Enterprise AI with maximum security
ISO 27001-certified, operated by a German company and hosted in Germany & the EU. Your data never leaves the protected legal jurisdiction – and never trains foreign models.
Highest standards for encryption, control and certification
Platform and database – in Germany, on Hetzner
No overseas cloud: meinGPT runs its platform and database on dedicated Hetzner infrastructure in German data centers (Falkenstein, Nuremberg) – ISO 27001-certified and C5-attested. meinGPT's own C5 is in progress.
Your data belongs to you. Period.
The key difference from public AI models? We don't learn from you. meinGPT acts as a secure proxy layer between your company and the LLM providers. We guarantee – contractually and technically – that your inputs (prompts) and uploaded documents are never used to train the AI models. What happens in your company stays in your company.
The security measures we implement in detail
Platform & infrastructure
Learn moreWe run our platform on dedicated servers in highly available Kubernetes clusters with strictly separated environments for the core platform, AI applications and sandboxes. (Managed Kubernetes, encrypted control plane, separated clusters)
All AI-generated content is processed in specially secured AI sandboxes that are isolated from one another by virtual machines on top of containerization. (Container and VM isolation, no direct access to platform data)
All container images are automatically scanned for vulnerabilities before deployment and rescanned regularly to minimize software supply-chain risk. (Image scanning, runtime checks, vetted images)
Data, access & tenant protection
Learn moreCustomer data is stored encrypted and additionally secured per tenant, so an incident always stays contained to a single tenant. (Combination of platform key and tenant key – documents, chats, knowledge bases)
Access to systems and data is role-based and secured by multi-factor authentication; production infrastructure is reserved for a very small, defined group of people. (RBAC, MFA, restricted support roles)
Requests to AI models are technically anonymized so providers cannot draw conclusions about individual tenants, with full transparency over the providers used. (EU-based providers, configurable model selection)
Operations, monitoring & evidence
Learn moreSecurity-relevant activity is centrally logged and continuously monitored to detect anomalies early and respond in a targeted way. (Audit logs, AI-based anomaly detection)
The platform is regularly examined for weaknesses through external grey-box penetration tests and internal security reviews. (Semi-annual pentests, continuous scans)
Our security organization aligns with established standards and is transparently documented for customers. (ISO 27001-based ISMS, EU data centers)
Need even more security?
By default, meinGPT is already secured at enterprise level. If you need even more sovereignty, you can unlock three further tiers – from the Privacy Proxy and DataVault to your own models hosted in Germany.
Sensitive data never reaches the model in the first place
The meinGPT Privacy Proxy detects and anonymizes personal and sensitive data before a request leaves the platform. The model provider only ever sees pseudonymized content – the mapping back to clear text stays exclusively in your environment.
Make your company knowledge usable – without giving it away
DataVault makes internal documents and knowledge sources usable for AI without handing them over. The connection is outbound-only and, on request, fully on-premises – your knowledge never leaves your infrastructure.
You decide how sovereign it needs to be
From EU-hosted models to fully self-hosted LLMs on German hardware – meinGPT scales with your data-sovereignty requirements.
Full transparency over the models in use
You can always see which models are processed where – and choose yourself which ones you allow. All providers operate with zero data retention.
Note: some leading global models are processed outside the EU (under DPF/SCC) – this is labeled per model and can be disabled for your tenant.
Trust is good, control is better
Our Trust Center gives you insight into our security architecture: every implemented security control, certificates and subprocessors – synced straight from our compliance system.
In our documentation, IT security officers find all the details on encryption (AES-256), deletion periods and architecture diagrams.
The documents your buying process needs
Penetration-test report and our internal security policies for vendor audits, GDPR reviews and security questionnaires – unlocked instantly with your business email. You'll find the ISO 27001 certificate further up on this page.
Confidential documents. We'll also email you the download link – so you can forward it to your teams.
- For IT security & vendor auditsPenetration-test report (SySS, 2025)Email required
- For data protection & complianceISMS policy (POL-02)Email required
- For security questionnaires & procurementIncident-management policy (POL-17)Email required
We're far from done
We continually pursue higher security standards to meet the requirements of ever-larger enterprises.
Frequently asked security questions
Go deeper
Start with AI in your company
Together we find the right use cases, connect your systems, and bring AI into daily work—aligned with your business.