We don't want
your data.
We already have enough legal documents to deal with thanks to the AI Act — honestly, adding your audit answers to our list of liabilities sounds like a terrible idea.
The principle: we can't access it.
Your questionnaire answers and generated documents are encrypted before being stored. The decryption key is derived from your user identifier — something our database alone cannot use.
Concretely: if someone accesses our database directly — leak, breach, or an admin having a curious moment — all they see is unreadable noise.
// What the database sees
questionnaire_data:
aBcDeFgHiJkL.
// What it can do with it
¯\_(ツ)_/¯
How it works
One key per user
Your data is encrypted with a key derived from your unique identifier (AES-256-GCM). Even we can't read a user's data without their active session. That's mathematically impossible, not just a pinky promise.
Hosted in Switzerland, database on-premises
The VPS is at Infomaniak in Switzerland. The Supabase database runs locally on that same server — no third-party service involved. Infomaniak hosts the bits, but can't read anything: everything is encrypted before it gets there.
No resale, no ad tracking
We're paid through subscriptions and document generation, not by selling your data. Our business model has zero interest in monetising what you share with us. Incentive alignment, as they say.
RLS + per-account isolation
Every database query verifies you can only access your own data (Supabase Row-Level Security). It's technically impossible for one user to read another's audits, even by tinkering with API requests.
The honest caveat: Mistral AI sees some of your data.
To analyse your audit and generate your regulatory documents, we use Mistral AI — our generative AI model provider (GPAI). They produce the summaries, recommendations, and narrative content of your documents.
Before sending anything to Mistral, we apply automatic pseudonymisation: emails, phone numbers, SIRETs, and IP addresses are replaced with neutral tokens (EMAIL_1, PHONE_2…). Mistral never sees your direct identifiers.
The business content of your questionnaire (sector, AI system uses, organisational context) is necessary for generation — Mistral does access this. That's the inherent trade-off of using an external LLM. We'd rather tell you clearly than bury it in the terms of service.
Who sees what
| Data | DILAIG | Database | Mistral AI |
|---|---|---|---|
| Questionnaire answers (storage) | Encrypted | Encrypted | None |
| Questionnaire answers (AI analysis) | Yes | None | Pseudonymised |
| Generated documents (storage) | Encrypted | Encrypted | None |
| Contact / newsletter emails | Yes | In clear | None |
| Direct identifiers (email, SIRET…) | Yes | None | No (masked) |
| Compliance score | Yes | In clear | None |
Questionnaire answers (storage)
DILAIG
Encrypted
Database
Encrypted
Mistral
None
Questionnaire answers (AI analysis)
DILAIG
Yes
Database
None
Mistral
Pseudonymised
Generated documents (storage)
DILAIG
Encrypted
Database
Encrypted
Mistral
None
Contact / newsletter emails
DILAIG
Yes
Database
In clear
Mistral
None
Direct identifiers (email, SIRET…)
DILAIG
Yes
Database
None
Mistral
No (masked)
Compliance score
DILAIG
Yes
Database
In clear
Mistral
None
Questions about our practices? Our full privacy policy is available below.