Your data stays yours. Always.

Komplync is built for regulated financial institutions. That means enterprise-grade security, EU-only data residency, and a zero-tolerance policy on using your content to train AI models.

GDPR Compliant· Active

EU Data Residency· Active

SOC 2 Type II· In progress

ISO 27001· Roadmap

Data Processing Agreement· Available on request

How we protect you

Security by design

Ireland · eu-west-1

EU-only infrastructure

All data is processed and stored exclusively in the European Union — Ireland (eu-west-1). No data ever leaves the EEA. We use AWS EU infrastructure with geographic redundancy.

AES-256 + TLS 1.3

AES-256 encryption

All data at rest is encrypted with AES-256. Data in transit is protected with TLS 1.3. Encryption keys are managed using AWS KMS with automatic annual rotation.

Zero data training

Zero AI training on your content

Your marketing content, briefs, and compliance reports are never used to train any AI model — ours or third-party. Every generation request is processed in isolation and is not stored beyond your audit trail.

GDPR · DPA available

Full GDPR compliance

We operate as both a Data Controller (for account data) and Data Processor (for your content). A Data Processing Agreement (DPA) is available on request. We support GDPR rights: access, erasure, portability.

Tamper-proof logs

Immutable audit trail

Every content generation, compliance check, and approval action is logged with a timestamp, user ID, and rule reference. Logs cannot be altered or deleted — they are cryptographically signed.

RBAC · SSO · MFA

Access control & authentication

Role-based access control (RBAC) lets you define who can generate, review, and approve content. SSO via SAML 2.0 is available on Enterprise. All accounts support MFA.

Transparency

What happens to your content

You submit a brief or content for review

Your input is sent over TLS 1.3 to our EU servers. It is never cached on CDN edge nodes.

AI generates or checks the content

The request is processed in an isolated container. No data is written to shared storage. The AI model runs in our EU environment — no data is sent to third-party model providers with your content.

Result is returned and stored in your audit trail

The generated content and compliance report are stored encrypted (AES-256) in your account only. The processing container is destroyed.

You approve and export

Approved content and the full compliance log are exportable as PDF. The log is cryptographically signed and tamper-proof for regulatory inspection.

Security questions?

Our security team responds to all enquiries within 24 hours. For penetration test results, our DPA, or a security questionnaire, contact us directly.

security@komplync.com View DPA