01 German Hosting
Core systems in Germany
App and backend infrastructure run on German server locations. Central platform components stay within a German operating environment.
Security & Compliance
Secure AI for confidential financial, audit and corporate data.
Priviq AI is built for teams working with sensitive client, financial and corporate data. Core systems run in Germany, AI inference is configured EU-bound for EU workloads, customer data is not used for model training, and relevant AI steps remain traceable.
- Hosted in Germany
- EU-bound AI inference
- No training on customer data
- Encryption in transit & at rest
- Tenant separation
- Auditable AI steps
Security architecture
The key security controls at a glance.
Priviq AI combines German infrastructure, EU-bound model processing, access controls, encryption and traceable agent actions into a controlled AI environment for professional data.
02 EU-bound AI Inference
Model processing for EU workloads
AI inference is configured for production EU workloads through EU-bound regions and profiles. Sensitive customer data is not unnecessarily processed via global model routes.
03 No Model Training
Customer data does not train models
Priviq AI does not use customer data to train its own or third-party AI models. Inputs, files and results serve only the processing of the respective task.
04 Tenant Separation
Separate data rooms per organisation
Data is separated by organisation, user role and engagement context. Priviq AI is not designed for loose individual chats, but for controlled work with confidential client, audit and corporate data.
05 Encryption
Protected in transit and at rest
Data in transit is processed TLS-protected. Data at rest is encrypted via the database, storage and infrastructure mechanisms in use.
06 Access Controls
Roles, permissions and least privilege
Access is controlled through roles, permissions and administrative restrictions. Users only get access to the data and functions they need for their work context.
07 Auditable AI Steps
Traceable, not a black box
Agent runs, relevant tool calls, model use and results can be logged. This keeps it traceable how a result came about and which steps the AI executed.
08 Controlled Execution
Plan, approval, result
Priviq AI does not work blindly on production data. Agents create a plan, wait for approval and execute tasks under control — with validation before results are accepted.
Compliance
Maximum security and compliance for sensitive corporate data.
Priviq AI is developed for professional use in European businesses — with German infrastructure, EU-bound AI processing, processing under Art. 28 GDPR, documented technical and organisational measures, and clear control over sub-processors.
The platform is built GDPR-compliant. ISO 27001 certification is currently in the ongoing certification process.
01 GDPR & DPA
Processing under Art. 28 GDPR
A data processing agreement including technical and organisational measures is provided for customers. Data-protection roles, processing purposes and engaged sub-processors are properly documented.
02 TOMs
Technical and organisational measures
Security and data-protection measures are described in TOMs: access controls, encryption, tenant separation, backup and operational processes, and organisational responsibilities.
03 ISO 27001
Certification in progress
Priviq AI is currently in the ISO 27001 certification process. The required security processes, documentation and control systems are being implemented accordingly.
04 Vendor Risk
Documents for IT, data protection and procurement
Priviq AI supports customers with internal data-protection, IT-security and vendor-risk reviews with the relevant documents on architecture, data flows, sub-processors and security measures.
Reviewability
Everything your internal review needs.
Priviq AI provides the relevant information so that data protection, IT security, procurement and the business unit can properly evaluate the solution before deployment — structured, documented and with clear contacts.
01 Security Briefing
Understand architecture and data flows
We walk through hosting, model routing, data flows, permissions, sub-processors and audit logs in a structured security briefing.
02 Data-Protection Documents
DPA, TOMs and sub-processors
Customers receive the relevant data-protection documents for their internal review, including DPA, TOMs and information on engaged sub-processors.
03 Vendor-Risk Questionnaire
Answers for your internal processes
We support internal security, data-protection and vendor-risk questionnaires before contract conclusion.