GDPR, ISO 27001, ISO 9001. Audited, certified, documented.
Data processing agreements per Art. 28 GDPR. Documented technical and organisational measures. Data transit within EU/CH only.
Certified ISMS. Risk analysis, incident response, access control, encryption.
Certified QMS. Defined processes for development, deployment, support.
Operated by Dawico Deutschland GmbH in a Tier-IV data center. Geo-redundant, BSI IT baseline protection, renewable energy.
Swiss AG without US parent. No US authority access. No FISA 702 orders.
TLS 1.3 in transit. AES-256 at rest. HSM-backed key management. CMK on request.
We store only contract and billing data pursuant to Art. 6 (1) (b) GDPR. AI content — prompts, inputs and model outputs — is processed ephemerally during inference, never persisted, no logging.
Customer data is never used to train models. No third-party sharing.
