01Security & Compliance

Enterprise security built for European regulations

GDPR compliant, EU AI Act ready, with enterprise-grade security architecture designed from the ground up.

EU-Hosted GDPR Compliant EU AI Act Ready TLS & AES-256 No Training on Your Data

Your data is never used for training

This is a fundamental principle of Volentis.ai: not a policy, but an architectural guarantee.

Customer interactions are explicitly excluded from all model training processes

Your documents and conversations remain 100% confidential

No data is ever shared with third parties for training purposes

Contractually guaranteed in our Data Processing Agreement

Your knowledge stays yours. Period.

02GDPR Compliance

GDPR Compliance

Volentis.ai is designed with privacy-by-design principles and operates as a Data Processor under GDPR Article 28.

Data Processor Role

We act as Data Processor for customer content, with clear data processing boundaries and responsibilities.

Data Processing Agreement

Comprehensive DPA incorporating EU Standard Contractual Clauses available with all enterprise contracts.

Data Subject Rights

Full support for access, rectification, erasure, and portability requests.

03EU AI Act Compliance

EU AI Act Compliance

Volentis.ai is designed to comply with the EU AI Act as a limited risk system under Article 52.

Transparency Requirements

All AI-generated content is clearly labeled with mandatory transparency indicators.

AI Disclosure

Every response includes clear AI interaction disclosure and source attribution.

Human Oversight

No autonomous agent actions without human approval gates for consequential decisions.

04Technical Security

Technical Security

01

Encryption

TLS 1.2+ for data in transit, AES-256 for data at rest. All communications and storage are fully encrypted.

Same encryption standards as online banking. Your data is unreadable to anyone without authorization.

02

Authentication

Enterprise SSO via SAML 2.0 and OpenID Connect. Multi-factor authentication supported.

Employees log in with their existing company credentials. No new passwords to remember or manage.

03

Role-Based Access Control (RBAC)

Granular permissions at workspace, document, and feature level. Inheritance based on department and role.

You decide exactly who sees what. That sensitive salary policy? HR only. That IT procedure? IT team only. Automatically enforced.

04

Audit Logging

Complete logging of all user and administrative actions. Exportable audit trails for compliance.

Every action recorded. If something goes wrong, you can trace exactly what happened, when, and by whom.

05

Tenant Isolation

Logical separation in multi-tenant, dedicated infrastructure in single-tenant deployments.

Your data is completely separated from other customers. No mixing, no leaks, no access by others. Guaranteed.

06

BYOK (Bring Your Own Key)

Bring Your Own Key encryption available for single-tenant deployments.

Maximum control: you manage the encryption keys. Even Volentis cannot access your data without your keys.

05Built-in Safeguards

Built-in Safeguards

Volentis.ai includes important limitations by design to ensure responsible enterprise AI use.

No Automated HR Decisions

The system provides information and drafts; humans make all employment decisions.

Special Category Data Protection

No processing of health information or trade union membership without explicit configuration.

Human-in-the-Loop

No autonomous agent actions without human approval for consequential decisions.

Professional Advice Disclaimer

Not a replacement for professional legal, medical, or financial advice.

06Certifications & Standards

Certifications & Standards

Our commitment to industry-recognized security standards.

In Progress

ISO 27001

We are actively working towards ISO 27001 certification to demonstrate our commitment to information security management.

Compliant

GDPR Article 28

Operating as a certified Data Processor with comprehensive Data Processing Agreements.

Compliant

EU AI Act Article 52

Classified as limited risk system with full transparency requirements implemented.

Regular Security Assessments

Annual penetration testing by independent security firms. Vulnerability scans performed quarterly. Findings addressed according to severity-based SLAs.

Need security documentation?

DPOs and security teams can request our full security documentation package, including DPA, technical specifications, and penetration test summaries.

Includes: DPA, Security Whitepaper, Architecture Overview, Pentest Summary

Request Security Docs
07Sector-Specific Compliance Support

Sector-Specific Compliance Support

Volentis.ai supports compliance requirements across regulated industries.

Financial Services

MiFID II, GDPR Article 22 (automated decision-making)

Special provisions for financial services data handling and automated decision restrictions.

Healthcare

GDPR special category data, medical confidentiality considerations

Enhanced protections for health-related data with explicit consent requirements.

Government & Public Sector

Public sector compliance, transparency requirements

Support for government-specific data protection and transparency obligations.

Cross-Border Operations

Multi-jurisdictional GDPR, local implementations

Comprehensive support for organizations operating across EU member states.

08Technical Specifications

Technical Specifications

Detailed technical specifications for your security review. We speak IT's language too.

Session Management
JWT tokens (RS256 signing), 1-hour token expiry, 8-hour session timeout (configurable)

Automatic logout after inactivity. Protection against forgotten open laptops

Data Retention
Configurable retention policies, default 12 months for audit logs

You choose how long data is kept. Meet your industry requirements, no manual cleanup needed

SharePoint Synchronization
4 hours for metadata, 24 hours for full content refresh

Update a document in SharePoint? The AI knows about it within hours, automatically

Encryption Standards
TLS 1.2+ for transit, AES-256 for at-rest encryption

Bank-level security for all your data, whether it's being sent or stored

API Security
REST API with OAuth 2.0, rate limiting, comprehensive logging

Build custom integrations with secure, well-documented APIs

Browser Support

Supported browsers for optimal platform experience:

Chrome 90+Firefox 88+Safari 14+Edge 90+

Requires JavaScript enabled, TLS 1.2+, cookies for session management

Ready to discuss your security requirements?

Our team can provide detailed security documentation and answer your compliance questions.

Schedule a Security Review