Trust overview
niil is built to be a sovereign, EU-first AI workspace where your data stays protected and under your control. This section explains each measure in plain language.
The pillars
| Pillar | In short |
|---|---|
| EU sovereignty & residency | Organizations use only EU-processed (or self-hosted) models by default; inference is region-pinned to EU endpoints. |
| Encryption | Chat content, documents and connector credentials are encrypted at rest with AES-256-GCM; TLS in transit. |
| Authentication & MFA | Passwords, email one-time codes, passkeys (WebAuthn) and social sign-in — configurable per org. |
| Data protection & GDPR | Data export & erasure, DLP scanning, an immutable audit trail, and strict tenant isolation. |
| Zero Data Retention | Per-model retention and processor disclosure; ZDR contracted with providers where supported. |
| No external vendors | Self-hosted runtime and built-in tools; no third-party analytics. EU-hosted Stripe is the only exception, and only if billing is enabled. |
| Compliance & legal | DPA, technical & organisational measures (TOM), privacy policy and sub-processor list. |
Secure by default
The defaults are the safe ones: EU-only models on, login MFA on, encryption at rest always on. An organization can relax a policy deliberately, but nothing sensitive is opt-in.
Two things we describe precisely (not more)
We aim to document only what niil actually does:
- Zero Data Retention is disclosed per model and contracted with providers where they support it. Where a provider offers a retention-opt-out signal, niil is designed to use it. We describe ZDR as a contractual + disclosed property, not a blanket technical guarantee for every provider.
- Billing uses Stripe only when enabled; subscription lifecycle handling is being expanded. See Plans & subscription.