The one topic where we stop joking.

Privacy & Security

Every cool feature needs a rock-solid foundation. This is ours. This page is about the invisible but essential work in the background: how we keep your data safe, your privacy protected and our data protection officer happy.

Trust & Security

Enterprise security meets
unlimited scale.

Made in Germany

Built in Vechta. More potato field charm than Silicon Valley hubris.

Hosted in Europe

Our software and (most) AI models are hosted in Europe.

GDPR compliant

Encrypted to standards that are even too complicated for us to explain here. (AES-256 & TLS)

ISO 27001 certified

Independently audited information security management. Reviewed by people who do nothing else.

Questions about data privacy? We're happy to help.

ISO 27001

Certified information security management system.

Compliance

DSGVO/GDPR

Full compliance with EU data protection law.

Compliance

AES-256 encryption

Stored data is encrypted with AES-256 — the same algorithm governments use to protect state secrets.

TLS transmission

Every connection runs over Transport Layer Security — a wiretap-proof digital tunnel between device and server.

Row Level Security

Every workspace is a sealed vault inside our database. Strict logical separation prevents cross-customer access.

Access control

Least-privilege principle on production systems. Access only for authorized staff, every access is logged and monitored.

Hosted in Germany

Servers in Frankfurt am Main with certified EU providers. Low latency and strict EU security standards.

GDPR-compliant by design

Full compliance with EU data protection law. DPA per Art. 28 GDPR, zero-training guarantee and configurable automatic retention periods.

DSGVO Konformitätgeprüft nach EU-Standard

100%konform

Art. 5Grundsätze der Verarbeitung
Art. 25Privacy by Design & Default
Art. 28Auftragsverarbeitung (AVV)
Art. 32Sicherheit der Verarbeitung
Art. 17Recht auf Löschung

Deutsches Recht · EU-Jurisdiktion

Geprüft & auditiert

The Foundation

GDPR compliance by conviction

For us, GDPR isn't annoying red tape — it's the foundation for trust. As a German company we don't just follow the rules; we built our entire platform around them. For you that means maximum security and certainty that your data is handled by the world's strictest standards.

German company, German law

innoGPT is developed and operated in Germany. We're fully subject to German law and EU data protection regulations. No legal grey areas, no compromises.

Compliance as the default

Our platform is technically and organizationally designed to meet GDPR's strict requirements. Not an optional extra — the baseline we commit to in writing via our Data Processing Agreement (DPA).

No world tour for your data

A digital fortress in the EU

A quick bit of tech, but it matters: we host your data on the most secure and capable servers available in the EU — with certified providers like AWS in Frankfurt am Main. Yes, those are US companies. That's exactly why we added a critical layer of protection that makes all the difference.

Server location Frankfurt am Main

Physically, your data sits in a high-security data center in Germany. Short latency plus compliance with strict EU physical and network security standards.

Protection through end-to-end encryption

We use end-to-end encryption where only we control the keys. The US provider supplies encrypted infrastructure but cannot read your data. Even a lawful request from US authorities would yield only unreadable data soup.

Frankfurt am Main

Deine Daten

EU · DSGVO

Drittzugriff blockiert

Nur wir halten den Schlüssel — Dritte sehen nur Chiffretext.

Dein InputPrompt, Datei, Dokument

KI-VerarbeitungNur für den Moment deiner Anfrage — nichts bleibt im Modell hängen.

Zero-Training-GarantieNie fürs Modelltraining verwendet.

Dein OutputNur du siehst das Ergebnis.

What happens with your data (and what doesn't)

Your input. Your output. Period.

Our business model is simple: we offer you a damn good AI platform. We don't sell data and we don't feed it into our models. Your information is used only for the moment of processing — to handle your request and deliver a result. After that our rule is simple: hands off.

Zero-training guarantee

Neither we nor our technology partners (like Microsoft) ever use your inputs or the generated outputs to train AI models. Contractually secured via a zero-retention policy.

Automatic deletion

All conversations are stored for at most 180 days so you can revisit them. After that they are automatically and irreversibly deleted from our systems.

In writing

Your legal safety net: the DPA

We can talk about security all day. In the end, what counts is what's on paper — or in our case, digitally signed. For 100% GDPR-compliant use of innoGPT in your company, we offer a Data Processing Agreement (DPA) under Art. 28 GDPR.

Don't worry — no printer required. The DPA can be signed with a few clicks directly in your account settings. You get the legally binding proof that we process your data strictly according to your instructions and uphold all protective measures.

Sign DPA directly in your account

AuftragsverarbeitungsvertragArt. 28 DSGVO

VerantwortlicherDein Unternehmen

Weisungen

Auftragsverarbeiterinnoki GmbH

Verarbeitung streng nach deinen Weisungen
Vertraulichkeitspflicht aller Mitarbeiter
Technische & organisatorische Maßnahmen (TOMs)
Meldepflichten bei Sicherheitsvorfällen

Digital signiert

Signiert

In unter 2 Minuten direkt im Konto abgeschlossen.

Trust Center

Certificates, reports & compliance docs in one place

The innoGPT Trust Center hosts all current security and compliance documents: ISO 27001 certificate, our up-to-date sub-processor list and the DPA — transparent, current and available for download.

Open Trust Center

Security is Our Priority

Have questions about our security measures? Our team is happy to help.

Security Whitepaper Contact Us

Contact

Still here? Respect.

Maurice Brumund

Geschäftsführer

If you've scrolled this far, we should really talk.