Trust, Security and Compliance
At Inorms AI, security, data protection, and the responsible use of artificial intelligence are at the core of our platform. We develop our systems to meet the highest standards of privacy, security, and regulatory compliance.
Data Protection & GDPR
We process personal data in accordance with the General Data Protection Regulation (GDPR).
Our core principles:
- Data minimization and purpose limitation
- Transparent processing
- Protection of data subject rights
- Clear allocation of roles (Controller / Processor)
For our SaaS services, we generally act as a processor pursuant to Art. 28 GDPR and provide a corresponding Data Processing Agreement (DPA).
Privacy Policy: https://inorms.ai/en/datenschutz
DPA (Data Processing Agreement): https://inorms.ai/en/dpa-template
AI Compliance & Responsible AI
As an AI company, we are committed to the responsible use of artificial intelligence.
Our measures include:
- AI governance and risk management
- Transparency regarding the functionality of AI systems
- Documentation and traceability
- Measures to reduce bias
- Continuous monitoring of system behavior
We consider regulatory requirements such as the EU AI Act and develop our systems using a risk-based approach.
Handling of Customer Data
Protecting your data is our highest priority.
- Customer data is processed exclusively for the provision of the agreed services
- No training of AI models using customer data without a clear legal basis
- Access to data is restricted to authorized personnel only
- Strict separation of customer data
Security & Infrastructure
We implement modern technical and organizational security measures, including:
- Encryption (TLS / HTTPS)
- Access controls and role-based permissions
- Secure hosting infrastructure
- Monitoring and logging
- Regular security reviews
Our systems are designed to ensure the availability, integrity, and confidentiality of data.
Hosting & Sub-Processors
To provide our services, we use selected service providers (sub-processors), particularly in the areas of:
- Cloud hosting
- AI infrastructure
- Monitoring and analytics
- Communication and support
All sub-processors are carefully reviewed and contractually bound in accordance with GDPR requirements.
International Data Transfers
Where data is processed outside the EU/EEA, this is done exclusively using appropriate safeguards, such as:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Access & Access Control
Access to data is strictly regulated:
- Access only for authorized employees
- Principle of least privilege
- Logging of access activities
- Regular review of permissions
- Availability & Business Continuity
We implement measures to ensure the continuous availability of our services, including:
- Redundant systems
- Backup strategies
- Monitoring and incident response
- Transparency & Customer Control
Our customers retain control over their data:
- Data export and deletion options
- Clear contractual terms
- Transparent data processing
- Data Protection Contact
