Security
Built in the EU, for the EU.
CloudCompanion runs your digital workers in a private, isolated environment hosted in German data centers — GDPR-compliant by design, with the data residency, isolation, and access controls that EU mid-market buyers require.
01 — Data residency
Your data stays in the EU.
All infrastructure runs in German data centers, on AWS eu-central-1. Your data lives inside a private environment provisioned just for your organization, under EU jurisdiction end to end — it does not leave the EU.
This is the same posture the platform is built on everywhere: EU-hosted, GDPR-compliant infrastructure, suitable for companies that handle sensitive customer, employee, or financial data.
Where your data lives
- German EU data centers
- AWS eu-central-1
- EU jurisdiction, end to end
02 — Per-customer isolation
A private environment per customer.
Every customer gets a private, isolated environment. Customer data is never co-mingled with another organization's data. A swarm you can't see is a liability — CloudCompanion is built so you can trust what your workers do, and prove it.
Isolated by design
Every customer runs in their own secure, isolated environment. Your data, your workers, your models — never co-mingled with another organization's.
EU-hosted, GDPR by design
German data centers, EU jurisdiction, GDPR-compliant from the first byte. Compliance is the default, not an add-on.
Real software, not glue
Workers run on a real relational database with access controls, forms, and dashboards. On higher tiers, the code is exportable — it's yours.
Full observability
Every action a worker takes is logged and auditable. Role-based access decides who sees what — humans and workers alike.
03 — Encryption & access control
Protected in transit, at rest, and by role.
Encryption in transit
Traffic to and from your environment is protected with TLS, so data is encrypted while it moves between you and CloudCompanion.
Encryption at rest
Data stored in your private environment is encrypted at rest in EU data centers.
Role-based access control
Access control is generated automatically for every solution — you decide who sees what, and the platform enforces it for humans and workers alike.
04 — GDPR
Designed for your obligations.
GDPR is the default, not an add-on. Here is how the platform is built to support the data-protection obligations EU teams carry.
Data residency
Your data lives in German EU data centers and stays under EU jurisdiction end to end — never processed outside the EU.
Data minimization
Each worker runs on a real relational database scoped to one job. You decide what data it holds; role-based access decides who can see it.
Access & erasure requests
Data is persistent, queryable, and exportable, so access and erasure requests can be honored on the records held in your environment.
Accountability
Every action a worker takes is logged and auditable — the evidence you need to show what happened, and when.
For the full detail on data we collect, lawful bases, and how to exercise your rights, see our privacy policy or contact us.
05 — Subprocessors
Who processes your data.
The infrastructure providers CloudCompanion relies on to run your isolated EU environment.
| Subprocessor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting & compute | eu-central-1 (Frankfurt, Germany) |
| Neon | Managed PostgreSQL database | EU region |
Current as of July 2026 · Placeholder register — under legal review
06 — Roadmap
Certifications, honestly.
We don't claim formal certifications we haven't earned. CloudCompanion is EU-hosted and GDPR-compliant by design today; independent certifications are on our roadmap, and we'll list them here once they're in place — not before.
No SOC 2 · ISO 27001 · HIPAA badges — because we won't claim what we haven't earned
Questions about security or data residency?
EU-hosted · GDPR by design · Private environment per customer