Security, residency, and compliance
This is the section your CISO will read first. We wrote it for them.
Legal & contracting
Engagements run through our EU entity. DPA, SCCs, and a sub-processor list provided before kickoff.
Where engineers sit
Pod composition is disclosed per engagement, including country of residence for each engineer. We do not sub-contract silently.
Access model
Least-privilege, time-bounded, SSO-backed. No engineer holds production credentials beyond the engagement window.
Code & data handling
All code lives in your repositories. We do not maintain a shadow copy. Prompts and model traffic stay inside your tenancy where the workload requires it.
Frameworks we map to
GDPR · NIS2 · DORA · ISO 27001 · SOC 2 · BSI C5 · EU AI Act.
The Phase 1 memo classifies your specific system against each applicable framework, names the obligations it triggers, and lists the evidence we will produce as the system ships.