Where your data goes. Named, not implied.
The facts a security or procurement team asks for: where the hosted service runs, what's encrypted, and every sub-processor that touches data. This page describes the hosted service: the public sandbox and Open mode. In the hybrid and closed self-hosted modes, none of the sub-processors below apply.
The hosted service runs on infrastructure located in Germany. The databases that hold corpus embeddings, application state, and analytics run on that same infrastructure, within the European Union.
All traffic is encrypted in transit with TLS. The origin is not directly reachable from the public internet; requests pass through a content-delivery and edge-protection layer with rate limiting. Operator access requires a separate authentication step.
We're direct about this: the hosted service does not yet encrypt data at the disk level. Secrets and certificates are stored with restricted file permissions. Full-disk encryption is on the list, and we'll say so here when it ships rather than before.
Every third party that handles data in the hosted service, what it does, and what reaches it. Text you paste into the sandbox reaches the language-model provider below, which is why unpublished work belongs in a self-hosted deployment, not the public sandbox.
| Sub-processor | Purpose | What reaches them | Region |
|---|---|---|---|
| Infrastructure host | Compute, storage, and databases | Everything the hosted service stores, at rest | Germany |
| Cloudflare | Content delivery and edge protection | Request metadata and IP address | Global edge |
| OpenRouter | Language-model routing for the sandbox and query rewriting | Your query, claim, or pasted paragraph | United States |
The service also calls public literature databases to search and fetch papers. These receive identifiers (PMIDs, DOIs) and a contact email, not the text of your query.
- PubMed / NCBI E-utilities: search and full-text fetch
- Europe PMC: full-text fetch
In hybrid mode the language model runs on your hardware, so your prompts never reach a third-party model vendor. In closed mode every component (model, orchestration, retrieval, database) runs on your infrastructure, and nothing on this page applies. The Security page draws the boundary line for each mode.
We are not yet SOC 2 or ISO 27001 certified, and we won't claim a badge we don't hold. A Data Processing Agreement is available on request, and the Enterprise tier includes a BAA path for HIPAA. For a security review or to start procurement, email [email protected].