Data protection
& safety
Every cool feature needs a hell of a foundation. This is ours.
This page is about the invisible but decisive work in the background: How we ensure that your data is secure, your privacy is protected and that our data protection officer is happy.
GDPR compliance out of conviction
For us, the GDPR is not an annoying mandatory program, but the Basis for trust.
As a German company, we not only follow the rules, we have built our entire platform on them. For you, that means: maximum safety And the certainty that your Data according to the strictest standards be treated in the world.
German company, German law
InnoGPT is developed and operated in Germany. We are fully subject to German law and EU data protection laws. No legal grey areas, no compromises.
Compliance as standard
Our platform is technically and organizationally designed to meet the strict requirements of the GDPR. For us, this is not an optional extra, but the basis that we also promise you in black and white in the order processing agreement (AVV).
A digital fortress in the EU
Now it's getting technical, but it's crucial: We host your data on the most secure and powerful servers available in the EU — with certified providers such as AWS in Frankfurt am Main. Yes, they're US companies. And yes, there is the CLOUD Act. That is exactly why we have added a decisive level of protection that makes the decisive difference.
Server location Frankfurt am Main
Physically, your data is stored in a high-security data center in Germany. This guarantees short loading times and compliance with the EU's strict physical and network security standards.
Protection through consistent encryption
We use end-to-end encryption, in which exclusively us check the keys. The US provider only provides the encrypted infrastructure, but cannot read your data itself. Even with a legitimate request from US authorities, the host could only release unreadable data.
Your input. Your output. Dot.
Our business model is simple: We offer you a damn good AI platform. We don't sell data and we don't use it to feed our models. Your information is only used for the moment of processing — i.e. to process your request and provide you with a result. After that, we have a clear guideline: hands off.
Zero training guarantee
Neither we nor our technology partners (such as Microsoft) ever use your inputs or the generated results to train AI models. This is contractually via a Zero Retention Policy secured.
Automatic deletion
All of your conversations are saved for a maximum of 180 days so you can access them. They are then automatically and irrevocably deleted from our systems.
In black and white: Your legal safety net as an AVV
We can talk a lot about security. But in the end, what counts is what is on paper — or in this case, what is digitally sealed. For the 100% GDPR-compliant use of InnoGPT in your company, we offer you the conclusion of a Order processing contract (AVV) in accordance with Art. 28 GDPR.
Don't worry, you don't have to get the printer up and running again first. The AVV can be completed directly in your account settings with just a few clicks. This gives you legally binding proof that we process your data strictly in accordance with your instructions and comply with all protective measures. Safe is safe.
safety The topic we stop joking about.
Here is the part of the page where we leave irony aside. Because there is no room for manoeuvre when it comes to the security of your data. Our platform was developed from the ground up with a multi-level security concept — from physical infrastructure and encryption to strict contractual and organizational rules.
Military-grade encryption
We use AES-256 to encrypt your stored data. This is the same algorithm that is also used by governments to secure state secrets and is considered virtually unbreakable.
Interception-proof transmission
The connection between your device and our servers is protected by strong Transport Layer Security (TLS) encryption. It's like a secure digital tunnel just for your data.
Strict database isolation
Each workspace is architecturally designed to function as a separate, sealed vault within our database. This strict logical separation ensures that no other user can ever access your data.
Strict access controls
Access to productive systems follows the principle of least privileges and is limited to an absolute minimum of authorized employees. Every access is logged and strictly monitored.
