Where is my data stored?

All data is stored in certified data centers in the EU. Gardeo is a Swiss company using European cloud infrastructure (Vercel EU and AWS European Sovereign Cloud) that guarantees full GDPR compliance.

Who has access to my data?

Only you and authorized members of your organization. Gardeo employees cannot access your data. All access is logged and auditable.

How does pseudonymization work technically?

Our PII engine uses named entity recognition (NER) to detect personal data in real-time. Detected data types are replaced with consistent tokens before the prompt is sent to the AI model. The AI response is then re-substituted with the original data. All within the EU.

Is my data used to train AI models?

No. Your data is never used to train any AI model. We have explicit agreements with all AI providers (OpenAI, Anthropic, Google, Mistral) that prohibit training on your data.

How can I delete my data?

You can delete individual conversations at any time. Organization admins can configure data retention policies. When you delete your account, all data is permanently and irreversibly removed immediately.

Security & Privacy

Built for European data protection requirements

How your data flows

Personal data is pseudonymized in the EU before reaching any AI model.

Your Input

You type a message containing personal data like names, email addresses, or phone numbers.

Re-substitution

EU-Only Processing

Gardeo PII Engine

Personal data is detected by over 50 recognizers and a self-hosted AI layer, then pseudonymized on EU servers. Before it leaves your environment.

Original data

AI Model

The language model receives only anonymized text. It never sees real personal data.

Your Input

You type a message containing personal data like names, email addresses, or phone numbers.

EU-Only Processing

Gardeo PII Engine

Personal data is detected by over 50 recognizers and a self-hosted AI layer, then pseudonymized on EU servers. Before it leaves your environment.

AI Model

The language model receives only anonymized text. It never sees real personal data.

How we protect your data

EU Data Centers

All data is stored and processed in certified European data centers. No data ever leaves the EU.

Automatic PII Pseudonymization

Over 50 data types in four languages. 500+ medications, 500+ medical conditions, financial data, and social security numbers from Switzerland, Germany, Austria, France, and Italy. Automatically detected and replaced.

Self-Hosted AI Detection

A locally hosted AI model provides a second detection layer. Catching PII that rule-based systems miss. No data ever leaves the EU.

AES-256 Encryption at Rest

All databases, files and backups are encrypted with AES-256. The same standard used by banks and governments.

TLS 1.3 in Transit

All connections between your browser, our servers and AI providers are encrypted with TLS 1.3.

No Tracking Cookies

We don't use analytics or advertising cookies. No third-party trackers. No user behavior profiling.

Audit Logs

Every action is logged. Admins can review who accessed what, when. For compliance and accountability.

Two-Factor Authentication

TOTP-based 2FA with backup codes. Protect user accounts with an additional security layer beyond passwords.

No Use for AI Training

Your data is never used to train AI models. We have Zero Data Retention agreements with our LLM providers. No storage, no training.

Compliance & Certifications

nDSG Compliant

Fully compliant with the Swiss Federal Act on Data Protection (nDSG), effective since September 2023.

GDPR Compliant

Meets all requirements of the EU General Data Protection Regulation for cross-border data protection.

EU Hosting

All infrastructure is located in the EU. Data never leaves the EU.

DPA Available

Our Data Processing Agreement is available at gardeo.ai/dpa.

SOC 2 Type II

Certification in progress. Our security controls meet SOC 2 requirements for availability and confidentiality.

In Progress

ISO 27001

Certification planned. Our information security management system follows ISO 27001 best practices.

In Progress

Sub-processors

Infrastructure

Provider	Service	Region
Vercel	Webapp & Serverless Functions	EU (Frankfurt)
AWS ESC	Database, Storage, PII Engine (European Sovereign Cloud)	EU (Brandenburg)
Upstash	Redis cache, rate limiting, job queue	EU (Frankfurt)
Brevo	Newsletter, Transactional Email, CRM	EU (Paris / Berlin)
Sentry	Error Monitoring	EU
Stripe	Payment processing, subscriptions	US (SCCs)
Mixpanel	Product analytics (pseudonymized, server-side)	EU

AI Model Providers

Provider	Region
Anthropic (Claude)	US
OpenAI (GPT)	US
Google (Gemini)	US
Mistral	EU
xAI (Grok)	US
Perplexity (Sonar)	US
DeepSeek	CN

LLM providers only receive pseudonymized data. From the Business plan, you can choose which models are enabled for your organization.

On-Premise Available

For maximum data sovereignty, we offer a full on-premise installation. Deploy via Kubernetes (Helm) or Docker Compose. Even air-gapped without internet. With self-hosted open-weight models (e.g. Mistral, Llama), a 100% local setup is possible.

Security FAQ

Want to learn more about our security?

Book a demo or download our Data Processing Agreement.

Book a Demo Download DPA