trust center

Your data, in good hands.

Security, GDPR, European hosting, AI governance, human supervision. What you can verify and what we commit to.

Hosting

European Union

Encryption

TLS 1.3 + at rest

Compliance

GDPR · EU AI Act

Supervision

Continuous human

the pillars

Six commitments you can verify.

European hosting

Stack hosted in the EU, backups included.

  • Vercel (EU)
  • Supabase (EU)
  • EU-only backups

GDPR compliance

Processing register, user rights, retention.

  • Processing register
  • User rights honored
  • Clear retention policy

Encryption & security

Encryption in transit & at rest, key rotation, MFA.

  • TLS 1.3
  • AES-256 at rest
  • Postgres RLS
  • MFA required
  • Audit logs

Agent governance

Scoped permissions, budgets, logging, human review.

  • Agent role sheets
  • Granular permissions
  • Action logs
  • Regular review

Human supervision

Validations on critical actions, alerts, rollback.

  • Approval workflows
  • Supervision dashboard
  • Real-time alerts
  • Pause / rollback

Security policy

Access management, incident response, BCP.

  • Access management
  • Incident response
  • Tested BCP
  • Secure SDLC

compliance roadmap

Where we are, what's next.

EU AI Act
Compliant
Risk analysis, agent transparency, documented human supervision.
GDPR
Compliant
Register, rights, accessible DPO, signed sub-processor contracts.
ISO 27001
In progress
ISMS being implemented. Certification target: 2026.
SOC 2 Type II
Planned
Audit planned after ISO 27001. Enterprise readiness program.
Penetration tests
Planned
Annual pentest by independent third party from 2026.

Security questions

What we get asked the most

In the European Union. Architecture designed to keep storage and backups within a coherent European framework.
No. Each agent has permissions defined upfront. Access limited to data needed for the mission. Actions logged.
Critical actions are supervised by a human. Validations, alerts, logs, pause/rollback mechanisms to limit impact.
Yes. GDPR-compliant DPA provided on request, part of contractual framework when the project requires it.
Email sales@orchestraintelligence.fr. Reports handled with priority.

Need an answer on security?

DPO email, DPA, audit, pentest — we reply within 48h.