Infrastructure
UpCloud SE-STO-1 (Stockholm). ISO 27001-certified data centre.
Encryption
AES-256 at rest. TLS 1.2+ in transit. All API keys stored as SHA-256 digests.
AI inference
Mistral AI, France. No cross-border transfers outside the EU.
Access control
Role-based access. Least-privilege principle. Session tokens expire.
No model training
Your content is never used to train shared AI models. Ever.
Log retention
Access logs auto-expire after 30 days.
Responsible disclosure
If you discover a security vulnerability, please report it to [email protected]. We aim to respond within 48 hours and will credit researchers who follow responsible disclosure practices.
Incident response
In the event of a breach affecting customer data, we will notify affected customers within 72 hours in accordance with GDPR Art. 33/34.