Skip to content
Security, compliance, data governance

Enterprise-grade security. Verifiable.

Data stored in Europe, complete GDPR DPA, no use for AI training guaranteed by contract. An audit record for every critical action.

In summary

In summary

Enterprise-grade security. Documents stored on European cloud infrastructure (Frankfurt, Germany) with encryption in transit and at rest. Data processing fully compliant with the GDPR, governed by a complete Art. 28 DPA, with declared sub-processors and Standard Contractual Clauses where applicable. Customer data is never used to train AI models — guaranteed by contract.

For organizations with particular compliance or confidentiality requirements (regulated sectors, highly sensitive data, dedicated architectures), DeepNeural can be tailored with a dedicated enterprise onboarding path.

Where your data lives

Storage in Europe, AI processing under Standard Contractual Clauses.

Documents uploaded to DeepNeural are stored exclusively on European cloud infrastructure. Encryption is active both in transit (TLS 1.2 or higher) and at rest (AES-256).

When you make a request, the context needed for the answer is transmitted to the AI models for processing and returns to the EU. Any transfers outside the EU are covered by the Standard Contractual Clauses adopted by the European Commission (Decision 2021/914) and, where applicable, by the EU-US Data Privacy Framework.

The complete and contractually binding list of sub-processors is available in the DPA Art. 7. Any changes are subject to 30 days’ notice with a right to object.

How we protect your data

Technical and organizational measures, Art. 32 GDPR.

The measures below are the ones declared in the DPA Art. 9 and applied in production today.

Per-organization isolation

Row Level Security at the PostgreSQL level: each organization accesses only its own data. The backend uses the Supabase service role, never exposed to the client.

Encryption everywhere

TLS 1.2+ for client ↔ server communications. AES-256 on data at rest. User passwords protected with bcrypt + salt.

Strict input validation

Zod schemas on every API endpoint. Checking the real MIME type of uploaded files through magic-byte analysis, not just the extension.

Defenses against abuse

Rate limiting per IP and per user on the APIs and AI conversations. Atomic budget reservation to avoid uncontrolled overage. Automatic suspension on missed payment.

Sensitive data scrubbing

Credentials and user content do not end up in the application logs. Sensitive data such as tokens, emails, and payloads are masked server-side before any write.

Principle of least privilege

Our staff does not access customer content except on an explicit support request. Every access is tracked.

AI without compromises

Your data does not train the AI models. Guaranteed.

DeepNeural uses frontier AI models from the leading global providers (Anthropic, Google, OpenAI). For all providers, the contractual policy for API access excludes the use of customer data to train the models. You can find it cited in the DPA and in the respective Terms of Service of the providers.

Provider exclusion on request. At the Organization’s request, we can exclude specific AI providers from processing your data. Contact us through the dedicated form to configure your preferences.

The flow is simple. Uploaded documents: stored in the EU. User question: the necessary context is sent to the AI models with encryption in transit, with SCCs coverage for any transfers outside the EU. Answer: it returns to the EU, saved in the customer’s storage. No persistent copies on the AI provider’s side.

Upgrade to next-generation models: managed by us with no intervention from the customer.

Traceability

Who did what, when, with which AI answer.

Every critical operation on the organization (deleting a profile or organization, ownership transfer, role changes) is recorded in a dedicated audit log with timestamp, actor, and context. AI operations (chat, web searches, document generation, department suggestions) are tracked with user, conversation, model used, and cost.

All documents exported from DeepNeural — DOCX, PDF, XLSX — include, in plain text and in all supported languages, an AI-assisted nature disclaimer. It is hardcoded into the code and cannot be removed from the interface. It is designed for contexts where traceability of the nature of the content is a professional safeguard (law firms, Public Administration).

Dedicated configurations

For those with requirements the standard product does not cover.

For organizations with particular compliance or confidentiality requirements (regulated sectors, highly sensitive data, dedicated architectures), DeepNeural can be tailored with a dedicated enterprise onboarding path.

We reply within one business day, with a written answer signed by our team. Tell us what you need and we’ll tell you whether we can do it.

Enterprise SLA

Service level for the dedicated tiers.

The contractual SLA (99.5% uptime, email support within 24 business hours, RTO 4h, RPO 24h) is included for Public Administration and enterprise organizations. For the paid public tiers (Starter / Growth / Scale), email support responds within 8 business hours; the operational level follows the same technical standards as the dedicated tiers.

Monthly uptime
99.5%
Email support
24h

business hours

RTO
4h

Recovery Time Objective

RPO
24h

Recovery Point Objective

Frequently asked questions

The questions from the DPO, the IT lead, the compliance officer.

  • On European cloud infrastructure, with encryption in transit via TLS 1.2+ and at rest via AES-256. Documents stay in the EU for storage; for AI processing, the necessary context is transmitted to the models under Standard Contractual Clauses.

Still have doubts about security? Talk to us first.

Security reviews take time. Send us an email with your specific requirements, read the DPA at your own pace, then we decide whether to proceed.