Trust center
Security & trust
How Postgate AI handles your data: architecture, data protection and operations - transparent and verifiable.
Architecture & access
- Minimal data flowAccess only when your AI assistant performs a specific action. The AI provider is connected via your own account.
- Security model in detailDelegated permissions per user, a transparent proxy without storage, an encrypted credential vault: the full security model.
Data protection & compliance
- Data processing agreement (DPA)A DPA under Art. 28 GDPR is a mandatory part of registration, personalised with your company name, available in the portal anytime.
- Transparent subprocessorsAll engaged subprocessors are publicly listed; changes are announced in advance.
- Hosting in GermanyOperation and encrypted storage exclusively in German data centres.
- GDPR self-serviceData export and full deletion of the organisation can be triggered in the portal anytime.
Access & account security
- Two-factor & SSOTwo-factor sign-in by e-mail; organisations can enforce Microsoft SSO (disable password login).
- Roles & audit logFine-grained roles (admin, billing admin) and an activity log per organisation.
- HardeningBot protection, rate limiting and login lockout protect the portal; encrypted connections throughout (TLS).
Operations & certification
- Backups & recoveryRegular backups; recovery via a reproducible provisioning process.
- Certifications (roadmap)ISO 27001 / SOC 2 are targeted. A security whitepaper is available on request.
Legal documents: Privacy · Subprocessors · Imprint
Security questions?
We answer security and privacy questions personally.