Postgate AI
Trust center

Security & trust

How Postgate AI handles your data: architecture, data protection and operations - transparent and verifiable.

Architecture & access

  • Minimal data flowAccess only when your AI assistant performs a specific action. The AI provider is connected via your own account.
  • Security model in detailDelegated permissions per user, a transparent proxy without storage, an encrypted credential vault: the full security model.

Data protection & compliance

  • Data processing agreement (DPA)A DPA under Art. 28 GDPR is a mandatory part of registration, personalised with your company name, available in the portal anytime.
  • Transparent subprocessorsAll engaged subprocessors are publicly listed; changes are announced in advance.
  • Hosting in GermanyOperation and encrypted storage exclusively in German data centres.
  • GDPR self-serviceData export and full deletion of the organisation can be triggered in the portal anytime.

Access & account security

  • Two-factor & SSOTwo-factor sign-in by e-mail; organisations can enforce Microsoft SSO (disable password login).
  • Roles & audit logFine-grained roles (admin, billing admin) and an activity log per organisation.
  • HardeningBot protection, rate limiting and login lockout protect the portal; encrypted connections throughout (TLS).

Operations & certification

  • Backups & recoveryRegular backups; recovery via a reproducible provisioning process.
  • Certifications (roadmap)ISO 27001 / SOC 2 are targeted. A security whitepaper is available on request.

Legal documents: Privacy · Subprocessors · Imprint