Trustcenter
Your sovereign AI partner
Sovereign AI is trust. Sovereign AI is control. Sovereign AI is DeepVA.
Compliance & Security
Your partner for trustworthy and secure AI.
DeepVA ensures maximum digital sovereignty – for secure use within your organization.
Data Sovereignty
Local or EU-certified cloud deployment of all modules is possible. Full control over video, audio, and metadata. No Vendor Lock-in.
Infrastructure Autonomy
Compatible with on-premises hardware, European data centers, and government IT standards.
Model Validation and Transparency
You can use and customize pre-trained models or your own models — no black boxes, fully exportable.
Legal Compliance
Complies with GDPR and AI Act regulations. Also offers ethical audit tools, risk-based model selection, and tools for bias reduction.
Reliability & Modularity
A stable and robust system with functional layers that meet all the requirements of an AI platform
We are trusted by:









Standards
Data Security in accordance with EU Standards.
We ensure that both on-premises and cloud environments meet the highest security and data protection standards – with a particular focus on compliance with European data protection regulations (GDPR). In doing so, we ensure that all data processing procedures are transparent, legally compliant, and aligned with European guidelines.
Cloud Security
Maximum security in the cloud – protected end-to-end.
On-Prem Security
Your infrastructure. Your rules. Our security.
Privacy
Smart AI. Smart Data Protection.
Strategic Goals
- Compliance with the GDPR, BDSG, and recognized standards
- Privacy by design
- Transparency, training, and continuous improvement of all measures
Guidelines & Principles
- Lawfulness & Transparency
- Data Minimization & Storage Limits
- Security & Accountability
Technical Orientation
- European Data Sovereignty
- Encryption and Access Control
- Client Segregation
Governance & Control
- Documentation
- Monitoring and Auditing
- Key Performance Indicators
Embedded Data Protection
- In the organization at the executive level
- A data protection officer oversees compliance, provides guidance, and conducts training
- Clear responsibilities for security and operational implementation
Privacy by Design
- Training and awareness programs on data protection and security risks
- Incident management processes
TOM
Technical and organizational measures.
Always committed to protect your data.
Confidentiality
- Access Controls
- Access Management
- Client Segregation
Availability
- High Availability
- Data Backup
Integrity
- Encryption
- Logging
Compliance & Governance
- ISMS Management System
- Incident Response
- Privacy by Design
Supplier Management
- All subcontractors are subject to contractual data protection and security requirements
EU AI Act
AI in accordance with European regulations.
We continuously adapt our AI to new requirements.
Service Hub
As a registered customer or partner, you can find additional documents here on data protection and compliance topics.
Legal Documents
Sub-processors
Model Provider
Speechmatics
Automated Speech Recognition (Speech-to-Text) for Audio/Video
Legal basis: Operated on DeepVA’s own servers
Headquarters: Great Britain
Certifications: ISO 27001:2022
DeepL
AI-Powered Text Translation and Localization
Legal basis: Not required (German servers; data is not stored or used for machine learning on Pro plans)
Headquarters: Germany (DeepL SE)
Certifications: ISO 27001, BSI C5, SOC 2 Type II
Hosting Provider
Oracle cloud
Enterprise cloud hosting, databases, high-performance AI infrastructure
Legal basis: No transfer to third countries when using the EU Sovereign Cloud. Backup: Binding Corporate Rules (BCR) & EU‑U.S. DPF.
Headquarters: U.S./ Ireland (Oracle Norway/ Ireland)
Certifications: ISO 27001, SOC 1/2/3, BSI C5
AWS
Cloud hosting, object storage (S3), compute resources, scalability.
Legal basis: No transfer to a third country when using the Frankfurt region. Backup: EU-US DPF & Standard Contractual Clauses (SCCs)
Headquarters: USA / Luxembourg (AWS EMEA SARL)
Certifications: ISO 27001, ISO 27017, ISO 27018, BSI C5, SOC 1/2/3
Hetzner
Infrastructure hosting, dedicated servers, backups
Legal basis: Not required (processing takes place exclusively in Germany and Finland)
Headquarters: Germany (Hetzner Online GmbH)
Certifications: ISO 27001
Verda
Cloud Provider, Computing Infrastructure for AI and ML
Legal basis: Generally, no data transfers to third countries when the software is operated in Germany
Headquarters: Finland
Certifications: GDPR-compliant operation in accordance with German IT standards
Raidboxes
Specialized WordPress hosting (often used for websites and marketing infrastructure)
Legal basis: Not required (hosting is provided on GDPR-compliant German servers).
Headquarters: Germany (Raidboxes GmbH)
Certifications: ISO 27001 (via the data center infrastructure used)
Research Partners / Technology Suppliers
Oracle cloud
Research Partners / Technology Providers
Legal basis: Not required (research institution headquartered in Germany). Hosted on DeepVA’s own servers.
Headquarters: Germany
Certifications: Operates in accordance with strict BSI and Fraunhofer IT security guidelines
Customer Relationship
Hubspot
CRM
Legal basis: No legal basis required
Headquarters: United States / Ireland (HubSpot Ireland Ltd.)
Certifications: ISO 27001, SOC 2 Type II
HubSpot Analytics
Data Processors for CRM, Marketing, and Web Analytics Services
Legal basis: Participation in the EU‑U.S. Data Privacy Framework; supplemented by Standard Contractual Clauses (SCCs), Art. 45 DSGVO ergänzend Art. 46 Abs. 2 lit. c DSGVO
Headquarters: Cambridge, Massachusetts, USA
Chargebee
Subscription Billing and Invoice ManagementSubscription Billing and Invoice Management
Legal basis: No third-country transfer during normal operation, in backup DPF, and SCC.
Headquarters: U.S. / Netherlands (Chargebee Europe B.V.)
Certifications: ISO 27001, PCI-DSS Level 1 (payment data), SOC 1/2
Microsoft 365
Cloud based services
Legal basis: No third-country transfer during normal operation, in backup DPF, and SCC.No third-country transfer during normal operation, in backup DPF, and SCC.
Headquarters: U.S. / Ireland (Microsoft Ireland Operations Ltd.)
Certifications: ISO 27001, ISO 27018, BSI C5, SOC 1/2/3
Hotjar
Data processors for heat maps and user analytics
Legal basis: Generally, no transfer to third countries is required. If data is transferred to service providers outside the EEA: SCCs.
Headquarters: St. Julian’s, Malta
Leadfeeder (Dealfront)
Data processors for B2B Visitor Identification and Lead Generation
Legal basis: Generally, processing takes place within the EEA; for transfers to third countries, SCCs apply,Art. 46 Abs. 2 lit. c DSG.
Headquarters: Helsinki, Finland
(Dealfront Group, headquartered in Germany and Finland)
Leadinfo
Data processors for lead identification and website analysis
Legal basis: Processing takes place primarily within the EEA;
if subcontractors in third countries are used: SCCs, Art. 46 Abs. 2 lit. c DSGVO.
Headquarters: Rotterdam, Netherlands
Google Family
Data processor for services such as Google Analytics, Google Tag Manager and Google Cloud
Legal basis: Participation in the EU‑U.S. Data Privacy Framework; additionally, SCCs in the data processing terms, Art. 45 DSGVO (EU‑U.S. Data Privacy Framework); additional Art. 46 Abs. 2 lit. c DSGVO.
Headquarters: Google LLC: Mountain View, California, USA; Google Ireland Ltd.: Dublin, Ireland
FAQ
Frequently Asked Questions
Where is the data processed?
Aiconix only processes personal data of public figures from legitimate sources, keeps customer data isolated, allows deletion of custom models, and enforces GDPR compliance through strict contractual rules.
Which data will be processed?
Aiconix only processes personal data of public figures from legitimate sources, keeps customer data isolated, allows deletion of custom models, and enforces GDPR compliance through strict contractual rules.
What data sources were used to develop and train the AI system?
The AI system was trained using a combination of proprietary, publicly available, open-source, and partner-provided data and models.
Customer data is not used for training purposes.
How long will data be stored?
Data is only stored for as long as necessary for processing purposes. For example, transcripts are retained for 30 to 90 days, depending on the module, to allow for optional post-processing such as summarization or translation. Customers may delete their data manually at any time before the end of this period.
Where is the data stored?
The data is stored exclusively in European data centers and European cloud providers.
Updates
21.04.2026
Title ipsum dolor sit amet
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
21.04.2026
Title ipsum dolor sit amet
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
21.04.2026
Title ipsum dolor sit amet
Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.