Why we only host in the EU, and what that means for you
GDPR isn't the problem. US cloud providers are.
The uncomfortable truth
If your AI data is processed in the US, GDPR is technically not the issue — Schrems II clarified that. Practically it is: US authorities have broad access rights incompatible with EU data protection.
What we do
Compute: AWS Frankfurt + Hetzner Vienna. No replication outside the EU.
LLMs: We primarily use Anthropic via AWS Bedrock EU + Mistral (French provider). On request, self-hosted Llama or Qwen.
Embeddings: Voyage AI EU or self-hosted multilingual-e5.
Logging: Self-hosted Loki + Grafana, also EU.
What we don't do
- No direct data flows to OpenAI (US servers), Cohere or other US hosters
- No third-party analytics without your consent
- No training on your data — your data = your data
Why this matters
We build for banks, insurance, healthcare — industries with clear regulations. But for SMBs it's also simply fairer: your data is yours, not a US corporation's.
DPA + processor list
Every customer gets a Data Processing Agreement (DPA) with all sub-processors transparently listed. On request we also create a DPIA (Data Protection Impact Assessment) for your use case.