Trust

The only AI customer agent built for the EU from day one.

Compliance is not a setting. It is how the platform is built. EU data residency by default. Per-decision audit trail. Real-time guardrails. Transparent by design.

Talk to compliance

Privacy Vault

Your data goes in. Sensitive identifiers stay home.

  • 01. Zero cookies and built-in consent API
  • 02. User authentication with JWT
  • 03. Formalized transparency
  • 04. User prompt anonymization
  • 05. User profile data minimization
  • 06. Audience-based access control
  • 07. Real-time data management
  • 08. Obfuscation of sensitive data
  • 09. PII filtering for AI sources
  • 10. Independent content silos
  • 11. Model shielding with isolation for PII
  • 12. Real-time model switching and failover

Privacy is not a setting. It is how the platform is built. It is also how Living Memory stays trustworthy.

Posture

Three principles. Equal weight.

01

Data sovereignty.

  • EU data residency by default. Your data lives in EU cloud regions you can name.
  • No PII reaches model providers. Tokenization happens at the gateway, before the model sees anything.
  • Your auditor will not have to ask. The architecture answers the question before procurement does.

02

EU AI Act ready.

  • Per-decision risk classification. Every AI interaction carries a classification you can read.
  • Per-interaction audit trail. Timestamp, decision path, model used, source citation. Stored. Exportable.
  • Real-time guardrails. The agent stops at the boundary you set. No surprises.
  • Transparency reports your regulator can read. Format and language matter to procurement; the platform produces both.

03

Sector ready.

  • Configurable for GDPR, DORA, ISO 42001. Built into the architecture, not bolted on afterwards.
  • Configurable for entities supervised by BaFin and AFM. Sector-specific guardrails for finance, HR, payroll, healthcare are configured, not custom-built per customer.
  • Independent content silos. One customer's data does not train another customer's agent.

PII = personally identifiable information. Tokenization swaps sensitive values for safe placeholders before they leave your perimeter.

The EU AI Act classifies AI systems by risk and mandates transparency, audit, and human oversight for high-risk systems.

GDPR - EU personal-data law. DORA - EU operational-resilience rules for finance. ISO 42001 - management standard for AI. BaFin / AFM - German and Dutch financial supervisors.

The architecture

Five pillars. One audit trail.

A customer request enters at the left through one of the touchpoints, picks up workspace context, passes through the Privacy Vault, reaches the AI automation layer, and resolves against the EU-resident AI constellation. The data layer underneath shows what each side persists. Compliance is woven through every pillar, not bolted on at the edge.

Customer touchpoints
Co-pilot
Website
In product
API
Workspace context
Identity
User roles
Audiences
Sources
Privacy Vault
  • Detect and classify
  • Filter and mask PII
  • Contextual rules
  • Tokenize identifiers
  • Minimize data
AI automation
RAG
Workflows
Agents
APIs
AI constellation
  • Model registry
  • Load balancing
  • Model routing
  • Monitoring
  • Evaluation
  • Error detection
  • Dynamic fail-over
EU resident

Providers

Clouds

  • AWS
  • Microsoft Azure
  • Google Cloud

Models

  • Anthropic
  • Cohere
  • Gemini
  • GPT
  • Mistral
  • Amazon Titan
EU data residency

Source data

Workspace data

User data

Token vault

Logs

The line

What we do not do.

Conservative buyers do not trust complete confidence. Here is where we draw the line.

No autopilot.

Unless never takes irreversible action without a human approving the boundary first.

No black box.

Every output points back to its source. If we cannot show our work, we do not ship the answer.

No surveillance.

Living Memory never records what is not necessary to serve the customer. PII is tokenized at the gateway, not after the fact.

Frameworks

Built to the regulations that matter.

Hosted on infrastructure aligned to the AWS Well-Architected Framework - security, reliability, performance, cost, operational excellence.

Inside the product

Compliance, built in.

The Compliance tab in the Unless dashboard is the workspace your legal, DPO, and security teams already wanted. Audit logs, risk classifications, retention rules, sub-processor inventory, transparency reports - all there, all editable, all exportable.

No engineering tickets to read a log. No calendar invite to update a retention rule. The controls regulators ask about live where the people responsible for them work.

Documents

For procurement, in writing.

  • Standard Data Processing Agreement (DPA) View
  • EU AI Act compliance briefing View
  • Privacy policy for customers View
  • Sub-processor list View
  • Data residency and locations View
  • Security questionnaire pre-filled responses Available on request

The system behind the trust posture

See how Test underpins this trust posture

We're here to help

Quick responses if you have an issue. Feel free to ask us anything, or ask our conversational AI a question.

Visit the help center