulators, auditors, and their own data-protection officers. That means GDPR by design, EU AI Act readiness, EU data residency, and a private on-premise option where your data never leaves the building.

GDPR by design

Privacy is the default, not an afterthought

→Data minimization: we only process the data a use case genuinely needs.
→A clear lawful basis and purpose for every processing activity.
→Support for data-subject rights (access, correction, deletion) built into the workflow.
→Your content is never used to train third-party models without your explicit consent.

EU AI Act-ready

Designed around the rules you will be audited on

→Every deployment is risk-classified against the EU AI Act before it ships.
→Transparency by default: users are told when they are interacting with AI.
→Human-in-the-loop oversight on consequential decisions, not full autonomy.
→Technical documentation and logging so you can evidence compliance.

EU data residency

Your data stays in Europe

→Processing pinned to EU (and Austria-specific) regions where required.
→No transfers to non-adequate jurisdictions without appropriate safeguards.
→Clear documentation of where every piece of data lives and flows.

On-premise & private LLMs

The sovereign option: it never leaves your walls

→Run open-source models (Llama, Mistral, Qwen) on your own hardware or private VPC.
→An air-gapped deployment option with no external internet dependency.
→You own the infrastructure, control the data, and decide what the model learns.

Contracts & security

The paperwork your DPO will ask for

→A Data Processing Agreement (DPA) available for every engagement.
→A defined, disclosed list of sub-processors.
→Encryption in transit and at rest, with role-based access controls.
→A documented incident-response process and clear points of contact.

Compliance questions, answered

Will our data be used to train AI models?

No. Your data is processed only to deliver the agreed service and is never used to train third-party models without your explicit, written consent. With the on-premise option, your data never leaves your infrastructure at all.

Where is our data stored and processed?

In the EU by default, and pinned to Austria-specific or EU-only regions where you require it. We document the full data-flow so you can evidence residency to auditors or your DPO.

Can the AI run entirely on our own infrastructure?

Yes. We deploy open-source LLMs on your hardware or private cloud, including a fully air-gapped option. This is the strongest data-sovereignty posture available and is a core part of what we build.

Is what you build EU AI Act compliant?

We design every deployment to align with the EU AI Act: we risk-classify the use case, build in transparency and human oversight, and produce the technical documentation and logging you need. Final compliance always depends on your specific deployment and legal review, which we support.

Do you sign a Data Processing Agreement (DPA)?

Yes. A GDPR Article 28 DPA is available for every engagement, along with our sub-processor list, before any data is processed.

How do you handle data deletion or subject-access requests?

Deletion and subject-access handling is built into the workflows we deploy, so you can fulfil GDPR requests within the required timeframes rather than bolting it on later.

Need this in writing for procurement?

We will walk your team (and your DPO) through our DPA, data flows, and the on-premise option, and tailor the setup to your compliance requirements.

Book a compliance call See the on-premise stack