Skip to content
Datachi
Security model

Trust & Security

How DataChi handles your data, where it runs, and what it doesn't do with it.

GDPR
EU Data Protection
EU Sovereignty
EU-only deployment available
Zero Retention
Prompts and responses dropped at inference
No Training
Customer data never used to train models
Per-Customer DB
Dedicated database per customer
AES-256
AES-256 at rest, TLS 1.3 in transit

Data handling defaults

How DataChi handles data.

Full Data Control

You own your workspace data. We don't repurpose it for anything outside your contract.

Zero Retention

Inference providers are configured to drop prompts and responses immediately after the call returns.

No Training

Customer data is not used to train models, ours or anyone else's.

Privacy by Design

Built to GDPR Article 25 from the start, not retrofitted.

Full Transparency

Every AI response carries the sources it used, so the answer is checkable.

EU Data Residency

EU-only deployment available if your policy requires it.

AES-256

Encryption

TLS 1.3

In Transit

99.9%

Uptime SLA

NEVER

Used for Training

Hosting & Residency

Two deployment paths. Pick the one that fits your residency rules.

Global, with EU residency available

Cloudflare (Default)

  • Hosting: Cloudflare (Workers, D1, R2, KV, CDN)
  • Inference: any provider in the model router
  • DDoS protection built-in
  • EU residency via Data Localization Suite
European Union · EU-domiciled sub-processors only

EU-Only AI

  • Hosting: Scaleway (France)
  • Inference: Mistral (France), Nebius (Finland)
  • No US-domiciled sub-processors
  • Same product surface as the default deployment

Security Measures

What's on by default, before anyone touches the admin panel.

AES-256 Encryption

At rest and in transit

SSO & MFA

Enterprise identity providers

RBAC

Least-privilege defaults

Audit Logs

Tamper-resistant trail

Per-Customer Isolation

Dedicated database per customer. No shared schemas, no cross-tenant queries.

Pen Testing

Regular security testing

AI Model Providers

Every model the DataChi LLM router can reach. The router is ours — your workspace controls which providers it's allowed to call.

Model Name Provider Region Tier Capabilities

Loading the live model list…

Sub-Processors

Every sub-processor we use has a current DPA on file. The list below is what we actually run today.

Infrastructure

Provider Purpose Region
Cloudflare Workers, D1, R2, KV, CDN, DDoS, Workers AI Global · EU residency available
Scaleway EU-sovereign application hosting (EU-Only AI deployment) EU · France
Mistral EU-sovereign LLM inference (EU-Only AI deployment) EU · France
Nebius EU-sovereign LLM inference (EU-Only AI deployment) EU · Finland

Auth & Billing

Provider Region

Stripe

Billing & payments

 US / EU

Communications

Provider Region

Resend

Transactional email

 US

Brevo

Email marketing

 EU · France

Yousign

eIDAS e-signatures (opt-in)

 EU · France

Analytics

Provider Region

Google Analytics 4

Marketing site only (datachi.ai landing pages) — consent-gated, IP anonymised, no ad personalisation

 US · Global

Analytics runs on the public marketing website only — the logged-in product environment has no analytics scripts of any kind. On the marketing site, scripts do not load until the visitor accepts cookies. Reject means nothing fires. IP addresses are anonymised at collection and we do not enable ad personalisation, ad storage, or user-data sharing for advertising.

Integrations (Opt-in)

Provider Policy

Google Workspace

Calendar, Gmail, contacts

 Customer-selected

Microsoft 365

Outlook, email, contacts

 Customer-selected

Security documentation last updated: May 20, 2026

Have security questions?

Email the security team. We'll send a DPA, the technical whitepaper, or whatever else procurement is asking you for.

Contact our security team