Trust Center
Honest today. Public about tomorrow.
We state exactly where we stand now — EU-sovereign and GDPR-native — and we publish an open roadmap of what we're aiming for. No badges we haven't earned.
What we can stand behind now
EU-sovereign hosting
Hosted in Germany on European infrastructure, with a self-hosted database. Your data never leaves the EU.
No US processors
EU processors throughout. Relevant for GDPR, NIS2 scoping and public-sector procurement.
GDPR-native
Data-subject rights built in — access (Art. 15), erasure (Art. 17), portability (Art. 20), joint-controller notices (Art. 26).
Evidence-grade records
Every scan is timestamped, attributed and tamper-evident — built for audits and disputes.
Standards & regulations, by honest status
Each item carries a plain-language meaning and a status chip. Aligned is what we meet today; In progress is active work; On the roadmap is declared intent — not a claim of conformity.
Aligned today
GDPR
Regulation (EU) 2016/679Lawful, minimised, consent-driven processing with data-subject rights built into every profile.
EU-sovereign hosting
Data residencyAll data stored and processed on EU infrastructure, under EU law — no transfers to third countries by default.
EU Data Act
Regulation (EU) 2023/2854Fair access, portability and interoperability of the data generated by tagged connected products.
In progress
NIS2 / CyFun
Directive (EU) 2022/2555Aligning our security governance, incident handling and supply-chain controls to the NIS2 baseline.
On the roadmap
Cyber Resilience Act readiness
Regulation (EU) 2024/2847Preparing secure-by-design and vulnerability-handling practices for connected-product obligations.
EU Digital Product Passport
ESPR — Reg. (EU) 2024/1781Passport-ready data model so tagged products can carry their DPP as the regulation rolls out per sector.
Packaging & Packaging Waste Regulation
Regulation (EU) 2025/40Reuse-cycle counting and recyclability data to evidence PPWR packaging and take-back claims.
This is an aiming-for roadmap, not a statement of certification. Details are reviewed with counsel before contractual use — ask us for the current attestation pack.
Bring us your procurement questionnaire
We'll walk your security, privacy and sovereignty questions line by line — and tell you honestly where we are on each.