GDPR Ready

Your customers' data stays in the EU

Last updated: March 4, 2026

Most chat tools ship from US servers and label themselves "GDPR-compliant." We host in Frankfurt, encrypt your data in transit and at rest, and let you sign your DPA from inside the dashboard. No legal email chain.

Infrastructure

Hosted in Frankfurt, Germany. Customer data does not leave the EU. No US fallback or "emergency replication" footnotes.
TLS 1.2+ in transit. AES-256 at rest.
Continuous monitoring across the platform. Operational logs retained for incident review.

Access controls

Role-based permissions on every dashboard and API call, enforced server-side.
Authentication via Supabase Auth, with row-level security on the database itself. Every server route is gated.
Critical actions written to an audit log: who did what, when, from where.

Privacy and GDPR

Sign the DPA in one click from your dashboard. Download the countersigned PDF instantly.
Every sub-processor is listed publicly with their legal terms linked.
Data export and erasure controls, coming as part of the GDPR roadmap.

Compliance documents

Data Processing Agreement Sub-processors Privacy Policy