Are your AI solutions GDPR compliant?

Yes, our AI solutions are GDPR compliant. We adhere to strict data protection principles, ensuring lawful processing, secure storage, and transparent handling of personal data. We also tailor our practices based on client-specific privacy and compliance requirements. For more details, please see our Privacy Policy.

Do you store data within the EU/EEA?

Yes, data is stored within the EEA or in countries recognized by the EU as providing adequate levels of data protection. We take a strict approach to data minimization — we do not collect, process, or store more information than necessary, especially not personal or sensitive data. Where data storage or processing is required, we implement appropriate security measures aligned with the nature and purpose of the information. Additionally, we offer flexible infrastructure options, including Azure, to meet specific security and compliance needs.

Do you use or store personal data in AI projects?

We avoid using personal or sensitive data wherever possible. When personal data is essential, we apply anonymization or pseudonymization techniques and obtain explicit consent if required. All processing is done under strict access controls and compliance frameworks.

Are you ISO 27001 certified?

Not at this time, but we follow Norwegian Digitalisation Agency (DigDir) guidelines and industry best practices for robust information security. For projects that require ISO 27001, we collaborate with ISO-certified partners to meet formal requirements.

What security measures do you implement?

Security is tailored to each client's needs and the risk level of the project. Measures include:

• Role-based access control
• Data encryption in transit and at rest
• Logging and monitoring of data access
• Secure software development practices
• Partnerships with ISO-certified cloud and infrastructure providers

Can your AI systems be deployed on-premises or in a private cloud?

Yes. We support a variety of deployment models, including on-premises installations and private cloud environments, especially where clients require maximum control over infrastructure, security, or data sovereignty.

Do you use generative AI (e.g., ChatGPT, LLaMA) in your solutions?

Yes, when appropriate. We carefully evaluate and configure generative AI models for specific use cases, focusing on transparency, safety, and accuracy. We avoid transmitting client data to public AI APIs unless explicitly agreed upon and secured.

How do you ensure transparency in AI decision-making?

We prioritize explainable AI, offering documentation, audit trails, and interpretability tools depending on the use case. Our goal is to enable human oversight and accountability in all automated processes.

Do you offer customization for regulated industries (e.g., healthcare, finance)?

Absolutely. We understand that regulated sectors have unique compliance, security, and traceability requirements. We tailor our AI workflows and documentation to align with frameworks like PSD2 or other domain-specific standards.

Can we test your solution before a full rollout?

Yes. We encourage pilot projects and sandbox environments where clients can assess the solution’s functionality, compliance, and integration capabilities before committing to full-scale deployment.

Are your AI solutions compliant with the EU AI Act?

Yes. We actively align our development and deployment processes with the EU AI Act. Our internal compliance guidelines address risk classification, documentation, transparency, and human oversight in accordance with the latest legal obligations.

For a detailed overview of how we approach this, please refer to our official guidance:  EU AI Act: Nordic AI Compliance Guidelines