How we build GDPR-tight AI
Concrete tech architecture instead of marketing assurances: what we host where, how we encrypt, with which contracts — auditable in detail.
Data residency
All AI workloads run in EU regions. Standard stack:
- Model calls: Azure OpenAI in Germany West Central (Frankfurt) or Sweden Central — contract partner Microsoft Deutschland GmbH under the Online Services Terms.
- Application layer hosting: Hetzner Falkenstein, Upsun Frankfurt, or Azure Frankfurt — depending on requirements.
- Logs and telemetry: Azure Monitor in the same EU region as the model call. Never a US fallback.
- Backups: only in EU regions, with documented retention periods.
Encryption
| Layer | Standard | Note |
|---|---|---|
| Transport | TLS 1.3 | Modern cipher suites only, no legacy versions. |
| At rest | AES-256 | Azure Storage Service Encryption, Hetzner LUKS volumes. |
| Pseudonymization | Per call | We replace direct personal references locally before the model sees them. |
| Key management | Azure Key Vault / HSM | Regular rotation, audit trail on access. |
Pseudonymization pattern
Every model call that might involve personal data runs through a local pseudonymization layer:
- Detect: regex / NER / explicit field marking on the input form.
- Replace: stable tokens (e.g. client name → Client_42) per request mapping.
- Model call: the model sees only structured pseudo data.
- Re-identification: after the model response, locally in your domain.
- Audit log: mapping kept with access protection so each call stays reproducible.
DPA chain
- You as data controller (Art. 4(7) GDPR).
- IQONEX as processor (Art. 28 GDPR), DPA signed with you.
- Microsoft Deutschland GmbH as subprocessor — Online Services Terms incl. documented subprocessor list.
- Optional further subprocessors (Hetzner for hosting, Sentry for error tracking) — all listed in the DPA with documented TOMs.
§203 StGB — professional secrecy
For professional-secrecy holders (lawyers, doctors, tax advisors) the architecture is tailored accordingly:
- Local pseudonymization before every model call — clear names never leave the firm/practice.
- DPA with Microsoft Deutschland (with §203-StGB-compatible confidentiality obligation).
- Profession-equivalent TOMs by the processors (documented).
- Audit log with user identity per call — the professional must be able to reconstruct any AI-supported decision in dispute.
Audit log
Every model call is logged: timestamp, user identity (via Entra ID), model + version used, pseudonym hash of input, pseudonym hash of response. Retention per agreed period (6–10 years in regulated industries, often 12–24 months in Mittelstand workflows). Logs are reproducible, tamper-evident (hash chain), EU-resident.
EU AI Act
We classify each use case under the AI Act risk classes:
| Risk class | Examples from our practice | Obligations |
|---|---|---|
| Limited | Correspondence, research, summaries, anamnesis prep | Transparency duty (label as AI), DPIA when personal data is involved |
| High | AI in HR decisions, diagnostic support, critical infrastructure | Conformity assessment, logbook, risk management, human oversight |
| Prohibited / We don't build | Social scoring, real-time biometric surveillance, manipulative AI | — |
If your use case lands in "high risk", we say so in the intro call — and decide together whether the conformity assessment fits the budget or whether to redesign the use case.
What we don't do
- No US models without an EU layer (Azure OpenAI EU or Bedrock EU minimum).
- No model training on customer data (RLHF / fine-tuning is a different conversation, with DPA extension).
- No persistent logging of content without explicit mandate — audit log stores hashes and metadata, not content.
- No real-time biometric identification, no social-scoring systems, no manipulative AI (AI Act prohibited).
Documents shipped on engagement
- DPA per Art. 28 GDPR with documented subprocessor lists.
- TOMs per Art. 32 GDPR, extended for AI specifics.
- DPIA per Art. 35, reviewed by your DPO.
- Architecture document with threat model and data-flow diagram.
- Runbooks (deployment, incident response, restore).
Detailed architecture discussion?
If your DPO or compliance team has detailed questions, we're ready — we'll bring the stack and contracts in document depth to the intro call.