Compliance Overview
We map the regulatory landscape to technical controls. This is not a policy document — it is an engineering commitment.
EU AI Act — Transparency
Every agent interaction is assigned a Confidence Performance Index (CPI) and stored as an immutable, cryptographically hashed trace. The full decision context — prompt, output, CPI score, and routing outcome — is exportable on demand for external auditors or regulatory review.
Read the full EU AI Act Guide →EU AI Act — Human Oversight
Our Policy Engine enforces deterministic routing rules at runtime. Decisions below the configured confidence threshold or containing flagged PII are automatically held in a human review queue prior to execution. Oversight is not optional — it is enforced architecturally.
GDPR & Data Privacy
ADJUDON acts strictly as a Data Processor under GDPR Article 28. Trace payloads are never used to train generalized models. Automatic PII masking prevents sensitive fields from being stored. Data processing and storage occurs exclusively in Frankfurt, Germany. Standard Contractual Clauses (SCCs) are available for cross-border transfers.
- Configurable data retention windows: 7 to 365 days
- Right to erasure supported via API and dashboard
- DPA available for all paid plans
Encryption Standards
All trace data is encrypted at rest using AES-256 and in transit via TLS 1.3. Audit log entries are cryptographically hashed using SHA-256 — any modification to a log entry invalidates the hash chain, making tampering immediately detectable.
Need a vendor security questionnaire, penetration test results, or a custom DPA? We respond to compliance inquiries within 24 hours.
Contact Our Security Team