For Data Protection Officers
Your DSAR queue
runs in this product.
Your EU AI Act Article 50 transparency notice is generated here. Your hash-chain audit log exports to your regulator in 60 seconds. Hosted in Azure Sweden Central (EU), with zero US sub-processors for platform data.
Sub-processor list · public
EU-onlyNine parties.
All EU.
Microsoft Azure
Application hosting · Database
EU · Sweden Central
Azure OpenAI Service
AI inference for the four AI specialists
EU · Sweden Central
Microsoft Entra ID
Identity, SSO, SCIM provisioning
EU tenancy
Azure Key Vault
Secret & key management
EU
Azure Blob Storage
Document store · Tenant-isolated
EU · Sweden Central
Azure AI Search
Per-tenant policy indexing (RAG)
EU · Sweden Central
Azure Monitor / Application Insights
Error + performance telemetry (PII-scrubbed)
EU · Sweden Central
Cloudflare
CDN + DNS for marketing site only
EU edge (US-incorporated entity)
Resend
Transactional email for contact form
EU
Material changes notified to customers 30 days in advance · See DPA Annex III
DSAR workflows, built-in
Subject access, rectification, erasure, portability. Every DSAR request is a first-class workflow with deadlines, evidence trails, and an audit-ready export. No spreadsheet on the side.
Article 50 transparency, generated
Every AI specialist publishes its own transparency notice: data sources, retention, decision boundaries, escalation paths. The notice is versioned with the agent, no annual rewrite cycle.
Hash-chained audit log
Append-only. Tamper-evident. Exportable to your regulator within 60 seconds. Every employee question, every HR decision, every AI output: chained and signed.
EU-only sub-processor list
Both application data and AI services hosted in Azure Sweden Central (EU). Zero US sub-processors for platform data in the default configuration. The DPA names every party.
Tenant isolation by structure
Tenant ID is enforced at four boundaries: HTTP request (Entra ID token claim), database query (Prisma row scope), background job (tenant in payload), AI call (per-tenant prompt construction). Each boundary fails closed in CI, not at the policy layer.
Customer-managed keys
On Enterprise, encryption keys live in your Azure Key Vault. We hold the ciphertext; you hold the keys. Rotate, revoke, or terminate access on your schedule.
The engineering rules
Twelve constraints the engineering team is not allowed to break.
Below the DPO surface sits the engineering contract that makes the surface honest. These rules are enforced in code review and in CI, not in policy documents.
Every database query must be tenant scoped.
Every API request must validate tenant context from the auth token.
Every background job must carry and enforce a tenant ID.
Every AI call must only receive tenant-authorised context.
AI agents may not write directly to the database.
AI agents must cite sources and provide confidence scores.
AI agents must escalate to humans when uncertain.
No PII in logs. No salaries in logs. No medical data in logs.
No Azure OpenAI endpoints exposed to the client.
No secrets in code or config files.
All input must be validated and sanitised.
Managed identities over connection strings whenever possible.
The stack
Built on Azure. Built for the EU.
Frontend in Next.js. Backend in NestJS. Workers in Node. PostgreSQL plus Prisma. Redis and BullMQ for queues. Azure Blob for documents. Azure AI Search for indexing. Azure OpenAI for inference. Microsoft Entra ID for identity. Bicep for infrastructure as code.
stack
Azure
stack
Entra ID
stack
Key Vault
stack
Blob Storage
stack
AI Search
stack
PostgreSQL
stack
Redis
stack
BullMQ
stack
Bicep
Frequently asked
Security questions, answered upfront.
How is tenant isolation enforced?
Every request carries a verified tenant context. Every database query is tenant scoped. Background jobs carry and re-verify the tenant. Document indices are isolated. AI calls only receive context the tenant is authorised to access.
How is authentication handled?
Microsoft Entra ID for enterprise SSO. SCIM provisioning. App-side RBAC with attribute-based access control. Optional MFA enforcement. Optional conditional access policies.
How are AI calls protected?
Models are hosted in Azure OpenAI within the EU. Conversation data never enters general training corpora. Prompts are constructed server-side, never on the client. Tool invocations follow per-agent allowlists.
What about secrets and encryption?
TLS 1.2+ in transit. AES 256 at rest. Secrets in Azure Key Vault. Managed identities preferred over connection strings. Customer-managed keys available on the Enterprise tier.
How do we test for vulnerabilities?
Static analysis on every commit, dependency scanning, secrets scanning, infrastructure-as-code scanning, and annual third-party penetration testing. Reports are available under NDA.
Send the SIG questionnaire. Get a response in 5 working days.
We respond to SIG, CAIQ, and bespoke questionnaires within 5 working days. Pentest reports, SBOMs, and security-controls documentation available under NDA. EU hosted, GDPR Article 32 controls implemented, NEN 7510 aligned.