Trust & compliance

What we claim, and what we do not.

Civil-protection procurement runs on evidenced claims. This page documents what is currently true, what is in scope at launch, and where we are explicit about placeholders rather than over-claiming.
Data handling
PII minimization

We capture only what is necessary to follow up on an early-access request: work email, organization, role, free-text note, and the time it was sent. No tracking pixels, no marketing-automation tags. No third-party analytics on this site.

Operator-tier data

Operator-tier deployments process customer-controlled signals (infrastructure status, incident records, personnel rosters where applicable). These are processed under a Data Processing Agreement and never aggregated across customers.

Retention

Early-access submissions are retained for the duration of the early-access programme. Operator-tier retention is set by contract; default is 24 months for incident records and configurable per deployment.

Hosting · residency

All hosting is EU-region. The default production path uses an EU commercial cloud region; no US hyperscaler region appears in the data path. Operator-tier deployments can be pinned to a single member state on request, and sovereign-cloud / on-prem targets are available for civil-protection authorities that require them.

Default region
EU commercial cloud
Operator-tier pinning
Single-member-state on request
Sovereign deployment
Available — civil-protection only
Egress
EU borders by default
Sub-processors

The current sub-processor list is being finalised. We will publish the named list, the region in which each runs, and the role each plays before signing the first operator-tier contract.

Sub-processor register
Placeholder · finalised before first contract

Will list: EU cloud-region provider, transactional email provider, error-monitoring provider, and any upstream data providers required at the operator tier. Each will be named with region and purpose. We will not list a sub-processor we are not currently using.

Security posture
Encryption

In transit (TLS 1.2+) and at rest (provider-managed keys at launch; customer-managed keys available for sovereign deployments).

Access control

Operator-tier access is role-scoped per municipality. Audit logs travel with the same provenance discipline as the data layers.

Vulnerability handling

Responsible disclosure address published at launch. Dependency monitoring against the underlying OSS supply chain runs continuously in CI.

Certifications

ISO 27001 and SOC 2 are in scope at launch. We are not certified today and will not display a badge we have not earned. NIS2 alignment for the operator tier is tracked against the essential-entity profile; CER directive alignment follows the sector taxonomy.

Open source & dependencies

The console is built on open-source dependencies: Next.js, React, MapLibre, deck.gl, H3, fast-xml-parser. We track upstream advisories continuously and update on a fixed cadence; security patches are out-of-cadence.

Public-data sources are credited inline in the product and on /platform. Where we extend an open project, we feed fixes back upstream.

DPA · DPIA · procurement

Detailed documentation on request.

Draft DPA, DPIA template, and security questionnaire response are available for evaluating authorities. Tell us who you are and we will send the current versions.