meinGPT LogomeinGPT Docs
WebsitePlatform Login
PlatformAI Prompting GuideEnterprisePrivacy & Security

Technical and Organizational Measures (TOMs)

Detailed listing of our technical and organizational data protection measures according to GDPR

DSGVO-Zertifiziert

Vollständig DSGVO-konform durch HeyData

Wir arbeiten mit HeyData zusammen und gewährleisten damit höchste Datenschutzstandards.

HeyData berät über 1.500+ UnternehmenHeyData hat 20+ Jahre Erfahrung
HeyData Logo

This page documents the technical and organizational measures (TOMs) required under Art. 32 GDPR that we have implemented at meinGPT to ensure an appropriate level of protection.

Technical Security Measures

1. Confidentiality (Art. 32 Para. 1 lit. b GDPR)

Physical Access Control

The following implemented measures prevent unauthorized persons from gaining physical access to data processing facilities:

  • Locking system with code lock
  • Security locks
  • Video surveillance of entrances

System Access Control

The following implemented measures prevent unauthorized persons from accessing data processing systems:

  • Authentication with username and password
  • Authentication with biometric data
  • Use of firewalls
  • Use of VPN technology for remote access
  • Encryption of data carriers
  • Encryption of notebooks / tablets
  • Central password rules
  • Use of 2-factor authentication
  • Company policy for secure passwords
  • Company "Clean Desk" policy
  • Automatic desktop locking when leaving workstation

Data Access Control

The following implemented measures ensure that unauthorized persons cannot access personal data:

  • Use of paper shredders (with cross-cut function)
  • Physical deletion of data carriers before reuse
  • Minimal number of administrators
  • Secure storage of data carriers
  • Central management of user rights by system administrators
  • Policy for minimal data printing

Separation Control

The following measures ensure that personal data collected for different purposes is processed separately:

  • Separation of production and test systems
  • Logical client separation (software-based)
  • Comprehensive authorization concept

2. Integrity (Art. 32 Para. 1 lit. b GDPR)

Transfer Control

It is ensured that personal data cannot be read, copied, modified or removed without authorization during transmission or storage:

  • Setup of VPN tunnels
  • WLAN encryption (WPA2 with strong password)
  • Provision of data via encrypted connections (SFTP, HTTPS)
  • Ban on uploading business data to non-company servers

Input Control

The following measures ensure that it can be verified who processed personal data at what time:

  • Clear responsibilities for deletions
  • Mandatory consultation before data deletion
  • Comprehensive logging of data access

3. Availability and Resilience (Art. 32 Para. 1 lit. b GDPR)

The following measures ensure that personal data is protected against accidental destruction or loss and is always available:

  • Regular automated backups
  • Comprehensive backup & recovery concept
  • Continuous monitoring of backup process
  • Secure, off-site storage of data backups
  • Separation of operating systems and data
  • Hosting with professional, certified providers

Privacy Overview

Overview of our privacy and security measures

AI Models & Providers

Interactive selection of AI models with automatic display of required providers for compliance and data protection