The German version is binding. This translation is provided for information only.
Swiss data residency · end-to-end encryption · your own HSM keys · AI in Europe only · revDSG, GDPR, FINMA-ready · operated on server infrastructure certified to ISO 27001 and SOC 2 Type II
Swiss data residency
Your client data is held in a certified data centre in Zurich. No transfer to the US or other third countries
End-to-end encryption
AES-256 at rest, TLS 1.2+ in transit. Protected at every step
Your own HSM key sovereignty
The master keys are held exclusively by us in a Hardware Security Module. Even the operator of the data centre cannot access your sensitive fields
AI in Europe only
AI processing exclusively in a European data centre in Belgium. Names, AHV, IBAN and addresses are pseudonymised automatically before every request
FINMA-aligned and revDSG-compliant
Aligned with FINMA Circ. 2018/3 (outsourcing) for insurer clients, the revised Federal Act on Data Protection and the GDPR
Full traceability
Every access is logged in an immutable audit bucket — retained for 10 years
AHV, names and IBAN are removed before AI processing
→
AI processing in Belgium
AI processes only anonymised text — within the EU
→
Result in Switzerland
The completed analysis is stored in the Swiss database
Data location and sovereignty
Your data stays in Switzerland — even AI processing takes place in Europe, never in the US.
Database and primary storage in a certified Swiss data centre in Zurich
AI processing exclusively in a European data centre in Belgium
Audit logs in Switzerland with 10-year retention
No data transfer to the US or other third countries
Encryption
Your own digital vault key. Not even the operator of the data centre can read your AHV numbers or IBANs.
AES-256 encryption at rest for all stored data
TLS 1.2+ encryption in transit for all connections
Customer-Managed Encryption Keys (CMEK) with your own HSM key (FIPS 140-2 Level 3)
Client-Side Field Level Encryption (CSFLE) for particularly sensitive fields: AHV numbers, dates of birth, IBAN, insurance policy numbers, claim notifications
HSM-protected keys with automatic rotation every 90 days
Your own key sovereignty — the master keys are held exclusively by us, not by the operator of the data centre; the database can be made cryptographically unreadable at any time (key revoke)
Network security
Our database is not reachable from the open internet.
Private networking — the database is never reachable over the public internet
Private cloud connectivity — the database is not reachable over the public internet, only via a private, internal network tunnel
Network-isolated infrastructure in Switzerland
Private DNS resolution — addresses are resolved only within the internal network
AI with data protection
Before a document goes to the AI, names, AHV numbers and addresses are removed.
AI models exclusively in European data centres (Belgium)
Automatic anonymisation through an upstream DLP filter (Data Loss Prevention) before every AI request
Pseudonymisation of sensitive data (AHV, names, IBAN, addresses) before it reaches the AI
No training on customer data — contractually excluded
Swiss custom patterns (AHV number, UID) are detected and masked
Access control
Every tenant is technically separated. Two-factor login is mandatory.
Multi-Factor Authentication (MFA) for all employees
Role-Based Access Control (RBAC) on the principle of least privilege
Strict tenant isolation — multi-tenant separation at the data layer
Separate service accounts with minimal permissions
Dedicated KMS service accounts for encryption operations
Separate database users for app, analytics and backup
Audit and monitoring
Every access is logged — immutable for 10 years.
Hash-chain logging of all functional mutations and all accesses to particularly sensitive data (read_sensitive); additionally server-side database auditing at the infrastructure layer
Central log platform with long-term retention
Immutable audit bucket with 10-year retention
24/7 monitoring of the infrastructure
Backups and disaster recovery
Daily backups, encrypted as well, stay in Switzerland.
Continuous backups with point-in-time recovery
Backups in Switzerland — no cross-region replication outside CH/EU
Encrypted backups using the same self-managed HSM keys
Versioned storage buckets (ransomware-resistant)
File storage
Files are never public. Upload links are valid for a maximum of 15 minutes.
Public Access Prevention enforced
Uniform access control at container level — no accidentally public files
Customer-Managed Encryption Keys also for file storage
Signed URLs with short validity (max. 15 minutes for uploads)
Lifecycle rules for temporary data
Access logging in a separate audit bucket
Compliance frameworks
Audited infrastructure in line with Swiss, EU and international standards.
revDSG (Swiss Federal Act on Data Protection) compliant
GDPR compliant
ISO 27001 + SOC 2 Type II — the entire server and pipeline infrastructure on which SOTHURA SAFE runs operates in data centres certified to ISO 27001 and SOC 2 Type II
FINMA Circ. 2018/3 outsourcing — aligned with the requirements for insurer clients
Standard Contractual Clauses (SCC) where required
Transparency and user rights
Access, deletion, export — completed within 30 days.
Access, rectification and deletion within ≤ 30 days
Data portability — export of your own data possible at any time
Incident reporting to supervisory authorities and data subjects — as quickly as possible (Art. 24 nFADP); for EU-related incidents additionally within 72 hours (GDPR Art. 33)
We respond to qualified reports within three business days. Please provide a clearly described reproduction path, the affected component and — where possible — an assessment of the impact.
Safe Harbor. We will not pursue security researchers under civil or criminal law as long as (i) the report is made in good faith, (ii) only your own test accounts are used, (iii) no third-party customer data is viewed, copied or disclosed, (iv) no denial-of-service tests or social-engineering attacks against employees take place, and (v) a reasonable period for remediation is granted before public disclosure. Unauthorised penetration tests, exploitation of vulnerabilities beyond what is necessary for reporting and the harvesting of third-party data are not permitted and will be prosecuted under criminal law (Art. 143, 143bis, 144bis CC).