trust center
Your data, in good hands.
Security, GDPR, European hosting, AI governance, human supervision. What you can verify and what we commit to.
Hosting
European Union
Encryption
TLS 1.3 + at rest
Compliance
GDPR · EU AI Act
Supervision
Continuous human
the pillars
Six commitments you can verify.
European hosting
Stack hosted in the EU, backups included.
- Vercel (EU)
- Supabase (EU)
- EU-only backups
GDPR compliance
Processing register, user rights, retention.
- Processing register
- User rights honored
- Clear retention policy
Encryption & security
Encryption in transit & at rest, key rotation, MFA.
- TLS 1.3
- AES-256 at rest
- Postgres RLS
- MFA required
- Audit logs
Agent governance
Scoped permissions, budgets, logging, human review.
- Agent role sheets
- Granular permissions
- Action logs
- Regular review
Human supervision
Validations on critical actions, alerts, rollback.
- Approval workflows
- Supervision dashboard
- Real-time alerts
- Pause / rollback
Security policy
Access management, incident response, BCP.
- Access management
- Incident response
- Tested BCP
- Secure SDLC
compliance roadmap
Where we are, what's next.
EU AI Act
Compliant
Risk analysis, agent transparency, documented human supervision.
GDPR
Compliant
Register, rights, accessible DPO, signed sub-processor contracts.
ISO 27001
In progress
ISMS being implemented. Certification target: 2026.
SOC 2 Type II
Planned
Audit planned after ISO 27001. Enterprise readiness program.
Penetration tests
Planned
Annual pentest by independent third party from 2026.
Security questions
What we get asked the most
In the European Union. Architecture designed to keep storage and backups within a coherent European framework.
No. Each agent has permissions defined upfront. Access limited to data needed for the mission. Actions logged.
Critical actions are supervised by a human. Validations, alerts, logs, pause/rollback mechanisms to limit impact.
Yes. GDPR-compliant DPA provided on request, part of contractual framework when the project requires it.
Email sales@orchestraintelligence.fr. Reports handled with priority.
Need an answer on security?
DPO email, DPA, audit, pentest — we reply within 48h.