Data Security & GDPR Compliance

Data protection and data security are the top priority at FINO Suite - in every product and every process.

100% EU Hosting All servers in the EU
GDPR-Compliant Full Compliance
EU AI Act Ready Transparency & Documentation
Encrypted AES-256 & TLS

Hosting & Infrastructure

EU Cloud Infrastructure

The FINO Suite is operated exclusively on servers within the European Union. Our infrastructure is based on certified EU data centres with the highest availability and security standards.

  • Hosting in German and European data centres
  • ISO 27001 certified infrastructure
  • Highly available enterprise architecture
  • Automatic backups and disaster recovery
  • Optional: Operation on STACKIT (Schwarz Group) as a sovereign cloud alternative

Encryption

All data is encrypted both in transit and at rest.

  • AES-256 for data at rest
  • TLS 1.2+ for all data transfers
  • Encrypted document processing
  • Encrypted audio transmission (FINO Voice)

GDPR Compliance

All products of the FINO Suite are fully GDPR-compliant. We provide all required data protection documents.

Provided Documents

  • Data Processing Agreement (DPA)
  • Technical and Organisational Measures (TOMs)
  • Record of Processing Activities
  • Data Protection Impact Assessment on request

Data Subject Rights

  • Right of access (Art. 15 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

AI Models & Data Processing

Large Language Models (LLMs)

The FINO Suite uses large language models via secure, GDPR-compliant interfaces.

  • All models are operated in the EU
  • No training of models with customer data
  • Models operate stateless - no persistent data storage
  • Choice between different providers available

Data Processing

Transparent and traceable processing of all data.

  • No disclosure to third parties without consent
  • Automatic deletion after processing purpose is fulfilled
  • Tenant separation in multi-tenant operation
  • Audit logs for all processing steps

EU AI Act Compliance

All FINO products are designed to comply with the EU AI Act.

  • Transparency Obligations (Art. 50): Users are always informed that they are interacting with an AI system.
  • Risk Management: Continuous assessment and mitigation of AI-related risks.
  • Technical Documentation: Traceability of all AI systems and their decision-making foundations.
  • Source References: Every AI response is provided with source references to make the origin of information transparent.

Our Principles

Data Minimisation

Only the absolutely necessary data is ever collected and deleted as quickly as possible.

Privacy by Design

Data protection is an integral part of our product development - from the very beginning, not as an afterthought.

Transparency

Open communication about data processing, technologies used and security measures.

Continuous Improvement

Regular review and updating of our security measures and processes.

Questions about Data Security?

We are happy to provide you with all data protection documents and answer your questions.

Request More Information Privacy Policy