Skip to content

Trust overview

niil is built to be a sovereign, EU-first AI workspace where your data stays protected and under your control. This section explains each measure in plain language.

The pillars

PillarIn short
EU sovereignty & residencyOrganizations use only EU-processed (or self-hosted) models by default; inference is region-pinned to EU endpoints.
EncryptionChat content, documents and connector credentials are encrypted at rest with AES-256-GCM; TLS in transit.
Authentication & MFAPasswords, email one-time codes, passkeys (WebAuthn) and social sign-in — configurable per org.
Data protection & GDPRData export & erasure, DLP scanning, an immutable audit trail, and strict tenant isolation.
Zero Data RetentionPer-model retention and processor disclosure; ZDR contracted with providers where supported.
No external vendorsSelf-hosted runtime and built-in tools; no third-party analytics. EU-hosted Stripe is the only exception, and only if billing is enabled.
Compliance & legalDPA, technical & organisational measures (TOM), privacy policy and sub-processor list.

Secure by default

The defaults are the safe ones: EU-only models on, login MFA on, encryption at rest always on. An organization can relax a policy deliberately, but nothing sensitive is opt-in.

Two things we describe precisely (not more)

We aim to document only what niil actually does:

  • Zero Data Retention is disclosed per model and contracted with providers where they support it. Where a provider offers a retention-opt-out signal, niil is designed to use it. We describe ZDR as a contractual + disclosed property, not a blanket technical guarantee for every provider.
  • Billing uses Stripe only when enabled; subscription lifecycle handling is being expanded. See Plans & subscription.