Trust & Compliance

Built for the European standard

Working across borders with talent and AI demands strict rules. Our compliance framework keeps your data protected, your AI responsible and your operations audit-ready.

🛡️

GDPR

Lawful basis, data-subject rights, data minimization and EU-aligned retention periods built into every workflow. See our GDPR page.

🔐

Data security

Encryption in transit and at rest, least-privilege access, SSO and regular penetration testing.

⚖️

AI governance

EU AI Act alignment, human-in-the-loop controls, bias monitoring and full traceability of decisions.

📄

Data processing

Signed Data Processing Agreements (DPAs), subprocessor transparency and Standard Contractual Clauses for cross-border transfers.

🧭

Compliance framework

Policies, controls and vendor due diligence mapped to ISO 27001 and SOC 2 principles.

🚨

Security operations

24/7 monitoring, incident response with defined SLAs and a documented data-breach notification process.

Details

How we protect your business

Where is our data processed? +
Primary processing takes place in the EU and countries with an adequate level of protection. When LATAM teams need access, transfers are governed by Standard Contractual Clauses and least-privilege controls, with data minimization applied throughout.
How do you govern AI agents? +
Every agent operates within defined guardrails, logs decisions for traceability and escalates to humans on low confidence. We monitor for bias and quality and align with the EU AI Act risk categories.
Which certifications do you align with? +
Our control set aligns with ISO 27001 and SOC 2 principles, with GDPR as the baseline. We provide DPAs, subprocessor lists and security documentation on request.
How are incidents handled? +
A documented incident-response plan with defined severity levels and SLAs. In the event of a personal-data breach, we notify affected controllers without undue delay, in line with Article 33 of the GDPR.

Need our compliance pack?

Request DPAs, security documentation and our subprocessor list for your procurement review.

Request documentsRead the GDPR notice