Compliance

GDPR, AI Act, DORA – Enterprise Compliant

Certifications and regulatory standards

GDPR Compliant Full compliance with the EU General Data Protection Regulation. Privacy by Design & Default in accordance with Article 25 GDPR. ✓ Active
DORA Ready Claim Space meets the requirements of the Digital Operational Resilience Act for the financial and insurance sectors. ✓ Active
EU AI Act Compliant with the current classification of the EU AI Act. All AI systems are used in a transparent, traceable and responsible manner. ✓ Compliant
ISO 27001 Certified as a service provider. Infrastructure already ISO 27001 certified (Hetzner & Scaleway). In-house audit planned. Audit Q4 2026
SOC 2 Type II Currently meeting all requirements. Formal audit scheduled for Q3 2026 to finalize certification. Audit Q3 2026

Infrastructure and hosting

Our own infrastructure in the EU
All servers, databases and core systems run on our own self-hosted infrastructure. The data centers are located at Hetzner in Germany and Scaleway in France – both providers are ISO 27001 certified. No data leaves the European area.
AI systems in Europe
Our AI models run on Google Vertex AI within Google Cloud in Europe – GDPR compliant and secured by Data Processing Agreements.
Pricing and claims databases
Our pricing and claims databases are located entirely on our own infrastructure in Europe – no external cloud dependencies for sensitive claims data.
Voice Agents – Self-Hosted
Our Voice Agents run on our own hardware and infrastructure. Audio data is not transmitted to third countries.

Data isolation and multi-tenant separation

Dedicated databases per client
Each client, or each Space, receives its own fully partitioned database. There is no mixing with data from other clients – no shared tables, no shared records. This strict tenant separation principle ensures that client data remains isolated and protected at all times.
No AI training data
Client data is never used for AI model training. Data is used exclusively for the contractually agreed processing.
PII anonymization
A built-in anonymization layer ensures the masking and redaction of personal data before transmission to external systems.

Access control and authentication

Enterprise user management with Auth0 by Okta
All identity and access management runs through Auth0 by Okta – one of the leading enterprise security providers. This guarantees the highest security standards for authentication and enables seamless integration into existing corporate infrastructures.
Multi-Factor Authentication (MFA) Single Sign-On (SSO) Adaptive Risk Detection Custom OAuth Provider SAML 2.0 RBAC Brute-Force Protection Anomaly Detection
Custom Identity Provider
Companies can connect their own OAuth and SAML login providers to ensure that only authorized employees access the system – through existing corporate IT.
Breached Password Detection
Auth0 automatically checks passwords against known database breaches and prevents the use of compromised credentials.

Encryption and transfer security

SSL/TLS encryption
All connections between users and the platform, as well as between internal systems, are end-to-end encrypted with SSL/TLS. No data transfer ever takes place in plain text.
Encryption at Rest
All stored data is encrypted at rest – both at the database level and for file storage on our infrastructure.

Processes and governance

Data Breach Management
Documented processes for the detection, notification and handling of data breaches in accordance with Articles 33 and 34 GDPR – including notification without undue delay.
Data Processing Agreements
Written Data Processing Agreements (DPA) in accordance with Article 28 GDPR with all sub-processors. Clear contractual provisions for each processing purpose.
Records of processing activities
Comprehensive documentation of all processing activities in accordance with Article 30 GDPR – for full transparency and traceability.
Data protection training
Regular awareness programs and training for all employees – ensuring a high and uniform level of data protection across the entire company.
Availability for audits and inspections: Claim Space provides all the information necessary to demonstrate compliance with data protection obligations and enables audits, including inspections carried out by the data controller or by auditors mandated by them.

Ready for
light speed?

Switch now and experience claims management on a whole new level.
Get in touch

Let’s switch to light speed

Solutions
Platform
Audit
Assessment
Communicator
Inspect
Expert
Capture
Company
About Us
Contact
Compliance
Technology
Support Center
Legal
Imprint
Terms & Conditions
Privacy Policy
© 2026 | Claimspace FlexCo (LLC)