The most privacy-conservative way to put AI on your business.
Your data is never used to train models. It lives in the EU. The AI can only read what you can. And everything it does is logged, attributed, and reviewable. Here is exactly how that works — and who helps us run it.
Isolated by design
Every table is protected by row-level security, scoped per account and per workspace. Encryption in transit and at rest.
The AI sees what you see — nothing more
AI retrieval runs under the permissions of the person asking. Restricted documents and private chats never reach the model for someone without access.
Named-user access to tools
Each connected tool can be restricted to named teammates. Locked chats and restricted documents stay with their owner and allowlist — admins included.
Every AI action is attributed
Every model call, tool call and delivery is logged with who triggered it, when, and at what cost. Admins see the full audit trail in the app.
Human in the loop
Sensitive tool actions can require explicit confirmation before they run, and documents move through a draft → confirmed → published review gate.
AI output is labeled
Briefings and findings delivered by email or chat channels are marked as AI-generated — ahead of the EU AI Act transparency mandate of August 2026.
Data at rest in the EU
All workspace data is stored in Stockholm, Sweden, operated by a Dutch company under GDPR.
No lock-in
Export your entire workspace — conversations, insights, documents with history, memory, audit logs — self-service, machine-readable, free.
Which models touch your data, and on what terms.
| Surface | What it does | Models |
|---|---|---|
| Chat | Answers questions on your curated workspace context | Claude (Anthropic) · Gemini (Google) |
| Agents | Scheduled monitoring & analysis of the sources you configure | Claude (Anthropic) |
| Studio | Drafts documents, reports and decks in your brand voice | Claude (Anthropic) |
- Never trained on. Our agreements with the model providers exclude your content from model training, on every surface.
- Honest about regions. Data at rest stays in the EU (Stockholm). Model inference runs in the providers' secure clouds (US/global) under Standard Contractual Clauses today — EU-resident inference is on our roadmap for H2 2026, and this page will say so plainly when it ships, not before.
- Curated context, not a data dump. Models receive the context your team curates — insights, memory, brand rules — not a raw pipe into your connected systems. Data minimisation is the product, not a setting.
Subprocessors, by purpose and region.
The complete named register — with each provider's role, region and transfer safeguard — is part of our DPA, available to every business customer. We give 30 days' notice before any change.
| Purpose | Provider | Region & notes |
|---|---|---|
| Database, authentication & file storage | EU cloud database platform | EU (Stockholm, Sweden) |
| AI models | Anthropic (Claude) · Google (Gemini) | US / global — never used for training |
| AI request routing | Specialised AI gateway | US |
| Scheduled web research | Web research API | US |
| Connected tools (OAuth) | Integration platform — holds the tokens you authorise | US |
| Browser automation (sources you configure) | Browser automation service | US |
| Background job scheduling | Job orchestration platform | US |
| Email delivery | Transactional email service | US |
| Payments & invoicing | Stripe | US / EU (PCI-DSS — we never see card numbers) |
| Application hosting (static app delivery) | Cloud hosting platform — no workspace data stored here | US provider |
| Public procurement feeds | TenderNed / TED (public EU data, outbound queries only) | EU |
24-hour incident notice
If an incident touches your data, we tell you within 24 hours of confirming it — faster than GDPR requires, aligned with what NIS2-regulated clients need from their vendors.
Procurement-ready paperwork
DPA with SCCs and the named subprocessor register, a pre-filled DPIA support pack for your privacy team, and a NIS2 vendor pack — on request, no negotiation marathon.
Ahead of the rules
AI-labeled output before the AI Act's August 2026 transparency mandate. Free, machine-readable exit before the Data Act's 2027 deadline. ISO 27001 + ISO/IEC 42001 certification programme on the 2027 roadmap.
Found a vulnerability? Want the DPA?
Report security issues via the contact page (mention "security") — we respond fast and never pursue good-faith research. For the DPA, DPIA pack or security questionnaire answers, same address.
See also the privacy policy and terms of service.