Volentis.ai is an enterprise AI platform that provides specialized AI agents for HR, Legal, Compliance, IT, and Finance departments. It answers employee questions from your own documents with full source attribution and no hallucinations.

Is Volentis.ai GDPR compliant?

Yes, Volentis.ai is fully GDPR compliant. All data is hosted in EU datacenters (Germany and Netherlands), we act as a Data Processor under Article 28, and your data is never used for AI training.

How does Volentis.ai prevent AI hallucinations?

Volentis.ai uses RAG (Retrieval-Augmented Generation) architecture, which means answers come exclusively from your approved documents. If the information is not in your documents, the AI will say "I don't know" instead of making something up.

What integrations does Volentis.ai support?

Volentis.ai integrates with SharePoint, Microsoft Teams, Slack, and major HR systems like SAP SuccessFactors, Workday, AFAS, and Personio. Enterprise SSO via SAML 2.0 and OpenID Connect is also supported.

Security & Compliance

Enterprise security built for European regulations

GDPR compliant, EU AI Act ready, with enterprise-grade security architecture designed from the ground up.

🇪🇺EU-Hosted

🛡️GDPR Compliant

🤖EU AI Act Ready

🔐TLS & AES-256

🚫No Training on Your Data

🔒

Your data is never used for training

This is a fundamental principle of Volentis.ai: not a policy, but an architectural guarantee.

✓Customer interactions are explicitly excluded from all model training processes

✓Your documents and conversations remain 100% confidential

✓No data is ever shared with third parties for training purposes

✓Contractually guaranteed in our Data Processing Agreement

Your knowledge stays yours. Period.

GDPR Compliance

Volentis.ai is designed with privacy-by-design principles and operates as a Data Processor under GDPR Article 28.

Data Processor Role

We act as Data Processor for customer content, with clear data processing boundaries and responsibilities.

Data Processing Agreement

Comprehensive DPA incorporating EU Standard Contractual Clauses available with all enterprise contracts.

Data Subject Rights

Full support for access, rectification, erasure, and portability requests.

Our GDPR Commitments

✓No customer data used for model training, ever
✓All data stored in EU data centers (Germany/Netherlands)
✓No data transfers outside EU without explicit consent
✓Complete data subject rights support
✓12-month default retention with configurable policies

EU AI Act Compliance

Volentis.ai is designed to comply with the EU AI Act as a limited risk system under Article 52.

📋

Transparency Requirements

All AI-generated content is clearly labeled with mandatory transparency indicators.

🏷️

AI Disclosure

Every response includes clear AI interaction disclosure and source attribution.

👤

Human Oversight

No autonomous agent actions without human approval gates for consequential decisions.

Limited Risk

Article 52 Classification

Volentis.ai is classified as a limited risk AI system, requiring transparency measures but not the extensive requirements of high-risk systems.

Article 52: Requires clear disclosure of AI interaction and source attribution

Technical Security

Encryption

TLS 1.2+ for data in transit, AES-256 for data at rest. All communications and storage are fully encrypted.

→Same encryption standards as online banking. Your data is unreadable to anyone without authorization.

Authentication

Enterprise SSO via SAML 2.0 and OpenID Connect. Multi-factor authentication supported.

→Employees log in with their existing company credentials. No new passwords to remember or manage.

Role-Based Access Control (RBAC)

Granular permissions at workspace, document, and feature level. Inheritance based on department and role.

→You decide exactly who sees what. That sensitive salary policy? HR only. That IT procedure? IT team only. Automatically enforced.

Audit Logging

Complete logging of all user and administrative actions. Exportable audit trails for compliance.

→Every action recorded. If something goes wrong, you can trace exactly what happened, when, and by whom.

Tenant Isolation

Logical separation in multi-tenant, dedicated infrastructure in single-tenant deployments.

→Your data is completely separated from other customers. No mixing, no leaks, no access by others. Guaranteed.

BYOK (Bring Your Own Key)

Bring Your Own Key encryption available for single-tenant deployments.

→Maximum control: you manage the encryption keys. Even Volentis cannot access your data without your keys.

Built-in Safeguards

Volentis.ai includes important limitations by design to ensure responsible enterprise AI use.

🚫

No Automated HR Decisions

The system provides information and drafts; humans make all employment decisions.

🔒

Special Category Data Protection

No processing of health information or trade union membership without explicit configuration.

👁️

Human-in-the-Loop

No autonomous agent actions without human approval for consequential decisions.

⚖️

Professional Advice Disclaimer

Not a replacement for professional legal, medical, or financial advice.

Certifications & Standards

Our commitment to industry-recognized security standards.

🔄 In Progress

ISO 27001

We are actively working towards ISO 27001 certification to demonstrate our commitment to information security management.

✓ Compliant

GDPR Article 28

Operating as a certified Data Processor with comprehensive Data Processing Agreements.

✓ Compliant

EU AI Act Article 52

Classified as limited risk system with full transparency requirements implemented.

🔍

Regular Security Assessments

Annual penetration testing by independent security firms. Vulnerability scans performed quarterly. Findings addressed according to severity-based SLAs.

📧

Security Contact

Report security vulnerabilities or questions:

security@volentis.ai

Need security documentation?

DPOs and security teams can request our full security documentation package, including DPA, technical specifications, and penetration test summaries.

Includes: DPA, Security Whitepaper, Architecture Overview, Pentest Summary

Request Security Docs

Sector-Specific Compliance Support

Volentis.ai supports compliance requirements across regulated industries.

🏦

Financial Services

MiFID II, GDPR Article 22 (automated decision-making)

Special provisions for financial services data handling and automated decision restrictions.

🏥

Healthcare

GDPR special category data, medical confidentiality considerations

Enhanced protections for health-related data with explicit consent requirements.

🏛️

Government & Public Sector

Public sector compliance, transparency requirements

Support for government-specific data protection and transparency obligations.

🌍

Cross-Border Operations

Multi-jurisdictional GDPR, local implementations

Comprehensive support for organizations operating across EU member states.

Technical Specifications

Detailed technical specifications for your security review. We speak IT's language too.

Session Management

JWT tokens (RS256 signing), 1-hour token expiry, 8-hour session timeout (configurable)

→ Automatic logout after inactivity. Protection against forgotten open laptops

Data Retention

Configurable retention policies, default 12 months for audit logs

→ You choose how long data is kept. Meet your industry requirements, no manual cleanup needed

SharePoint Synchronization

4 hours for metadata, 24 hours for full content refresh

→ Update a document in SharePoint? The AI knows about it within hours, automatically

Encryption Standards

TLS 1.2+ for transit, AES-256 for at-rest encryption

→ Bank-level security for all your data, whether it's being sent or stored

API Security

REST API with OAuth 2.0, rate limiting, comprehensive logging

→ Build custom integrations with secure, well-documented APIs

Browser Support

Supported browsers for optimal platform experience:

Chrome 90+Firefox 88+Safari 14+Edge 90+

Requires JavaScript enabled, TLS 1.2+, cookies for session management

Ready to discuss your security requirements?

Our team can provide detailed security documentation and answer your compliance questions.

Schedule a Security Review