Where your data lives
#| Where | Residency | |
|---|---|---|
| Embeddings (content vectors) | Local BGE-M3 model | Local / EU |
| Vector database | Local Qdrant | Local / EU |
| Relational database | Local PostgreSQL | Local / EU |
| Answer generation (LLM) | Cloud — masked prompt only | Masked before sending |
| Personal data (PII) | Masked before the cloud, rehydrated locally | Never leaves in raw form |
| Secrets / keys | Outside the repository (env variables) | Local |
Content to be embedded and searched never leaves the server — embeddings are computed locally. Only a prompt with personal data masked reaches the cloud model, and the response is rehydrated locally.
Which compliances we meet
#- GDPR from the foundations — consent before tracking, data minimisation, a real right to erasure.
- Record of Processing Activities (RoPA) — maintained and kept current.
- Privacy by design / by default — privacy built into the pipeline, not bolted on later.
- PII masking — enforced at a single ingress (the OpenClaw router) before every cloud call.
- EU residency — local infrastructure; the cloud is used only for masked generation.
Certifications — honestly
#We don't yet hold formal certifications like ISO 27001 or SOC 2 — and we don't pretend to. Instead of badges we publish verifiable practices: local data hosting, PII masking before the cloud, a maintained RoPA, and public standards with the practices that enforce them. Consistent with our principle: proof, not a declaration.
Have a specific compliance requirement? Let's talk — we'll show you what we actually meet and how.