Trust
RegRadar is designed for regulated teams with EU-first deployment, externalized authentication, audit logging, delivery controls, and operator-role governance. Production deployments are expected to use encrypted transport, controlled secrets, and restricted operator access.
Standard managed deployment uses EU-region application hosting, database storage, backups and logs unless a private-tenant contract states otherwise. The workspace Trust Center exposes the named hosting region, database region, backup region, log region, subprocessors, DORA Chapter V artefacts and DPA acceptance state.
AI processing is governed by provider no-training/no-retention commitments where configured. Customer rationale text can contain personal data; RegRadar therefore exposes a personal-data-in-prompts control and procurement disclosure so customers can decide whether prompt redaction, EU-hosted Azure OpenAI, Mistral-on-EU-cloud, or a private tenant is required.
ISO 27001 / SOC 2 / BSI C5 evidence, pen-test summaries and BCP/DR documentation are handled as procurement artefacts and linked from the in-product Trust Center when available.