Security · Data residency · Compliance

EU-hosted by default. GDPR-native by design.

FrostLogic operates entirely within EU data borders. We process building and operational telemetry — never personal information. Customers run the platform on our managed SaaS in Hetzner's EU data centres, or in their own Kubernetes cluster.

Hosting
Hetzner · EU data centres
ISO 27001 certified data centres.
Regulation
GDPR-native
No personal data processed by default.
Inference
Grounded · deterministic
No hallucination, by design.
Portability
No vendor lock-in
Data and models always exportable.

Data residency

EU borders. Both options.

Whether you run Explore on our managed SaaS or in your own infrastructure, your data does not leave the European Union. Our managed deployment runs in Hetzner's Falkenstein and Nuremberg facilities. Our customer-hosted deployment runs wherever you tell it to.

  • EU data residency by default. No cross-border transfer of customer data.
  • Customer-controlled encryption keys on the customer-hosted tier.
  • Backups co-located in EU.

What we process

Telemetry, not people.

Sensor Intelligence works with building and operational signals — temperatures, CO₂, energy consumption, equipment runtimes. By default we do not ingest, store, or process any personal data. This is a deliberate architectural choice, not a policy you have to enforce.

  • No PII processed by Sensor Intelligence by default.
  • Customer identity data lives only in our authentication layer.

Certifications & standards

What we lean on. What we don't pretend.

Host: ISO 27001

Our managed SaaS runs on Hetzner Online GmbH, whose EU data centres are ISO 27001 certified. We attribute carefully: this is host certification, not a FrostLogic-level certification yet.

GDPR alignment

Data processing agreements available. Lawful basis: legitimate interest for operational telemetry; explicit consent where the workflow involves personal data.

SOC 2 / FrostLogic ISO

In planning. We will not claim a certification before it is issued and we will not link a "Trust Center" page to a logo we are not entitled to.

Access & identity

  • SSO via SAML 2.0 and OIDC.
  • Role-based access control.
  • Audit log of every user and system action.
  • Optional IP allowlisting.

Operations

  • Encrypted at rest (AES-256) and in transit (TLS 1.3).
  • Quarterly third-party penetration testing.
  • Disclosed security contact: security@frostlogic.se.
  • Incident response within 24 hours; customer notification within 72.

Have a security questionnaire?

We've answered a few. Most of the answers are above. Send us yours and we'll fill it in.

Talk to security