Is my data secure?
The key facts about data security at meinGPT at a glance
Short answer: Yes. Here are the key facts about data security at meinGPT.
Maximum security: Made & hosted in Germany with strictest data protection standards and EU-wide GDPR compliance.
🛡️ Key Security Facts
Where is my data processed?
✅ Exclusively in the EU - Your data never leaves Europe
✅ Primarily Germany - Servers in Frankfurt and Hamburg
✅ EU-certified partners - All subcontractors are GDPR compliant
Who has access to my data?
✅ Only you - Complete control over your data
✅ No AI training - Your data is never used for training
✅ Minimal access - Only technically necessary support access
✅ Encrypted transmission - TLS 1.3 end-to-end encryption
Can I delete my data?
✅ Immediate deletion - Possible anytime via the user interface
✅ Complete removal - From all systems including backups (7 days)
✅ Deletion confirmation - Automatic confirmation via email
🔐 Technical Security
Encryption:
- 🔐 TLS 1.3 for all data transfers
- 🔑 AES-256 for data storage
- 🛡️ Customer Managed Keys upon request
Infrastructure:
- 🏢 ISO 27001 certified data centers
- 🔥 WAF & DDoS protection against attacks
- 📊 24/7 monitoring with automatic alerts
Software:
- 🔍 Regular security audits by third parties
- 🛠️ Automatic updates of critical security patches
- 🎯 Zero-Trust Architecture with minimal permissions
⚖️ Legal Protection
GDPR Compliance:
- 🏛️ External Data Protection Officer - heyData GmbH
- 📋 Data Processing Agreements for all partners
- 🔍 Regular compliance audits
Your Rights:
- 📋 Information - Complete data overview upon request
- ✏️ Correction - Correction of incorrect data
- 🗑️ Deletion - Right to be forgotten
- 📤 Data portability - Export in standard formats
🤖 AI-specific Security
Protection against misuse:
- 🚫 No sharing with OpenAI - Azure OpenAI EU Zone without OpenAI access
- 🔒 Enterprise APIs - No access to consumer services
- 🛡️ Stateless Processing - No storage of prompts
- 🎯 Content Filtering - Automatic detection of problematic content
Transparency:
- 📊 Provider Selection - Interactive overview of all AI partners
- 🔍 Meeting Data Flow - Detailed processing steps
- 📋 Technical Measures - Complete TOMs documentation
💼 For Businesses
Compliance Support:
- 📄 Request DPA - Data Processing Agreements
- 🏢 Enterprise Features - OnPremise DataVault available
- 📊 Audit Reports - Detailed compliance reports
- 🎯 Individual Configuration - Customized privacy levels
Industry-specific:
- 🏥 Healthcare - HIPAA-compatible configuration
- 🏛️ Government - EU-Only Level available
- 🏦 Finance - SOX/Basel-compliant settings
🔍 Common Security Questions
Can the US government access my data?
No. With EU-Only and EU-Hosting levels, all data remains in the EU. US authorities have no access to EU-hosted Azure services.
What happens in case of a data breach?
Immediate response: 72h reporting obligation to authorities, direct customer information, forensic analysis and remediation. Complete transparency about all incidents.
How secure are my chat histories?
Maximum security: End-to-end encrypted, only you have access, no permanent storage with AI providers, automatic deletion according to your specifications.
Is my data processed in the USA?
Depends on the level: EU-Only (Level 1) and EU-Hosting (Level 2) process exclusively in the EU. Levels 3 and 4 can use US partners with Data Privacy Framework.
More questions? Contact our Data Protection Officer at datenschutz@heydata.eu or use our live chat.
🔗 Detailed Information
- 🛡️ Technical Protection Measures - Complete TOMs according to GDPR
- 🤖 AI Providers & Privacy - Interactive provider selection
- 🏗️ Infrastructure Security - Technical security architecture
- 📧 Request DPA - Data Processing Agreement