The facts your security review needs. All in one place.
Confir is EU-hosted, GDPR-compliant and security-first by architecture — not retrofitted. Every claim here is backed by the code shipping today: the standards we're aligned with, how your data is protected and where it lives, how we stay available, and every legal document we publish.
Fully EU hosted
Frankfurt · eu-central-1
Security as a foundation,
not a feature.
From row-level database isolation and EU-only data residency to immutable audit logs and granular role enforcement — Confir treats security as an architectural requirement, not an afterthought.
Row-Level Security on every Supabase table. Queries are scoped to your organisation by policy, not application logic — cross-tenant data leakage is impossible by design. Sensitive operations run in Edge Functions server-side, so client bundles never touch raw database credentials.
Built to stay up — and to recover.
An availability target you can plan around, encrypted backups and point-in-time recovery — all EU-resident. The full commitment lives in our Service Level Agreement.
99.5%
Monthly availability target
Committed in the SLA, with response-time and maintenance terms.
Daily
Automated encrypted backups
Backups are encrypted and stay inside the EU region.
Point-in-time
Database recovery
Managed Postgres PITR lets us roll back to a precise moment.
Continuous
Monitoring & error tracking
Automated health checks; admins are notified of incidents by email.
EU-only. Frankfurt-hosted.
Your evidence files, your assessments, your audit log — all sit inside the EU and never leave. No transatlantic transfers, no shadow subprocessors, no SCC paperwork to chase.
Region
AWS eu-central-1 · Frankfurt, Germany
Database
Supabase (Postgres) · EU-only
Encryption
AES-256 at rest · TLS 1.3 in transit
Subprocessors
Published & version-controlled
Every legal document, in one place.
Privacy, the DPA, our subprocessor register, terms, the SLA, cookies and our imprint — all dated and kept current on a single page.
Bring your security review. We'll meet it.
Questionnaires, our DPA and the security detail evaluating teams need — plus a clear channel for responsible disclosure and data requests. Each one reaches a real person.
Security reviews & questionnaires
Send a CAIQ, SIG or your own questionnaire. We turn answers around quickly and share our DPA and security detail with evaluating teams under NDA.
Start a reviewsecurity@confir.euReport a vulnerability
Found something? We support good-faith responsible disclosure: email the details and we acknowledge within 3 business days, then keep you posted through the fix.
Disclose a findingsecurity@confir.euPrivacy & data requests
Data-subject access, deletion, or executing the DPA? Our privacy team and Data Protection Officer handle requests directly — no ticket maze.
Contact privacyprivacy@confir.euAssess your first AI system
with Confir today.
Create your account, add your first AI system, and produce a full EU AI Act assessment with signed conformity documentation — in days, not months.