Trust & Security Center

Last updated: June 2026

AIComply is built for compliance teams who require the highest standards of data protection, security, and regulatory transparency. Here is everything you need for your procurement review.

Security Posture

Encryption at rest

AES-256Active

Encryption in transit

TLS 1.3Active

Password hashing

bcrypt (12 rounds)

API key storage

SHA-256 hashed

Authentication

JWT + OAuth 2.0Active

Access control

4-tier RBAC

API rate limiting

5 req/min (auth)

Security headers

CSP, HSTS, X-FrameActive

EU Data Residency

Application hosting

Hetzner CPX32 (Germany)EU

Database

PostgreSQL on Hetzner (Germany)EU

File storage

Hetzner S3 Object StorageEU

AI processing

Mistral AI (France)EU

AI training use

Contractually excluded

Cross-border transfers

EU SCCs in place

Payment processing

Stripe (PCI DSS L1)

Supervisory authority

Irish DPC

Regulatory Compliance

Compliant

GDPR

Reg. (EU) 2016/679

DPA published, data-subject rights implemented, breach procedures documented, privacy contact appointed.

Preparing

Cyber Resilience Act

Reg. (EU) 2024/2847

SBOM published and a vulnerability-disclosure policy is in place; preparing for CRA obligations as they phase in.

Software Bill of Materials

CRA-compliant dependency transparency

Vulnerability Disclosure

Responsible disclosure policy & process

Data Processing Agreement

GDPR-compliant DPA with sub-processors

Platform usage terms & liability framework

Enterprise Security Inquiries

For security questionnaires or custom DPA negotiations, contact security@veritome.eu