Augela Trust Center
Last Updated: March 2026
1. The Augela Trust Manifesto
No Training We never use your data, documents, or conversations to train AI models — ours or anyone else’s.
EU/US Choice Default hosting in the Czech Republic, EU. Your documents never leave the EU. You can opt-in for the US environment.
You Own Your Data Augela acts solely as a data processor under GDPR Article 28. You are always the data owner.
BYO Model Full control over your LLM provider through Bring Your Own Key (BYOK) support.
Audit Ready Full transparency into every AI reasoning step, every user action, and every data access event.
Human in Control Every AI response can be reviewed, corrected, and improved by your team – without a developer.
2. Data ownership
You own your data. Always.
When you upload documents to the Augela Knowledge Hub, you remain the data owner and Augela acts solely as a data processor under GDPR Article 28. A Data Processing Agreement (DPA) covering Article 28 obligations, our sub-processor list, and data deletion terms is available on request for Business and Enterprise customers.
Your data is used exclusively to answer queries within your own workspace. It is:
- Never shared with other tenants
- Never used to improve Augela’s systems
- Never used to train any AI model – yours or anyone else’s
This is not a policy preference. It is an architectural guarantee: your knowledge base lives in an isolated vector store that is technically inaccessible to any other tenant or to Augela operations staff.
3. What data categories does Augela process?
Augela is designed for business-confidential data classifications:
| Classification | Examples | Supported Deployment |
|---|---|---|
| C2 – Internal | Process documentation, internal knowledge bases, operational data | Cloud, Hybrid, Air-Gapped |
| C3 – Confidential | Non-public business information, company documents | Cloud, Hybrid, Air-Gapped |
| C4 – Restricted / Classified | High-security or regulated content requiring air-gap | Air-Gapped / On-Premises Enterprise only |
For C4 data requirements, Augela Enterprise offers air-gapped deployment where no data leaves your own infrastructure. This configuration requires a dedicated Enterprise agreement and security review.
Augela can be configured for processing of special category personal data as defined under GDPR Article 9 (health records, biometric data, etc.). This always requires a dedicated Enterprise Agreement with a specific Enterprise Data Processing Agreement in place.
4. Where is your data stored?
Augela headquarter
Augela is headquartered in Brno, Czech Republic, a European Union member state, fully subject to GDPR and EU data protection law.
Default data storage
All customer data as documents, conversation history, configuration, and user accounts is stored on infrastructure located in the Czech Republic, hosted at Wedos Internet a.s., one of the largest Czech and EU hosting providers. No customer data is stored outside the European Union by default.
Your Knowledge Hub never leaves the EU.
All customer data as documents, conversation history, configuration, and user accounts is stored on infrastructure located in the Czech Republic, hosted at Wedos Internet a.s., one of the largest Czech and EU hosting providers. No customer data is stored outside the European Union by default.
5. Does your data leave the EU?
Your uploaded documents and their vector embeddings (your Knowledge Hub) never leave EU infrastructure, regardless of which AI model you use.
For AI query processing, the answer depends on which LLM provider your administrator configures. Augela is model-agnostic and gives you full control. Always check the system default LMM settings for Augela, your company and each tenant you have under control. Your AI Admin can switch providers at any time in workspace settings.
EU Residency Providers – query content processed within the EU:
| Provider | Data Location | Company Origin | Notes |
|---|---|---|---|
Mistral AI | EU only – Paris, France | French company, EU-native | Recommended for GDPR-strict environments |
Aleph Alpha | EU only – Germany | German company, EU-native | Used by EU institutions and German government agencies |
Azure OpenAI - EU Regions | EU only – contractually bound | Microsoft, with GDPR DPA | Requires Azure EU region configuration; Enterprise tier |
Self-hosted / Ollama (Enterprise) | Your own infrastructure | Your company | Zero external transmission; air-gapped deployments |
Global Processing Providers – query content may be processed outside the EU:
| Provider | Data Location | Company Origin | Notes |
|---|---|---|---|
Google Gemini | United States | American company | Standard Gemini API uses Google US infrastructure. EU residency requires Google Vertex AI with EU region configuration, available as a custom Enterprise option |
Anthropic Claude | United States | American company | No EU-region option currently available from Anthropic |
OpenAI / ChatGPT | United States | American company | Direct API uses US infrastructure. EU residency available via Azure OpenAI EU (see above) |
Perplexity | United States | American company | Search-augmented inference; no EU residency option |
Note for GDPR-regulated organisations: Select a provider from the EU Residency group. Your AI Admin configures the provider in workspace settings. Augela does not restrict your choice. The selection and its compliance implications are your organisation’s responsibility under GDPR Article 28.
All listed providers have commercial API terms that prohibit using your inputs to train their models. Self-hosted deployments transmit no data to any external system.
6. How is your data protected
Tenant Isolation
Every company on Augela has a completely isolated environment. Your Knowledge Base, conversation history, user accounts, and AI configuration are stored in a dedicated data partition that is inaccessible to any other customer, at the database level, not just at the application level. Tenant boundaries are enforced on every API request and cannot be bypassed by application-layer errors.
Encryption
- Data in transit: TLS 1.3 enforced via Nginx – no unencrypted connections accepted
- Data at rest: industry-standard encryption at the storage layer on hosting infrastructure
- Passwords: bcrypt hashed, never stored in recoverable form
- Sessions: short-lived JWT tokens with no persistent session storage server-side
Access Control
Augela uses a four-level role hierarchy within each company workspace:
| Role | Access |
AI Admin | Full workspace control – users, billing, LLM configuration, Knowledge Hub |
AI Tutor | Knowledge Hub management, AI behaviour configuration, review queue |
AI User | Chat access only – no administrative functions |
Augela Operations | Augela staff – no access to customer data |
Every action taken by every user is recorded in a tamper-evident audit log, accessible to your AI Admin at any time.
No Training Guarantee
Your data is never used to train, fine-tune, or improve any AI model – not Augela’s systems, and not the underlying LLM providers’ models. When using EU-native providers (Mistral, Aleph Alpha), their API terms explicitly prohibit training on commercial inputs. When using self-hosted models on Enterprise, data never reaches any external system at all.
Augela service uptime
We take pride in making Augela a service you and your business can rely on, see the transparent service uptime status page.
7. GDPR Compliance in practice
Augela operates as a GDPR Article 28 data processor. The following obligations are operationalised in the product, not just stated as policy.
Article 7 – Consent
Consent is collected at the point of account creation and at invitation acceptance. Each consent event records:
- The user’s explicit acceptance of the Privacy Policy and Terms of Service
- A timestamp accurate to the second
- The version of the privacy policy accepted
This record is retained and available for audit.
Article 17 – Right to Erasure
Users can request deletion of their account directly from the Augela interface without contacting support. The process:
- User initiates a deletion request from Account Settings
- A confirmation email is sent with a secure token, valid for 24 hours
- On confirmation, Augela executes full erasure: conversation history is anonymised, OAuth records are deleted, the user account is permanently removed
- A cancellation option is available during the 24-hour window
Sole administrators of a company account are prompted to resolve admin coverage before deletion proceeds – preventing accidental loss of organisational access.
Article 5 – Data Minimisation and Storage Limitation
Archived company tenants are subject to scheduled automatic deletion. When an administrator archives a tenant and sets a deletion date, Augela’s automated cleanup process permanently removes all associated data – documents, conversation history, user records, and vector embeddings – on or after that date. This process runs automatically; no manual intervention is required.
This ensures that data is not retained beyond its business purpose, in line with Article 5(1)(e) of GDPR.
8. Human-in-the-Loop (HITL) governance
Security is not only about preventing unauthorised access. In the context of AI, accuracy is a governance obligation. A wrong AI answer in a regulated context – compliance guidance, HR policy, customer-facing support – is a security incident, not just a product issue.
Augela provides the infrastructure to govern AI outputs before they cause harm.
| Feature | What It Does | Business Benefit |
|---|---|---|
| AI Tutor Role | A designated reviewer authorised to inspect, correct, and approve AI responses | Ensures accountability for AI outputs in regulated or sensitive contexts |
| Review Queue | Structured three-step correction workflow: flag → diagnose root cause → apply fix | Wrong answers are corrected systematically, not ad hoc |
| Watch Words | Automated scanning of AI responses and/or user inputs for prohibited terms, competitor names, or compliance triggers | Maintains brand safety and regulatory compliance without manual monitoring |
| Reasoning Panel | Full transparency into which sources the AI used, its confidence score, and its reasoning steps for every response | Removes black-box anxiety; enables audit of any AI decision |
| Close-the-Loop Notification | The user who flagged a bad response receives a notification when the AI has been corrected | Demonstrates governance is functioning, builds user trust |
| Audit Trail | Every user action, AI response, flag, fix, and configuration change is logged | Full evidentiary record for compliance review, incident investigation, or regulatory audit |
Shadow AI prevention
By providing a governed, role-appropriate AI interface that employees actually want to use, Augela eliminates the primary driver of shadow AI: the absence of a sanctioned alternative. Organisations that deploy Augela are not asking employees to stop using AI – they are giving them a better, safer option with all interactions retained and auditable.
9. Deployment options
Cloud (Team, Business, Enterprise) Hosted on Wedos infrastructure in the Czech Republic. Zero configuration required. EU data residency guaranteed for your documents. Suitable for C2–C3 data.
Hybrid (Business, Enterprise) Your Knowledge Hub and user data on your own infrastructure; Augela application layer managed by us. Full control over where your documents are stored. Available on Business and Enterprise plans.
Air-Gapped / On-Premises (Enterprise) Full deployment within your own network. No external connections required. LLM inference runs locally via Ollama – choose from Llama 3, Mistral, or any compatible open-weight model. Data never leaves your building. Suitable for C4 data requirements and high-security environments. Requires dedicated Enterprise agreement.
10. Certifications and Compliance status
| Standard | Status |
GDPR (EU 2016/679) | Compliant. Augela operates as a GDPR Article 28 data processor. DPA available on request. |
SOC 2 Type II | In progress, target completion 2026 |
ISO 27001 | Roadmap — post SOC 2 |
Czech Republic — NÚKIB guidelines | Architecture aligned with NÚKIB recommendations for cloud service providers |
We publish our certification status here as it updates. We will not claim a certification before it is issued.
11. Security comparison
| Security Capability | Augela | General AI (ChatGPT, Claude.ai) | Chatbot Builders (Chatbase, etc.) | Enterprise Platforms (Copilot, watsonx) |
|---|---|---|---|---|
| GDPR / EU-first hosting | ✓ | ~ | ~ | ~ |
| Data never used for model training | ✓ | ~ | ~ | ~ |
| On-premise / air-gapped option | ✓ | – | – | ✓ |
| Tenant isolation at database level | ✓ | – | – | ✓ |
| Human-in-the-loop review and fix loop | ✓ | – | – | ~ |
| Watch Words / compliance auto-flagging | ✓ | – | – | ~ |
| Full AI reasoning transparency | ✓ | – | – | ~ |
| Right to erasure — self-service | ✓ | ~ | ~ | ~ |
| Bring Your Own LLM Key | ✓ | – | ~ | ~ |
| Full audit trail | ✓ | – | – | ✓ |
| DPA available on request | ✓ | ~ | ~ | ✓ |
| Security questionnaire support | ✓ | – | – | ✓ |
✓ Full capability ~ Partial or limited – Not available
This comparison table has been compiled to the best available knowledge at the time and can be updated at any time.
12. For your Procurement team
Data Processing Agreement
A Data Processing Agreement covering GDPR Article 28 obligations, our sub-processor list, and data deletion terms is available on request for Business and Enterprise customers. Contact security@augela.com with your company name to request a copy.
Security questionnaire
Procurement process requiring a completed SIG, CAIQ, or custom security questionnaire? We will complete it.
Send your questionnaire to security@augela.com with your company name and required return date. Enterprise customers receive priority turnaround within 5 business days.
Legal documents
| Document | Purpose |
Privacy Policy | How we collect, use and protect personal data under GDPR |
Terms of Service | Your contractual rights and obligations as an Augela customer |
Cookie Policy | What cookies we use and why |
Data Processing Agreement | Available on request for Business and Enterprise customers and covers GDPR Article 28 obligations, sub-processor list, and data deletion terms |
13. Summary for stakeholders
For SMBs
Augela gives you the security posture of a bank with the simplicity of a startup. Your data never leaves your control, your AI decisions are fully auditable, and you can prove it to any auditor without calling a developer.
For Resellers
You can confidently tell your clients they are operating within a secure, white-labelled AI environment that meets EU data protection standards, with full tenant isolation and no cross-contamination between client accounts.
For Enterprises
Augela fits into your existing security stack. Whether you need a governed EU cloud gateway, a hybrid deployment with your documents on your own infrastructure, or a fully air-gapped on-premises installation, we provide the architecture, the DPA, and the security questionnaire support your procurement process requires.
Your questions not answered on this page? Contact security@augela.com – a human will respond.