European Compliance

Governance designed around EU GDPR, the Swiss FADP, German legal-notice requirements, and the EU AI Act's risk-based obligations.

GDPR (EU)

Lawful basis documented per Art. 6 GDPR for every processing activity
Cookie consent banner with granular accept/reject (see footer + banner)
Right to access, export, correction and deletion (Art. 15-21)
Data minimization: raw IPs are never stored, only salted hashes
Data Processing Agreements (DPAs) required for every sub-processor
Records of Processing Activities (ROPA) maintained per Art. 30

Switzerland & Germany

Impressum page per German TMG/MStV and Swiss UWG (see /impressum)
Privacy Policy aligned to the Swiss Federal Act on Data Protection (FADP/revDSG)
Optional EU/Swiss data residency for enterprise customers
Points of contact for the FDPIC (Switzerland) and national DPAs (EU)

AI Governance (EU AI Act)

EU AI Act: risk classification for each AI use case before deployment
Human review workflow required for high-risk/legal/medical/financial outputs
AI-generated content clearly disclosed to end users
Vendor risk register for every underlying AI model provider