Security & Data Privacy
2 min readUpdated Mar 25, 2026
Data Hosting
All Optimaite infrastructure is hosted in Germany (Nuremberg) on Hetzner Cloud:
- Compute: Kubernetes cluster with dedicated worker nodes
- Database: Neon Serverless PostgreSQL (EU region)
- File storage: Hetzner S3-compatible Object Storage (EU)
- No data leaves the EU — all processing, storage, and AI inference routes through EU endpoints
Encryption
- In transit: TLS 1.3 for all connections
- At rest: AES-256 encryption on all storage volumes
- Secrets: SOPS + age encryption for Kubernetes secrets
Authentication
- Better Auth with Ed25519 JWT tokens
- HttpOnly cookies — JWTs never reach the browser; all API calls go through a server-side proxy
- Session management — automatic token refresh, idle timeout, max session duration
AI Data Handling
When you use the AI assistant:
- Your document content is sent to the AI model for processing
- We do not train on your data — your documents are never used to improve AI models
- AI providers (Azure OpenAI, deployed in EU data centers) process requests in real-time and do not retain your data
- All AI traffic is encrypted in transit
The AI disclosure modal shown on first login explains exactly what data the AI accesses and how it's used. You can review it anytime in Settings.
GDPR Compliance
Optimaite is designed for GDPR compliance:
- Data minimization — we only collect data necessary for the service
- Right to deletion — delete your account and all associated data from Settings
- Data portability — export your documents in standard formats (DOCX, XLSX, PPTX)
- Cookie consent — granular consent for essential vs. analytics cookies
- DPA available — Data Processing Agreement available at optimaite.eu/avv
Multi-Tenancy
Each workspace is fully isolated:
- Row-level security (RLS) at the database level
- Separate storage paths per tenant
- No cross-tenant data access
Was this helpful?