Built for Privacy. Engineered for Trust.

All processing and storage occur on European infrastructure. Your data doesn't leave the EU unless you explicitly configure it to. For many German and European businesses, this isn't a preference — it's a legal requirement. We treat it that way.

This applies to every layer of the platform: Cockpit audits run on European servers, Client operates entirely within your own infrastructure, and Search indexes are stored in European data centers. There is no US-based fallback, no "global CDN" that routes through non-EU jurisdictions.

The aystos Client analytics module uses IP truncation to subnet level and cookieless browser fingerprinting. No data leaves your infrastructure. No third-party beacons. No ad-blocker conflicts. Your visitors' privacy is protected by architecture, not by policy.

We don't use Google Analytics, Facebook Pixel, Hotjar, or any third-party tracking service — not on aystos.com and not in any product we ship. The Client analytics module runs entirely on your server. Raw logs never leave your hosting environment.

The aystos API gateway centralizes all upstream AI provider credentials. Your CMS installation never sees real API keys for OpenAI, Anthropic, or Gemini. Instead, it receives short-lived JWT tokens (HS256, 15-minute TTL) with cryptographic entitlement enforcement.

The architecture works in three layers:

• Gateway layer — holds real provider credentials, validates incoming tokens, injects upstream auth
• Client layer — holds only a license key, receives short-lived JWTs, never sees upstream secrets
• CMS layer — communicates exclusively with the Client runtime, zero direct API exposure

Even if your CMS is compromised, your AI credentials aren't. Learn how Search and Client use this architecture to keep your data safe.

Privacy isn't a feature we added — it's how every component was built from day one.

• IP truncation — addresses are truncated to /24 (IPv4) and /48 (IPv6) before any processing
• No personal data in analytics — event tracking uses cookieless fingerprinting, no PII stored
• Data processing agreements — available for Professional and Enterprise customers
• Right to deletion — all scan data can be purged on request, with cryptographic confirmation
• Consent mechanisms — built into every data collection point, not bolted on after the fact

Our Datenschutzerklärung details exactly what data we process, where, and on what legal basis.

Every operation that touches customer data is logged and traceable:

• License operations — activation, renewal, module changes, all timestamped
• Credit transactions — every AI analysis charge recorded with model, token count, and cost
• Search queries — logged per-project with configurable retention (7, 30, 90 days, or unlimited)
• Scan history — full audit history for every domain, with score progression over time

When your compliance team asks "what data do you process and where," we provide a structured export — not a vague policy document.

Multi-tier rate limiting on all public API endpoints, calibrated per endpoint sensitivity:

• Public scan endpoints — rate-limited per IP and per session to prevent abuse
• Authenticated API — per-token rate limits with burst allowance for legitimate batch operations
• Crawl pipeline — SSRF protection including private IP blocking (RFC 1918/4193), DNS rebinding prevention, and TOCTOU-safe resolution
• Search widget — per-project CORS enforcement, query rate limiting, and abuse detection

The infrastructure is designed to be resilient not just against volumetric abuse, but against the kind of subtle attacks — prompt injection, SSRF via crawled URLs, credential stuffing — that specifically target AI-adjacent systems.

• GDPR — full compliance across all products, documented in our Datenschutzerklärung
• DSGVO — German implementation of GDPR, including Bundesdatenschutzgesetz (BDSG) requirements
• TLS/SSL — all data in transit encrypted via TLS 1.2+ with modern cipher suites
• Data at rest — license data and search indexes encrypted on disk
• No sub-processors outside the EU — AI provider API calls are made from European gateway servers
• Penetration testing — regular security assessments of all public-facing endpoints

For enterprise customers requiring specific compliance documentation (SOC 2 Type II preparation, ISO 27001 alignment, or custom DPAs), contact our enterprise team.