Security

Built in the EU, for the EU.

CloudCompanion runs your digital workers in a private, isolated environment hosted in German data centers — GDPR-compliant by design, with the data residency, isolation, and access controls that EU mid-market buyers require.

Made & hosted in the EUGDPR by design

01 — Data residency

Your data stays in the EU.

All infrastructure runs in German data centers, on AWS eu-central-1. Your data lives inside a private environment provisioned just for your organization, under EU jurisdiction end to end — it does not leave the EU.

This is the same posture the platform is built on everywhere: EU-hosted, GDPR-compliant infrastructure, suitable for companies that handle sensitive customer, employee, or financial data.

Where your data lives

  • German EU data centers
  • AWS eu-central-1
  • EU jurisdiction, end to end

02 — Per-customer isolation

A private environment per customer.

Every customer gets a private, isolated environment. Customer data is never co-mingled with another organization's data. A swarm you can't see is a liability — CloudCompanion is built so you can trust what your workers do, and prove it.

Isolated by design

Every customer runs in their own secure, isolated environment. Your data, your workers, your models — never co-mingled with another organization's.

EU-hosted, GDPR by design

German data centers, EU jurisdiction, GDPR-compliant from the first byte. Compliance is the default, not an add-on.

Real software, not glue

Workers run on a real relational database with access controls, forms, and dashboards. On higher tiers, the code is exportable — it's yours.

Full observability

Every action a worker takes is logged and auditable. Role-based access decides who sees what — humans and workers alike.

03 — Encryption & access control

Protected in transit, at rest, and by role.

Encryption in transit

Traffic to and from your environment is protected with TLS, so data is encrypted while it moves between you and CloudCompanion.

Encryption at rest

Data stored in your private environment is encrypted at rest in EU data centers.

Role-based access control

Access control is generated automatically for every solution — you decide who sees what, and the platform enforces it for humans and workers alike.

04 — GDPR

Designed for your obligations.

GDPR is the default, not an add-on. Here is how the platform is built to support the data-protection obligations EU teams carry.

Data residency

Your data lives in German EU data centers and stays under EU jurisdiction end to end — never processed outside the EU.

Data minimization

Each worker runs on a real relational database scoped to one job. You decide what data it holds; role-based access decides who can see it.

Access & erasure requests

Data is persistent, queryable, and exportable, so access and erasure requests can be honored on the records held in your environment.

Accountability

Every action a worker takes is logged and auditable — the evidence you need to show what happened, and when.

For the full detail on data we collect, lawful bases, and how to exercise your rights, see our privacy policy or contact us.

05 — Subprocessors

Who processes your data.

The infrastructure providers CloudCompanion relies on to run your isolated EU environment.

SubprocessorPurposeLocation
Amazon Web Services (AWS)Cloud hosting & computeeu-central-1 (Frankfurt, Germany)
NeonManaged PostgreSQL databaseEU region

Current as of July 2026 · Placeholder register — under legal review

06 — Roadmap

Certifications, honestly.

We don't claim formal certifications we haven't earned. CloudCompanion is EU-hosted and GDPR-compliant by design today; independent certifications are on our roadmap, and we'll list them here once they're in place — not before.

No SOC 2 · ISO 27001 · HIPAA badges — because we won't claim what we haven't earned

Questions about security or data residency?

EU-hosted · GDPR by design · Private environment per customer