# Trust - built for the EU from day one.

![](/assets/einstein-hats.svg)
Trust

# The only AI customer agent built for the EU from day one.

Compliance is not a setting. It is how the platform is built. EU data residency by default. Per-decision audit trail. Real-time guardrails. Transparent by design.
  [Talk to compliance→](/en/contact-us/)
Privacy Vault

## Your data goes in. Sensitive identifiers stay home.
            ![](/assets/svg/blueprint.svg)                 Customer Agent       User data       Training data       AI models
 - 01.  Zero cookies and built-in consent API
- 02.  User authentication with JWT
- 03.  Formalized transparency
- 04.  User prompt anonymization
- 05.  User profile data minimization
- 06.  Audience-based access control
- 07.  Real-time data management
- 08.  Obfuscation of sensitive data
- 09.  PII filtering for AI sources
- 10.  Independent content silos
- 11.  Model shielding with isolation for PII
- 12.  Real-time model switching and failover

Privacy is not a setting. It is how the platform is built. It is also how Living Memory stays trustworthy.

Posture

## Three principles. Equal weight.

01

### Data sovereignty.

 - EU data residency by default. Your data lives in EU cloud regions you can name.
- No PII reaches model providers. Tokenization happens at the gateway, before the model sees anything.
- Your auditor will not have to ask. The architecture answers the question before procurement does.

02

### EU AI Act ready.

 - Per-decision risk classification. Every AI interaction carries a classification you can read.
- Per-interaction audit trail. Timestamp, decision path, model used, source citation. Stored. Exportable.
- Real-time guardrails. The agent stops at the boundary you set. No surprises.
- Transparency reports your regulator can read. Format and language matter to procurement; the platform produces both.

03

### Sector ready.

 - Configurable for GDPR, DORA, ISO 42001. Built into the architecture, not bolted on afterwards.
- Configurable for entities supervised by BaFin and AFM. Sector-specific guardrails for finance, HR, payroll, healthcare are configured, not custom-built per customer.
- Independent content silos. One customer's data does not train another customer's agent.

PII = personally identifiable information. Tokenization swaps sensitive values for safe placeholders before they leave your perimeter.

The EU AI Act classifies AI systems by risk and mandates transparency, audit, and human oversight for high-risk systems.

GDPR - EU personal-data law. DORA - EU operational-resilience rules for finance. ISO 42001 - management standard for AI. BaFin / AFM - German and Dutch financial supervisors.

The architecture

## Five pillars. One audit trail.

A customer request enters at the left through one of the touchpoints, picks up workspace context, passes through the Privacy Vault, reaches the AI automation layer, and resolves against the EU-resident AI constellation. The data layer underneath shows what each side persists. Compliance is woven through every pillar, not bolted on at the edge.
         Customer touchpoints    Co-pilotWebsiteIn productAPI      Workspace context    IdentityUser rolesAudiencesSources       Privacy Vault
 - Detect and classify
- Filter and mask PII
- Contextual rules
- Tokenize identifiers
- Minimize data
        AI automation    RAGWorkflowsAgentsAPIs       AI constellation
 - Model registry
- Load balancing
- Model routing
- Monitoring
- Evaluation
- Error detection
- Dynamic fail-over
        EU resident
### Providers

Clouds

 - AWS
- Microsoft Azure
- Google Cloud

Models

 - Anthropic
- Cohere
- Gemini
- GPT
- Mistral
- Amazon Titan
     🇪🇺 EU data residency
Source data

Workspace data

User data

Token vault

Logs

The line

## What we do not do.

Conservative buyers do not trust complete confidence. Here is where we draw the line.

### No autopilot.

Unless never takes irreversible action without a human approving the boundary first.

### No black box.

Every output points back to its source. If we cannot show our work, we do not ship the answer.

### No surveillance.

Living Memory never records what is not necessary to serve the customer. PII is tokenized at the gateway, not after the fact.

Frameworks

## Built to the regulations that matter.

 - [EU AI Act

EU regulation classifying AI systems by risk and mandating transparency, audit, and oversight for high-risk systems.
  Read more →](/en/platform/eu-ai-act-compliance/)
- [GDPR

General Data Protection Regulation - EU framework for personal-data processing. EU residency, lawful basis, subject rights.
  Read more →](/en/legal/privacy/)
- [DORA

Digital Operational Resilience Act - EU rules for ICT risk and operational resilience in financial services.
  Read more →](/en/compliance/digital-operational-resilience-act-dora/)
- [OWASP

Application security practices aligned to the OWASP Top 10 risk model.
  Read more →](/en/technology/security/)

Hosted on infrastructure aligned to the AWS Well-Architected Framework - security, reliability, performance, cost, operational excellence.

Inside the product

## Compliance, built in.

The Compliance tab in the Unless dashboard is the workspace your legal, DPO, and security teams already wanted. Audit logs, risk classifications, retention rules, sub-processor inventory, transparency reports - all there, all editable, all exportable.

No engineering tickets to read a log. No calendar invite to update a retention rule. The controls regulators ask about live where the people responsible for them work.
             unless.com/en/dashboard/trust/privacy       [![](/assets/svg/icon-light.svg)](/)
Dashboard

## Privacy
        3 PII filters · privacy
 - Obfuscate PII during inference
- Remove PII from user input
- Filter PII from training data by default

### PII filter whitelist
   Unless   DORA   AI Act   GDPR   Q3   Acme   Visma   Type a word and press comma or enter to add it
Documents

## For procurement, in writing.

 - Standard Data Processing Agreement (DPA) [View →](/en/platform/dpa/)
- EU AI Act compliance briefing [View →](/en/platform/eu-ai-act-compliance/)
- Privacy policy for customers [View →](/en/platform/dpa/)
- Sub-processor list [View →](/en/platform/dpa/)
- Data residency and locations [View →](/en/platform/data-and-locations/)
- Security questionnaire pre-filled responses Available on request


> Need a copy now?

*[Talk to compliance](/en/contact-us/) - your DPO can have the answer same-day.*

The system behind the trust posture
  [See how Test underpins this trust posture →](/en/engine/test/)     ![](/assets/einstein-hats-paper.svg)
## We're here to help

Quick responses if you have an issue. Feel free to ask us anything, or ask our conversational AI a question.
[Visit the help center→](/en/help/)[Ask your question→](#)