Hosted in Germany
nordnung.ai is operated by us in Germany. We communicate data location, operating model, and responsibilities transparently.
Governance is part of the product core at nordnung.ai.
We combine controlled agent logic, hosting in Germany, GDPR compliance, and traceable execution into a security model designed for real enterprise environments.
The key trust building blocks at a glance
This page does not replace a shared security review, but it makes our operating model, privacy posture, and governance baseline visible and discussable.
GDPR-compliant operating model
Privacy is not an afterthought claim. Hosting, roles, data handling, and contact paths are aligned to a GDPR-compliant operating model.
Logging and traceability
Steps, method calls, approvals, and session context are documented for traceability, security, and troubleshooting.
DPA available
For pilots and customer processes we provide the contractual basis for data processing and security alignment on request.
External providers are intentionally bounded
Where external model providers are still necessary today, they are consciously limited, transparently classified, and never hidden behind a black-box narrative.
Security and incident contact
Security questions, review requests, and coordinated incident communication run directly through contact@nordnung.ai.
Credential Security
Credentials remain technically shielded
Credentials are standalone objects with a clear mapping to assets or applications. Access only runs through approved paths and never through free-form cleartext handling.
Vault and encryption
Credentials are managed through HashiCorp Vault with AES-256 and hardware-backed encryption.
No cleartext for the LLM
The LLM never receives credentials in cleartext. It only uses a controlled injection endpoint.
Leak warning instead of silent usage
If a password appears in chat or a screenshot, a security warning is raised and the incident is flagged.
Trust Controls
Control remains possible at all times
Security boundaries need to remain visible in live operation. That is why we place special emphasis on the ability to stop sessions, traceability, and tightly bounded permissions.
Kill switch
Any active session can be stopped immediately.
Audit trail
Steps, decisions, and method calls are logged for traceability.
Least privilege
Every agent only receives the rights needed for its specific purpose.
Seeing is believing.
In the demo we show you operating modes, approvals, audit logging, and credential protection mechanics directly inside the running product flow.
Operating model
Hosting, location, and data handling explained transparently
For nordnung.ai, technical control belongs not only in execution, but also in operations. That is why we communicate clearly where data is processed, how external model providers are integrated, and how we handle operating data.
Location & models
Where processing happensOperated in northern Germany
The telephony orchestration as well as nordnung.ai are operated in a GDPR-compliant manner on servers in northern Germany.
European LLM deployment
As long as external models remain necessary, nordnung.ai uses providers with European deployment, for example OpenAI through Microsoft Azure in Europe.
Per-customer isolation
Strictly separatedDedicated instance per customer
Every customer gets their own instance, provisioned in our own data center and running fully independent of other customers' instances. Data, configuration and execution stay strictly separated.
Access limited by firewall rules
At the instance level, firewall rules clearly limit which access is possible — both from the outside and towards the customer's systems.
Data handling
Flow & retentionData flow
We deliberately separate intake, controlled execution, and documented feedback. Not every piece of information should automatically reach every execution path.
Retention
Audit and operating data are only retained as long as they are needed for traceability, security, support, and agreed customer processes. Details are clarified in the security review and DPA.
Sovereignty & governance
Principle & processData sovereignty as a guiding principle
The long-term goal is to be as independent from external providers as possible. Open-source principles and hosting in Germany remain a strategic core.
Improvement process
Security and governance are not treated as static. Review, product iteration, and operational feedback continuously shape the model.
Governance
Control is enforced technically
Security claims have to show up in architecture and operating logic. That is why execution paths are bounded technically, not just rhetorically.
Wrapper actions instead of free code or shell execution
Least privilege per agent, scope, and endpoint
Kill switch and visible approvals in interactive contexts
Clear separation between interaction agents and execution agents
Operating modes
Autonomy is intentionally staged
The question is not whether a system can act autonomously, but under which conditions it is allowed to do so. That is why we work with explicit operating modes instead of implicit black-box automation.
Operating mode 1
Every relevant action remains approval-gated. Best suited for early pilots, sensitive environments, and teams that want maximum control.
Operating mode 2
After initial approval, the agent can continue within a defined user context. The allowed methods still remain tightly bounded.
Operating mode 3
After initial approval, defined client-admin actions become possible. Even here there is no free shell access, only predefined execution paths.
Next step
Security review and pilot can be aligned directly.
If you want to see how approvals, audit logging, hosting in Germany, and controlled execution work together inside the product, we show that in a shared review.