Optimaite is hosted in the EU, GDPR-compliant, and protects your data with industry-leading security measures. Transparency matters to us.
Our platform meets the strict requirements of European data protection and security standards.
Full compliance with the European General Data Protection Regulation. DPA, TOMs, and subprocessor registry available.
All application data is exclusively processed and stored in the EU. Infrastructure at Hetzner Cloud in Germany.
Your data is never used to train AI models. All AI processing takes place exclusively within the EU via Azure AI (Germany) and AWS (Frankfurt) with zero-retention agreements.
Technical and organizational measures to protect your data.
How your data flows through our platform and where it is processed.
User accounts & authentication
Document processing, AI analysis
AI assistance & communication
Security logging & error diagnostics
Hetzner Cloud
Infrastructure & storage · Germany
Neon
Database · EU (Frankfurt)
Azure AI
AI provider (GPT, Gemini) · EU (Germany)
AWS Bedrock
AI provider (Claude) · EU (Frankfurt)
Vercel
Website hosting · EU regions
Sentry
Error monitoring · EU
All relevant documents for your compliance review.
General terms and conditions for the use of the Optimaite platform.
Read ToSData processing agreement pursuant to Art. 28 GDPR including TOMs.
Read DPAInformation on the handling of personal data.
Read privacy policyComplete list of all subprocessors used.
View listTechnical and organizational measures (TOMs).
View detailsInformation pursuant to § 5 DDG and legal information.
Read legal noticeAll application data is processed and stored in Germany (Hetzner Cloud, Falkenstein/Frankfurt) and the EU (Neon Postgres, Frankfurt). AI processing also takes place exclusively within the EU via Azure AI (Germany) and AWS Bedrock (Frankfurt).
No. We operate AI models exclusively through EU-based services (Azure AI in Germany, AWS Bedrock in Frankfurt) with explicit zero-retention and zero-training agreements. Your data never leaves the EU and is immediately discarded after processing.
Yes. Our DPA pursuant to Art. 28 GDPR is available as part of our terms of service and includes the technical and organizational measures (TOMs) as well as the complete subprocessor registry.
Optimaite implements a strict multi-tenant architecture with isolation at the database level. Every tenant query is automatically filtered, making access to other tenants' data technically impossible.
Our team is happy to assist you with security questions, DPA requests, and compliance reviews.