Infrastructure & Data Hosting
Strict Tenant Isolation & Dedicated Environments
Security starts with architecture. Unlike classic multi-tenant SaaS solutions, we enforce strict isolation of your data:
Dedicated Instances
Each customer receives their own isolated virtual environment for backend services and databases. There is no mixing of customer data in shared database schemas.
"Made in Germany" Hosting
Our primary infrastructure and data storage operates exclusively on servers in German data centers (Frankfurt & Hamburg) under our direct control.
Complete Data Control
Your data remains in your dedicated environment. There is no unwanted metadata leakage to third parties.
Managed Private Cloud: Managed Private Cloud: Upon request, we provide dedicated hardware resources in certified German data centers โ for maximum isolation and performance.
AI & LLM Security
European AI Sovereignty
We employ an AI strategy that combines performance with European data protection. Our model and inferencing partner selection follows the highest standards:
Trusted Partners
For LLM inferencing, we work exclusively with specialized partners from Finland and Germany. This ensures that prompt processing never leaves European jurisdiction.
Use-Case-Based Security Levels
Depending on data sensitivity and use case, stricter models (e.g., open-weights models hosted in German data centers) can be enforced.
Zero-Retention Policy
We contractually agree with our inferencing partners that your input data (prompts) and outputs (completions) are not used to train their AI models. Your knowledge remains your knowledge.
Finland
LUMI Supercomputer Environment
High-performance GPU clusters for demanding inferencing workloads
Germany
Frankfurt & Hamburg
Specialized German AI providers for maximum data sovereignty
Compliance & Regulation
Ready for Regulated Industries
Our software was developed with the strictest regulatory requirements in mind:
GDPR / GDPR Compliance
Full compliance with the European General Data Protection Regulation. We support you with DPA (Data Processing Agreements) under German law.
EU AI Act Ready
We closely monitor EU AI Act developments and proactively classify our systems to meet transparency and risk management obligations.
Industry-Specific Standards
Banks & Finance
Compliance with BaFin requirements (e.g., BAIT, MaRisk) through regular audits, strict access controls, and complete audit trails.
Pharma & Healthcare
Consideration of GxP guidelines, HIPAA-compliant architecture, and integrity protection for sensitive research data.
Public Sector
Compliance with BSI IT baseline protection standards, EVB-IT-compliant contracts, and support for VS-NfD classification.
Critical Infrastructure
KRITIS-compliant architecture under IT Security Act 2.0, regular penetration tests, and incident response processes.
Technical Security Measures
Enterprise-Level Protection
Encryption
All communication is encrypted via TLS 1.3
Sensitive data and vector databases are encrypted at disk level with AES-256
Access Control (IAM)
- Granular role and permission management (RBAC)
- Single Sign-On (SSO) via SAML/OIDC
- Integration with Microsoft Azure AD, Google Workspace, Okta
- Multi-Factor Authentication (MFA)
Audit Logs & Monitoring
Comprehensive logging of all system accesses for compliance audits and forensic analysis:
- Immutable audit trails for all user actions
- Real-time Security Monitoring & Alerting
- Export functions for internal compliance reviews
Security Contact
Do you have specific questions about our security concept or need support with vendor risk assessment? Our security team is available to help.
For urgent security incidents, reach us at: security@syntriq.de