PrivacyTrust is our product
Self-hosted EU infrastructure, zero third-party LLM calls, and GDPR compliance by design — not as an afterthought.
Data Flow
How your data moves
How We Protect You
Security Practices
Encryption at Rest & In Transit
AES-256 at rest. TLS 1.3 in transit.
Self-Hosted EU Infrastructure
All models and data processing run on infrastructure we control within the EU. Your data is never sent to third-party AI providers like OpenAI, Anthropic, or Google.
Data Isolation
Each customer's data is logically isolated in a dedicated tenant. We never use your data to train models or share it across tenants.
Regular Penetration Testing
We conduct regular penetration testing with independent third-party firms and publish summary reports to enterprise customers upon request.
Transparency
Sub-Processors
Current list of third-party processors with access to any customer data.
| Processor | Purpose | Location | Data Processed |
|---|---|---|---|
| OVHcloud | Cloud infrastructure & compute | Belgium · London · Frankfurt | Application hosting, model inference, data storage |
| Plausible Analytics | Privacy-friendly website analytics | EU | Anonymous page views (no cookies, no personal data) |
| Tally.so | Trial signup forms | Belgium (EU) | Name, email, company (form submissions only) |
| Attio | CRM & customer management | UK / EU | Contact details, company information |
| Termly | Cookie consent & privacy compliance | EU | Consent preferences |
| Leexi | Call recording & transcription | EU | Call audio, transcripts, meeting metadata |
| Stripe Payments Europe Ltd | Payment processing & subscription billing | EU (Ireland) | Payment details, billing information, subscription status |
Status
Certifications we're pursuing
GDPR is live today. ISO 27001 and SOC 2 Type II are on deck.
GDPR Compliant
ActiveFully compliant with the General Data Protection Regulation from day one. DPA included as standard.
ISO 27001
Q4 2026Information security management certification. Currently in implementation phase with target certification by Q4 2026.
SOC 2 Type II
2027Service organization control audit for security, availability, and confidentiality. Planned post ISO 27001.
Roadmap
ISO 27001 Roadmap
Here's exactly how we get to ISO 27001:2022 certification.
Gap Analysis
Comprehensive gap analysis against ISO 27001:2022 requirements. ISMS scope defined.
Policy & Controls Implementation
Drafting all required policies, procedures, and implementing Annex A controls. Risk assessment completed.
Internal Audit & Certification
Internal audit, management review, and Stage 1 + Stage 2 certification audit with accredited body.
Surveillance & Continuous Improvement
First surveillance audit cycle. Continuous ISMS improvement and SOC 2 Type II preparation.
Request Our DPA & Security Pack
Get instant access to our signed DPA, data flow diagrams, ISO 27001 commitment, and privacy guarantee — all in one secure Tresorit repository.