Security & Trust

Your data is stored and processed in Switzerland. AI processing runs in Zurich via Google Vertex AI.

• Swiss-hosted infrastructure (Zurich, Switzerland)
• No data stored outside Switzerland
• AI processing in Switzerland (Zurich)
• EU–Switzerland adequacy decision enables free data flows without SCCs

Industry-standard encryption protects your data at every layer.

• TLS 1.3 in transit for all API and UI traffic
• AES-256 encryption at rest (managed encryption keys)
• Database encryption at rest

Secure, modern authentication with strict access controls.

• Google OAuth 2.0 and OTP email authentication
• Role-based access control (admin / regular user)
• Workspace and project isolation (multi-tenant scoping)

Built to meet European data protection standards from day one.

• GDPR compliant
• Swiss Federal Act on Data Protection (nFADP) compliant
• Privacy policy available in 7 languages
• Terms of service available in 7 languages
• Data Processing Agreement (DPA) available on request
• Customer data is never used to train AI models
• Clear data retention and deletion policies

Your queries and documents stay yours. We never use them to improve models.

• Customer queries and documents are not used to train AI models
• Regulatory source data is derived from publicly available guidelines
• Uploaded documents scoped to your project, never shared across tenants

Enterprise-grade cloud infrastructure with Swiss data residency.

• Google Cloud Platform (GCP)
• Cloudflare CDN and DDoS protection
• Proton Mail for transactional email (Swiss provider)

We are committed to continuous improvement of our security posture.

• Working towards ISO 27001 certification
• SOC 2 Type II planned
• Penetration testing planned
• Cyber insurance planned