Is my data secure?
The key facts about data security at meinGPT at a glance
Short answer: Yes. Here are the key facts about data security at meinGPT.
Maximum security: Made & hosted in Germany with strictest data protection standards and EU-wide GDPR compliance.
π‘οΈ Key Security Facts
Where is my data processed?
β
Exclusively in the EU - Your data never leaves Europe
β
Primarily Germany - Servers in Frankfurt and Hamburg
β
EU-certified partners - All subcontractors are GDPR compliant
Who has access to my data?
β
Only you - Complete control over your data
β
No AI training - Your data is never used for training
β
Minimal access - Only technically necessary support access
β
Encrypted transmission - TLS 1.3 end-to-end encryption
Can I delete my data?
β
Immediate deletion - Possible anytime via the user interface
β
Complete removal - From all systems including backups (7 days)
β
Deletion confirmation - Automatic confirmation via email
π Technical Security
Encryption:
- π TLS 1.3 for all data transfers
- π AES-256 for data storage
- π‘οΈ Customer Managed Keys upon request
Infrastructure:
- π’ ISO 27001 certified data centers
- π₯ WAF & DDoS protection against attacks
- π 24/7 monitoring with automatic alerts
Software:
- π Regular security audits by third parties
- π οΈ Automatic updates of critical security patches
- π― Zero-Trust Architecture with minimal permissions
βοΈ Legal Protection
GDPR Compliance:
- ποΈ External Data Protection Officer - heyData GmbH
- π Data Processing Agreements for all partners
- π Regular compliance audits
Your Rights:
- π Information - Complete data overview upon request
- βοΈ Correction - Correction of incorrect data
- ποΈ Deletion - Right to be forgotten
- π€ Data portability - Export in standard formats
π€ AI-specific Security
Protection against misuse:
- π« No sharing with OpenAI - Azure OpenAI EU Zone without OpenAI access
- π Enterprise APIs - No access to consumer services
- π‘οΈ Stateless Processing - No storage of prompts
- π― Content Filtering - Automatic detection of problematic content
Transparency:
- π Provider Selection - Interactive overview of all AI partners
- π Meeting Data Flow - Detailed processing steps
- π Technical Measures - Complete TOMs documentation
πΌ For Businesses
Compliance Support:
- π Request DPA - Data Processing Agreements
- π’ Enterprise Features - OnPremise DataVault available
- π Audit Reports - Detailed compliance reports
- π― Individual Configuration - Customized privacy levels
Industry-specific:
- π₯ Healthcare - HIPAA-compatible configuration
- ποΈ Government - EU-Only Level available
- π¦ Finance - SOX/Basel-compliant settings
π Common Security Questions
Can the US government access my data?
No. With EU-Only and EU-Hosting levels, all data remains in the EU. US authorities have no access to EU-hosted Azure services.
What happens in case of a data breach?
Immediate response: 72h reporting obligation to authorities, direct customer information, forensic analysis and remediation. Complete transparency about all incidents.
How secure are my chat histories?
Maximum security: End-to-end encrypted, only you have access, no permanent storage with AI providers, automatic deletion according to your specifications.
Is my data processed in the USA?
Depends on the level: EU-Only (Level 1) and EU-Hosting (Level 2) process exclusively in the EU. Levels 3 and 4 can use US partners with Data Privacy Framework.
More questions? Contact our Data Protection Officer at datenschutz@heydata.eu or use our live chat.
π Detailed Information
- π‘οΈ Technical Protection Measures - Complete TOMs according to GDPR
- π€ AI Providers & Privacy - Interactive provider selection
- ποΈ Infrastructure Security - Technical security architecture
- π§ Request DPA - Data Processing Agreement