Is Datavera on-premise?
Yes. Datavera deploys on the customer's own hardware (On-Premise Starter from CHF 300 per month plus customer hardware) or in a Swiss data centre operated by Datavera (Cloud Starter from CHF 500 per month). No customer data ever traverses third-country public cloud.
Is Datavera FADP-compliant?
Yes, by design. Datavera GmbH is a Swiss legal entity. Customer personal data does not leave Switzerland in either Cloud or On-Premise deployments. Data processing agreements aligned with FADP Articles 7 and 8 are available.
What about the EU AI Act?
Datavera is positioned for customers whose use of the Document Suite falls within EU AI Act high-risk classification, entering force on August 2, 2026. Documentation, logging, human-oversight controls, and risk management are designed to align with the Act.
Does Datavera train AI models on customer data?
No. Datavera does not train third-party large language models on customer data. The Document Suite uses open-source frontier models selected per engagement. Customer data is never sent to model providers for training.
What about the US CLOUD Act?
Datavera GmbH is a Swiss legal entity, not US-parented, outside US courts' jurisdiction under the CLOUD Act. Cloud deployments run on Swiss infrastructure operated by Datavera. On-Premise deployments are inside the customer's own perimeter.
How is Datavera different from Microsoft Azure OpenAI Switzerland?
Azure OpenAI Switzerland runs in Swiss data centres but Microsoft remains a US parent reachable under the CLOUD Act. Datavera GmbH is a Swiss legal entity with Swiss-resident operators, outside US CLOUD Act jurisdiction. Datavera On-Premise puts inference inside the customer's own perimeter.
Can Datavera serve customers outside Switzerland?
Yes. Cloud Starter is Swiss-hosted but available to EU and global customers; the data stays in Switzerland. On-Premise Starter and Production deploy on the customer's hardware anywhere. GDPR Article 28 data processing agreements are available for EU customers. For US customers, Datavera GmbH operates outside the US CLOUD Act, which is often the reason they engage us.
How does Datavera handle GDPR data subject rights (access, deletion, portability)?
Standard GDPR Articles 15 to 22 rights are supported. Data export is via the Datavera admin console for Cloud customers, or direct database access for On-Premise. Deletion requests are processed within 30 days. The pilot tenant is auto-deleted on day 31 if the pilot is not converted. Full audit trail of access and modification is exportable in machine-readable format.
What encryption does Datavera use?
TLS 1.3 in transit. AES-256 at rest. Customer-managed encryption keys (CMK) are available on Production tier and air-gapped appliances. On Cloud Starter, Datavera-managed keys with separation of duties between the platform team and the storage team.
Does Datavera have ISO 27001 or SOC 2 certification?
Not yet. Datavera is working toward both but does not currently hold either certification. This security page documents the technical controls and policy alignment that ISO 27001 and SOC 2 would later audit. We do not claim certifications we do not hold.
Can Datavera integrate with our SSO (SAML, OIDC, LDAP)?
Yes. SAML 2.0 and OIDC are supported on Cloud Starter and Production tier. LDAP is available via the Production tier integration scope. Customer-side identity providers (Okta, Microsoft Entra ID, Google Workspace, Keycloak, etc.) are configured during onboarding.