Security & sovereignty

Enterprise AI with maximum security

ISO 27001-certified, operated by a German company and hosted in Germany & the EU. Your data never leaves the protected legal jurisdiction – and never trains foreign models.

ISO Certified
GDPR Compliant
EU Hosting
Trusted by the industry leaders
LAUDA
ifm
kurtz ersa
Buhlmann
BWF Group
ANSMANN
ROTECH
Vogelsang
SIKORA
Desch
mait
VISPIRON
TÜV NORD
CP/Compartner
ibo
ZDF Studios
Bavaria Film
GESCO
Unsere Grüne Glasfaser
appliedAI
Heitkamp & Thumann
WEICON
Brand Group
VOLKSWOHL BUND
Sana Kliniken
Knipping
medmix
Caritas
doctari
Boards & More
enventa
NanoTemper
RSBG
Naumann & Göbel
LUMITOS
BRP Renaud
Deutscher Alpenverein
mobilezone
LUDO FACT
Othermo
SQlab
SOMIC
KRIWAN
Winterhalter
Dörrenberg
Boysen
insglück
Olympiapark München
Dettmer Group
HolzLand
Sauels
Gerolsteiner
SIVAG
Landkreis Mainz-Bingen
doktor.de
Kellerschneider
Peakside
DeZIM-Institut
profil M
baiosphere
LAUDA
ifm
kurtz ersa
Buhlmann
BWF Group
ANSMANN
ROTECH
Vogelsang
SIKORA
Desch
mait
VISPIRON
TÜV NORD
CP/Compartner
ibo
ZDF Studios
Bavaria Film
GESCO
Unsere Grüne Glasfaser
appliedAI
Heitkamp & Thumann
WEICON
Brand Group
VOLKSWOHL BUND
Sana Kliniken
Knipping
medmix
Caritas
doctari
Boards & More
enventa
NanoTemper
RSBG
Naumann & Göbel
LUMITOS
BRP Renaud
Deutscher Alpenverein
mobilezone
LUDO FACT
Othermo
SQlab
SOMIC
KRIWAN
Winterhalter
Dörrenberg
Boysen
insglück
Olympiapark München
Dettmer Group
HolzLand
Sauels
Gerolsteiner
SIVAG
Landkreis Mainz-Bingen
doktor.de
Kellerschneider
Peakside
DeZIM-Institut
profil M
baiosphere
LAUDA
ifm
kurtz ersa
Buhlmann
BWF Group
ANSMANN
ROTECH
Vogelsang
SIKORA
Desch
mait
VISPIRON
TÜV NORD
CP/Compartner
ibo
ZDF Studios
Bavaria Film
GESCO
Unsere Grüne Glasfaser
appliedAI
Heitkamp & Thumann
WEICON
Brand Group
VOLKSWOHL BUND
Sana Kliniken
Knipping
medmix
Caritas
doctari
Boards & More
enventa
NanoTemper
RSBG
Naumann & Göbel
LUMITOS
BRP Renaud
Deutscher Alpenverein
mobilezone
LUDO FACT
Othermo
SQlab
SOMIC
KRIWAN
Winterhalter
Dörrenberg
Boysen
insglück
Olympiapark München
Dettmer Group
HolzLand
Sauels
Gerolsteiner
SIVAG
Landkreis Mainz-Bingen
doktor.de
Kellerschneider
Peakside
DeZIM-Institut
profil M
baiosphere
LAUDA
ifm
kurtz ersa
Buhlmann
BWF Group
ANSMANN
ROTECH
Vogelsang
SIKORA
Desch
mait
VISPIRON
TÜV NORD
CP/Compartner
ibo
ZDF Studios
Bavaria Film
GESCO
Unsere Grüne Glasfaser
appliedAI
Heitkamp & Thumann
WEICON
Brand Group
VOLKSWOHL BUND
Sana Kliniken
Knipping
medmix
Caritas
doctari
Boards & More
enventa
NanoTemper
RSBG
Naumann & Göbel
LUMITOS
BRP Renaud
Deutscher Alpenverein
mobilezone
LUDO FACT
Othermo
SQlab
SOMIC
KRIWAN
Winterhalter
Dörrenberg
Boysen
insglück
Olympiapark München
Dettmer Group
HolzLand
Sauels
Gerolsteiner
SIVAG
Landkreis Mainz-Bingen
doktor.de
Kellerschneider
Peakside
DeZIM-Institut
profil M
baiosphere
Highest standards

Highest standards for encryption, control and certification

ISO 27001:2022
Certified information security management system, audited annually.
SSO, RBAC & Entra ID
Single sign-on, role-based access and MFA – integrated with your identity provider.
No training, no retention
Zero data retention with all model providers – your prompts and documents are neither stored nor used for training.
AES-256 & TLS 1.3
Encrypted at rest (AES-256) and in transit (TLS 1.3).
GDPR-compliant
Processing under Art. 28 GDPR, data processing agreement included.
Hosted in Germany & the EU
Platform and database on Hetzner in German data centers – ISO 27001 & C5 attested.
EU hosting

AI that keeps your data
under your control

Your data should remain yours. That's why meinGPT is built around European infrastructure, enterprise-grade security, and transparent AI providers. With GDPR-compliant hosting, Zero Data Retention, and customer-controlled deployments, you can adopt AI without compromising privacy, compliance, or ownership.

Data ownership

Your data belongs to you. Period.

The key difference from public AI models? We don't learn from you. meinGPT acts as a secure proxy layer between your company and the LLM providers. We guarantee – contractually and technically – that your inputs (prompts) and uploaded documents are never used to train the AI models. What happens in your company stays in your company.

Enterprise-grade Controls For Every User and Every Action

Manage access, enforce security policies, and maintain complete visibility across your organization from a centralized control layer. With enterprise-grade authentication, role-based permissions, audit logging, and governance tools, IT teams can confidently deploy AI while maintaining compliance, accountability, and operational control.

Data flow & architecture

See exactly how data moves through the platform

Transparency is a core part of security. This overview shows how information flows between users, meinGPT, connected data sources, and AI model providers. Understand where data is stored, where it is processed, and how security controls are applied at every step from the initial request to the final response.

Client query
01
Your team starts the conversation
Users submit prompts and documents through a secure, authenticated workspace.
meinGPT server
02
Governance and security layer
Requests pass through organizational policies, permissions, and security controls.
AI models
03
Secure model processing
meinGPT routes requests to approved AI models without using your data for training.
AI response
04
Controlled response delivery
Responses return through meinGPT with auditing, logging, and governance completely intact.

How we implement enterprise security

Every layer of the platform is designed with security, isolation, and compliance in mind. Explore the technical controls behind our infrastructure, data protection, access management, and operational security that help organizations deploy AI with confidence.

Platform & infrastructure
Dedicated infrastructure
We run our platform on dedicated servers in highly available Kubernetes clusters with strictly separated environments for the core platform, AI applications and sandboxes. (Managed Kubernetes, encrypted control plane, separated clusters)
Isolated AI execution
All AI-generated content is processed in specially secured AI sandboxes that are isolated from one another by virtual machines on top of containerization. (Container and VM isolation, no direct access to platform data)
Secure supply chain
All container images are automatically scanned for vulnerabilities before deployment and rescanned regularly to minimize software supply-chain risk. (Image scanning, runtime checks, vetted images)
Data, access & tenant protection
Tenant encryption
Customer data is stored encrypted and additionally secured per tenant, so an incident always stays contained to a single tenant. (Combination of platform key and tenant key – documents, chats, knowledge bases)
Strict access control
Access to systems and data is role-based and secured by multi-factor authentication; production infrastructure is reserved for a very small, defined group of people. (RBAC, MFA, restricted support roles)
Controlled AI data flows
Requests to AI models are technically anonymized so providers cannot draw conclusions about individual tenants, with full transparency over the providers used. (EU-based providers, configurable model selection)
Operations, monitoring & evidence
Monitoring & anomaly detection
Security-relevant activity is centrally logged and continuously monitored to detect anomalies early and respond in a targeted way. (Audit logs, AI-based anomaly detection)
Testing & assurance
The platform is regularly examined for weaknesses through external grey-box penetration tests and internal security reviews. (Semi-annual pentests, continuous scans)
Compliance & transparency
Our security organization aligns with established standards and is transparently documented for customers. (ISO 27001-based ISMS, EU data centers)
Advanced Security

For Organizations with Stricter Sovereignty Requirements

meinGPT already provides enterprise-grade security by default. For organizations with stricter sovereignty requirements, additional security layers are available—from Privacy Proxy and DataVault to fully self-hosted models running in Germany.

Privacy Proxy
Sensitive Data Never Reaches the Model
The meinGPT Privacy Proxy detects and anonymizes personal and sensitive information before any request leaves your environment. AI providers only receive pseudonymized content, while the mapping to original data remains securely within your infrastructure.
Use Your Enterprise Knowledge Without Exposing It
DataVault securely connects your internal documents and knowledge sources to AI while keeping them under your control. Connections are outbound-only, and on-premises deployment is available, ensuring your data never leaves your infrastructure.
Data Vault
Sovereignty levels

Choose your level of data sovereignty

Not every organization has the same compliance requirements. From fully EU-hosted models to self-hosted infrastructure in Germany, meinGPT lets you choose how and where your data is processed. Every model provider, processing location, and retention policy remains fully transparent.

L1
EU models
Models hosted exclusively in the EU (e.g. Mistral EU).
L2
EU hyperscalers
Azure EU & Google Vertex EU – processed within the EU.
L3
Global top models
Leading US models under EU standard contractual clauses / Data Privacy Framework.
L4
Maximum sovereignty
PII filtering + Privacy Proxy and your own LLMs on Hetzner GPUs in Germany.
Model transparency
Zero retention on every level
Provider
Processing
Data retention
Mistral
EU
Azure OpenAI
EU
Google Vertex (Gemini)
EU / global
Anthropic Claude
EU / US (DPF)
Perplexity
US (DPF)
Note Some leading global models may process data outside the EU under approved frameworks such as DPF or SCCs. Processing location is clearly indicated for each model and can be restricted or disabled at the workspace level.

Certifications & compliance standards

Independent standards and attestations that validate our security, privacy, and operational practices.

ISO 27001
International standard for information security management, covering risk management, governance, and operational security measures.
GDPR / DSGVO
European data protection compliance with privacy-first data handling, processing agreements, granular user controls, and enterprise-grade privacy safeguards.
SOC 2 Icon
SOC 2
Coming soon
Independent assessment of security, availability, and confidentiality controls across the platform, helping ensure systems and processes consistently meet enterprise requirements.
Trust Center

Trust is good, control is better

Access the documentation, certifications, and technical details your security, compliance, and procurement teams need. From architecture diagrams and encryption standards to compliance artifacts and policies, everything is available in one place.

The Trust Center
Our Trust Center gives you insight into our security architecture: every implemented security control, certificates and subprocessors – synced straight from our compliance system.
Open Trust Center
Deep dive for admins
In our documentation, IT security officers find all the details on encryption (AES-256), deletion periods and architecture diagrams.
Read the technical docs
For IT, data protection & procurement

The documents your buying process needs

Penetration-test report and our internal security policies for vendor audits, GDPR reviews and security questionnaires – unlocked instantly with your business email. You'll find the ISO 27001 certificate further up on this page.

Penetration-test report (SySS, 2025)
For IT security & vendor audits
Penetration-test report (SySS, 2025)Email required
ISMS policy (POL-02)
For data protection & compliance
ISMS policy (POL-02)Email required
Incident-management policy (POL-17)
For security questionnaires & procurement
Incident-management policy (POL-17)Email required

Confidential documents. We'll also email you the download link – so you can forward it to your teams.

FAQ

Frequently asked security questions

Enter your email, our security team will reach you
Or reach out to us at kontakt@meingpt.com


Yes. meinGPT supports SSO via common identity providers including Microsoft Entra ID, plus role-based access control (RBAC) and multi-factor authentication.

ISO Certified
GDPR Compliant
EU Hosting

Start with AI in your company

Together we find the right use cases, connect your systems, and bring AI into daily work—aligned with your business.