Trust & Security

Security

• • Encryption at rest and in transit; key and secrets management.
• • Regular penetration testing and vulnerability remediation.
• • Access logging and least‑privilege controls.

Data residency & retention

EU data centers by default. Retention windows are configurable per tenant, with export/delete supported to meet GDPR obligations.

Data use and AI providers

• • Customer data is not used to train shared models.
• • AI features are designed around traceability, review workflows, and human oversight.
• • Product capabilities and provider choices may vary by deployment model and use case.

Product-specific trust boundaries

• • CCBot is designed around approved content sources, citations, and configurable governance controls.
• • Memory is designed around private-by-default raw capture, workspace boundaries, and governed promotion of reusable knowledge.
• • Shared organizational value should come from validated artifacts and policies, not unrestricted access to raw user activity.

Sub‑processors

Hosting provider (initial list). Future sub‑processors will be listed here with change notifications.

EU AI Act statement

ContentCloud products are general‑purpose content tools, not intended for high‑risk decision‑making. We commit to transparency (AI indicators & citations), human oversight, risk management, logging and post‑market monitoring.

Documents

• • Data Processing Addendum (on request)
• • Security overview (this page)
• • Incident response summary (on request)
• • Additional deployment and architecture details can be shared during pilot and procurement discussions.