How we protect your data.
Security is built into every layer of the GΞIST platform. We are transparent about what is operational today and what is on our roadmap.
Authentication & Access
Enterprise single sign-on, multi-factor authentication, and role-based access ensure only authorized users access your data.
- SAML 2.0 and OpenID Connect SSO
- MFA enforced via your identity provider
- Role-based access control at every level
- Per-tenant data isolation on every request
Data Protection
Your data is encrypted at rest and in transit, with strict tenant isolation ensuring no cross-customer data access.
- TLS 1.2/1.3 encryption for all connections
- Encrypted backups with EU and NA storage options
- Row-level database isolation between tenants
- Secrets stored in a dedicated vault with access logging
AI Governance
We never train AI models on your data. Every AI interaction is logged, PII is redacted before processing, and humans stay in control.
- Your data is never used for model training
- Automatic PII redaction before AI processing
- All AI outputs require human review and approval
- Quarterly governance reports on AI usage patterns
GDPR & Privacy
Full data subject rights support, complete data erasure on request, and transparent data residency controls.
- Self-service data access and export requests
- Complete data erasure across all systems on request
- You choose where your data is stored (EU or NA)
- Data retention policies with automated enforcement
Infrastructure
Multiple layers of protection from network edge to database, with continuous monitoring and incident response.
- DDoS protection and web application firewall
- Input validation on every API endpoint
- Dependency and supply chain scanning on every push
- Continuous monitoring with distributed tracing
- Defined incident response procedures (P0-P3)
You choose where your data lives.
Our default deployment stores all data within the European Union. North American hosting is available for customers who require US-based data residency.
European Union (Default)
- Application and database hosting in Germany
- Encrypted backups in Netherlands
- AI processing in EU region
- No data transfer outside the EU
North America (Available)
- US-based hosting via Azure (East US / West US)
- SOC 2 and HIPAA compliance support
- CCPA consumer data rights
- Contact us for NA deployment details
Full control inventory.
For security reviewers who need the complete picture. Each control is mapped to its current implementation status. For detailed evidence, request our Evidence Pack.
Authentication & Access Control
Identity verification, session management, and role-based access enforcement.
| # | Control | Status |
|---|---|---|
| 1 | SAML 2.0 SSO | Operational |
| 2 | OpenID Connect | Operational |
| 3 | MFA passthrough | Operational |
| 4 | Argon2id password hashing | Operational |
| 5 | ES256 JWT signing | Operational |
| 6 | Session management | Operational |
| 7 | Role-based access control | Operational |
| 8 | Tenant role-based access | Operational |
Data Protection
Encryption, tenant isolation, and backup security across all data layers.
| # | Control | Status |
|---|---|---|
| 9 | TLS 1.2/1.3 in transit | Operational |
| 10 | Tenant isolation (RLS) | Operational |
| 11 | Encrypted backups | Operational |
| 12 | Secrets management | Operational |
| 13 | Credential validation | Operational |
| 14 | Volume-level encryption at rest | Operational |
| 15 | Application-level per-tenant encryption | Planned |
AI Governance
Controls ensuring responsible, transparent, and auditable AI usage.
| # | Control | Status |
|---|---|---|
| 16 | PII redaction before AI processing | Operational |
| 17 | AI content labelling | Operational |
| 18 | AI audit logging | Operational |
| 19 | No training on customer data | Operational |
| 20 | Human-in-the-loop | Operational |
| 21 | AI governance reporting | Operational |
| 22 | Rubber-stamping detection | Operational |
| 23 | AI training certification | Operational |
GDPR Compliance
Data subject rights, residency, retention, and lawful basis controls.
| # | Control | Status |
|---|---|---|
| 24 | DSAR management | Operational |
| 25 | Right to erasure (Art. 17) | Operational |
| 26 | Tenant purge capability | Operational |
| 27 | Deletion audit trail | Operational |
| 28 | Data residency controls | Operational |
| 29 | Lawful basis: Legitimate Interest | Operational |
| 30 | Data retention management | Operational |
Infrastructure Security
Network architecture, application hardening, and operational monitoring.
| # | Control | Status |
|---|---|---|
| 31 | Input validation | Operational |
| 32 | OWASP protection | Operational |
| 33 | Rate limiting | Operational |
| 34 | Cloudflare DDoS/WAF | Operational |
| 35 | OpenTelemetry monitoring | Operational |
| 36 | Incident response procedures | Operational |
| 37 | Dependency and supply chain scanning | Operational |
Testing & Assurance
Independent security testing and accessibility compliance.
| # | Control | Status |
|---|---|---|
| 38 | Penetration testing | Planned |
| 39 | WCAG 2.1 AA accessibility | Planned |