What happens to your data when you work with us.

The short version

• EU data residency by default. Frankfurt (AWS eu-central-1) primary, Stockholm fallback.
• Tenant isolation per client. Your data and our agents' state are not commingled with other clients'.
• Zero-training on your data. Contractual guarantee with Anthropic / OpenAI / Google enterprise tiers.
• Audit logs for every agent action — prompt, tools, output, cost. Replayable. Exportable.
• DPA signed before any production access. Standard template; bilingual EN/DE on request.
• Right to delete: 30-day read-only archive on contract end, then full deletion with a certificate.
• SOC 2 readiness: targeting month 12 (Q3 2026). Currently controls in place but not yet attested.

Data residency

All client data — documents, intermediate outputs, model prompts, model responses — is stored and processed in EU jurisdictions:

• Primary compute: AWS eu-central-1 (Frankfurt, Germany)
• Storage: EU-region S3 buckets with at-rest encryption (AES-256)
• Backup region: AWS eu-north-1 (Stockholm, Sweden), encrypted in transit
• LLM providers: Anthropic via Amazon Bedrock EU endpoints; OpenAI via Azure OpenAI EU; Google Gemini via Vertex AI EU. All routed through EU-resident endpoints; no transatlantic data transit by default.

For US clients who specifically require US data residency, that is also available on request — pinning to AWS us-east-1 with the same isolation guarantees.

Tenant isolation

Each client account is a separate logical tenant:

• Database row-level isolation enforced at the application layer with cryptographic key separation per tenant.
• Agent runtime state (memory, context, scratch data) is scoped to the tenant. No cross-tenant context bleed possible.
• API access tokens are tenant-scoped — a token issued for client A cannot read or write client B's data.
• Audit logs are tenant-scoped — operators reviewing your account only see your account.

Zero-training agreement

Your data is not used to train any foundation model. This is contractually guaranteed in three layers:

1. Our contract with you: Standard MSA includes the zero-training commitment.
2. Our contracts with LLM providers: Anthropic (Claude), OpenAI, Google Gemini — all on enterprise/Bedrock/Azure tiers with explicit no-training-on-customer-data terms.
3. Architectural: No fine-tuning of foundation models on client data. We do build small per-client memory layers (RAG, embeddings) but those live in your tenant's storage and never leave.

Audit logs

Every action an agent takes inside your tenant is logged:

• What was logged: prompt, tool calls, intermediate outputs, final output, model name + version, cost in EUR, timestamp, operator who reviewed.
• Retention: 30 days hot, 12 months cold, on request longer.
• Format: structured JSON, exportable via signed URL on demand.
• Replayability: any agent run from the last 90 days can be re-executed against a clean tenant for debugging, with identical inputs producing identical (or near-identical, due to model temperature) outputs.

Operator gate

The single biggest security control on the AI side is the human gate:

• Every artifact passes through a senior human operator before it reaches you.
• The operator carries the accountability. The agents carry the load.
• An operator's review is itself logged (who reviewed, when, what changes they made to the agent's draft).

This is not a marketing point — it is the design constraint. We do not ship unsupervised AI output to clients. Period.

Encryption

• In transit: TLS 1.3, HSTS preload, modern cipher suites only. The vercel.json in our repo enforces this.
• At rest: AES-256 with AWS KMS-managed keys, per-tenant key derivation.
• Secrets: AWS Secrets Manager + KMS; no plain-text credentials in code, CI, or logs.

Sub-processors

We use a small list of well-known sub-processors. Each is enumerated in the DPA. As of 2026-05:

• AWS — primary compute and storage (EU regions only by default)
• Anthropic — Claude inference via Amazon Bedrock EU
• OpenAI — GPT inference via Azure OpenAI EU (used selectively)
• Google — Gemini inference via Vertex AI EU (used selectively)
• Vercel — static site hosting for this marketing site only; no client data ever touches Vercel
• Cloudflare — bot protection (Turnstile) on contact form only
• Cal.com — booking calendar embed; only sees the email address you submit for the call
• Stripe / Wise — payment processing for subscriptions

We notify clients in writing 30 days before adding any new sub-processor.

Vendor security review materials

Available under NDA after the first procurement call:

• Latest penetration test report (annual schedule)
• SOC 2 readiness gap analysis (formal attestation targeted Q3 2026)
• Network architecture diagram
• Incident response runbook
• Business continuity plan (multi-region, distributed team)
• Vendor due diligence questionnaire pre-filled (SIG, CAIQ formats supported)

Right to be forgotten

When you end your contract:

1. Day 0–30: Your data moves to a read-only archive. You can export everything via signed URLs.
2. Day 30+: Full deletion across primary, backup, and audit-log systems. We issue a signed certificate of deletion.
3. Exceptions: Tax-record requirements may force us to retain billing data for 7 years (EU norm); this is enumerated in the DPA.

Incident response

If something goes wrong (a breach, an unauthorised access, an AI output that escaped review and reached a client):

1. The on-call operator triggers the incident runbook within 1 hour of detection.
2. You are notified within 24 hours if your tenant is affected — even if the impact is uncertain.
3. GDPR Article 33 notifications to the relevant DPA within 72 hours where applicable.
4. Post-incident: a written postmortem within 7 business days, including root cause, remediation, and any changes to our process.

Reporting a vulnerability

If you find a security issue, please report it to security@logitelia.com. We respond within one business day. We do not have a bug-bounty programme yet (under consideration for Q4 2026), but we credit reporters in our public security acknowledgements page on request.

DPA download

Our standard DPA template is available on request — email security@logitelia.com and we send the latest version (PDF, GDPR-compliant, bilingual EN/DE) within one business day. We also sign your DPA template if it's reasonable.

What we are not yet

Honest about gaps:

• SOC 2 Type II: not yet attested. Controls are in place; formal audit Q3 2026. We share the gap analysis on request.
• ISO 27001: not pursued yet. If you need it as a hard requirement, we are not the right vendor today.
• HIPAA / BAA: not in scope. We do not handle PHI. See our healthtech page for what we will and will not do for healthcare-adjacent clients.
• PCI DSS: not in scope. We do not handle cardholder data — payments go through Stripe / Wise directly.
• FedRAMP: not in scope.

Questions?

Procurement, legal, IT security, founders worried about a specific scenario — write to security@logitelia.com and we will answer in writing within one business day.