Your data stays in the EU, encrypted at rest and in transit. GDPR-compliant by design. Your business data is never used to train AI models.
GDPR
Full compliance with EU General Data Protection Regulation
Data Residency
All data stored in EU data centers (Frankfurt & Stockholm)
Encryption
AES-256 at rest, TLS 1.3 in transit
SOC 2
AWS infrastructure SOC 2 Type II certified
No Model Training
Your data is never used to train AI models
Right to Erasure
Full data deletion on request
Security Pillars
All data is stored and processed exclusively in European Union data centers. Documents in AWS Frankfurt (eu-central-1), infrastructure in AWS Stockholm (eu-north-1). Your data never leaves the EU.
Built from the ground up with GDPR in mind. Data processing agreements, right to erasure, data portability, and transparent data handling practices. Full compliance with European data protection regulations.
Data encrypted at rest (AES-256) and in transit (TLS 1.3). Database connections encrypted. S3 storage with server-side encryption. API keys and secrets managed via AWS Secrets Manager.
Granular permissions per workspace. Admin and member roles with different access levels. Sub-user management lets you control exactly who can access what.
Your documents, conversations, and business data are never used to train AI models. We use AWS Bedrock which guarantees your data is not used for model improvement.
OAuth 2.0 with Google, email/password with bcrypt hashing, or passwordless email OTP. JWT tokens with 24-hour expiry. No passwords stored for OAuth users.
Infrastructure
FAQ
All data is stored in AWS EU data centers. Documents and knowledge base data are in Frankfurt (eu-central-1). Application infrastructure, database, and compute run in Stockholm (eu-north-1). Your data never leaves the European Union.
Yes. natix.chat is built with GDPR compliance as a core requirement. We support data processing agreements (DPA), right to erasure, data portability, and consent management. All data processing happens within the EU.
No. We use AWS Bedrock for AI processing, which guarantees that customer data is not used to train or improve AI models. Your documents, conversations, and business data remain strictly private.
Only users you explicitly invite to your workspace can access its data. Role-based access control lets you assign admin or member roles with different permission levels. Sub-users can be restricted to specific workspaces.
All secrets (database credentials, API keys, OAuth tokens) are stored in AWS Secrets Manager, encrypted at rest, and rotated regularly. Application environment variables are stored in ECS task definitions, not in code.
Yes. You can request full data deletion at any time. This includes your account, workspaces, documents, conversations, and all associated data. Deletion is permanent and irreversible, processed within 30 days as required by GDPR.
Yes. We provide a Data Processing Agreement for enterprise customers. Contact us at hello@natix.ro to request a DPA or discuss specific compliance requirements.
Start for free with enterprise-grade security from day one.