Trust Center
Transparency on privacy, security and EU data hosting.
Information security
ISO 27001
In preparation
GDPR
Fully compliant
EU AI Act
Compliant (human-in-the-loop)
Technical and organisational measures (TOMs):
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Row Level Security (RLS) in PostgreSQL — strict tenant isolation
- Integration credentials encrypted AES-256-GCM, plain text never persisted
- Audit log of all AI calls and approval decisions
- Access role model (owner / hr_admin / hr / approver / viewer)
- Core sub-processors (hosting, DB, AI, email) EU-only; payment via Stripe with SCC
Sub-processors (DPA register)
Hosting, database, authentication, storage, AI and email are processed exclusively in the EU. Payment processing (Stripe) and optional Google sign-in may involve transfers to the USA — safeguarded by SCC and/or the EU-US Data Privacy Framework.
| Service provider | Purpose | Location | Jurisdiction |
|---|---|---|---|
| Hetzner Online GmbH | Hosting; self-hosted database, authentication and storage | Deutschland (Falkenstein) | EU |
| Scaleway SAS (Transactional Email) | Transactional email (auth, reminders) | Frankreich | EU |
| IONOS SE (AI Model Hub) | AI generation of reference texts (primary) | Deutschland | EU |
| Scaleway SAS (Generative APIs) | AI generation (failover) | Frankreich | EU |
| OVH SAS | AI generation (failover) | Frankreich | EU |
| Stripe Payments Europe, Ltd. | Payment processing | Irland / USA | EU / US (SCC) |
| Google Ireland Ltd. | Sign-in with Google (OAuth, optional) | Irland / USA | EU / US (SCC) |
| Cloudflare, Inc. (Turnstile Bot-Schutz) | legal.subprocessorPurposes.cloudflare | USA | US (SCC) |
Legal notes
§109 para. 3 GewO: The final employment reference must be issued in written form (handwritten signature of the employer). Electronic form is explicitly excluded. All texts generated here serve as drafts; the legally binding reference is created only by printing and signing.
EU AI Act (from August 2026): This system is classified as "limited risk". Human-in-the-loop is systemic: no reference is issued without review and approval by a responsible person.
AGG / §1: The fairness engine automatically checks for discriminatory wording. This does not replace employment law review.