Skip to main content
EduGPT
Security

Security at CivAI

CivAI B.V. is committed to providing a secure, sovereign AI platform for European government, education and enterprise organisations. Security is at the core of everything we build.

Last updated: February 2026

Infrastructure & Data Sovereignty

All data is hosted and processed within the European Union (EU/EEA).
No data transfers to third countries without appropriate safeguards.
European cloud infrastructure with ISO 27001 certified data centres.
Dedicated tenant isolation for government and enterprise customers.
Full data independence: your data remains under your control.

Encryption & Access Management

Data encrypted in transit (TLS 1.2+) and at rest (AES-256).
Role-based access control (RBAC) for all platform services.
Multi-factor authentication (MFA) available for all user accounts.
Principle of least privilege applied across the entire organisation.
Secure API authentication with token-based access.

Compliance & Certifications

GDPR-compliant by design and by default.
EU AI Act aligned: transparent AI with human oversight.
Data Processing Agreement (DPA) available for all customers.
Data Protection Impact Assessment (DPIA) support included.
Regular security audits and vulnerability assessments.

AI-Specific Security

No training on customer data: your input is never used to train models.
Prompt injection protection and input validation.
Content filtering and output monitoring.
Conversation data not shared between organisations.
Configurable data retention policy per customer.

Incident Response

Documented incident response plan with defined escalation procedures.
Data breach notification within 72 hours in accordance with the GDPR.
Continuous monitoring and logging of security events.
Regular backup and disaster recovery procedures.

Continuous Improvement

Regular penetration tests and security assessments.
Security awareness training for all employees.
Timely patching and update management.
Responsible disclosure policy for security researchers.

Questions about our security?

Contact our security team at privacy@civai.eu or reach out to us at info@civai.eu.