Security & data sovereignty · As of June 2026

Your data
stays your data.

AI employees work with your data. That's why we treat data sovereignty not as fine print but as part of the promise: processing in Germany, encrypted in transit and at rest, and no use of your data for model training.

GDPRHosted in GermanyEncryptedNo lock-inNo model training
Book a first call The most common audit questions
Certified infrastructure Proven, not claimed

Audited by third parties,
not by ourselves.

01 ISO/IEC 27001:2022 Certified ISMS (Hetzner, since 2016)
02 BSI C5 Typ 2 Cloud compliance attestation by the German BSI
03 § 8a BSIG Requirements for critical infrastructure
04 EMAS / ISO 14001 Environmental management of the data centres

!These certificates apply to the hosting infrastructure in Germany (Hetzner) on which our systems run, not as a company certification of scoreprise.AI itself. The data centres are located in Germany and comply with the GDPR.

The decisive point

Your data trains no models.

What your AI employees process serves your task only. No passing on to model providers for training purposes, no learning from your content. Full stop.

01

Storage

Exclusively in data centres in Germany (Hetzner).

02

Encryption

TLS 1.2+ in transit, AES-256 at rest.

03

Access

Role-based, on a need-to-know basis.

04

Deletion

Fixed deletion schedule per project phase, earlier on request.

Operations, concretely

4 / 8 hrsResponse: critical in 4 hrs, normal in 8 business hours
48 hrsMaintenance windows announced at least 48 hrs in advance
Data-minimalOnly what the task needs, with a fixed deletion schedule
TrainedRegular data-protection training for all staff
Six commitments What you can rely on
01

Hosted in Germany

Processing exclusively in German data centres (Hetzner). Your data never leaves the EU.

02

GDPR-compliant

Processing under GDPR, with a data processing agreement. Encrypted in transit (TLS 1.2+) and at rest (AES-256).

03

Reliable operation

Service levels with clear response times: 4 hours for critical issues, 8 hours in normal operation.

04

Confidentiality

NDA as standard. What stays with you stays with you, also in our collaboration.

05

No lock-in

Your AI employees' configurations belong to you. Full export to JSON, CSV and Markdown, at any time.

06

You stay in control

You see what your AI employees work with and what they deliver, before anything goes out.

Data sovereignty as a promise
“What you build with us belongs to you. No lock-in: your configuration and data are yours to export and take with you anytime.”
scoreprise.AI · Hamburg
Export: JSONExport: CSVExport: MarkdownAt any time
For IT & data protection The most common audit questions

What every audit asks.

Exclusively in data centres in Germany (Hetzner). There is no transfer to third countries.

Yes. We provide a DPA during the contract process or on request. It bindingly governs purposes, duties and the handling of your data.

Access is role-based on a need-to-know basis, encrypted in transit (TLS 1.2+) and at rest (AES-256). Only the people working on your task see the relevant data.

No. Your data is not used to train models and is not passed on to model providers for that purpose.

According to a fixed deletion schedule per project phase and the agreed retention, earlier on request. Data minimisation is a core principle.

With a defined incident response process: containment, analysis, informing affected clients and statutory notifications within the deadlines.

They belong to you. Full export to JSON, CSV and Markdown, then deletion. No lock-in.

Data protection contact datenschutz@scoreprise.ai