GATE Trust Center
v1.0Last updated: 2026-06-02
This page lists the controls GATE runs today. They map to the AICPA SOC 2 trust services criteria, the ISO/IEC 42001 AI management standard, and GDPR. We keep it concrete: what we actually do, not what we intend to do.
Security
- Encryption at rest. Secrets we store (API keys, delegated tokens) are encrypted with AES-256-GCM.
- Encryption in transit. All traffic uses TLS 1.2 or higher.
- Access control. Role-based access (platform, organization, and per-team roles). Bots run as isolated system users with scoped tokens.
- Token isolation. Your integration OAuth tokens are held by the integration provider, not on our servers. Each bot has its own credentials; they are never shared between accounts.
- Audit logging. Agent actions, tool calls, and administrative events are logged.
- Rate limiting and abuse detection on the API surface.
Availability
- EU hosting on Hetzner Cloud (Helsinki and Falkenstein), with backups and delete-protection enabled.
- Monitoring of the platform and its services.
Confidentiality
- Per-organization data segregation. Each organization’s data and bots are isolated from every other organization.
- No customer-content storage. We do not copy your mailbox, calendar, or connected-account content into our database. The agent reads it live to do the task. The only data kept is what you ask the agent to save into your own encrypted workspace.
- Internal access limits. For organizations using GATE internally and opted out of the product-improvement program, neither our staff nor other organizations’ bots can access your content. Any access that does happen is logged.
Processing integrity
- Change management. All code changes go through version control, pull requests, and review before they reach production.
- Cost and usage accounting is tracked per organization and per provider.
Privacy (GDPR)
- Data controller: Wall & Berg AB, Sweden.
- Lawful bases, retention, and your rights are set out in our Privacy Policy.
- Data minimization. We collect only what the service needs.
- Deletion and export. You can delete your account and export your data from settings; deletion revokes connected tokens and is confirmed to you.
- International transfers are covered by the EU Standard Contractual Clauses. A full subprocessor list is published, and a local EU package keeps all processing inside the EU.
AI management (ISO/IEC 42001)
- Model governance. We choose the model per task. Customers control sensitive routing: the Chinese provider is off by default and opt-in only.
- Human oversight. A human stays in the loop where judgement matters; high-impact actions can require explicit approval.
- Transparency. You can see an activity log of what your agents did on your account.
- No training on your data. Your content is never used to train models.
- Data residency choice. The EU package routes all AI processing to EU-resident models (Mistral, France).
How data moves and the legal basis for each transfer
Where each piece of data is processed, and the legal mechanism we rely on. EU/EES processing needs no transfer mechanism. For the US we rely on the EU Standard Contractual Clauses (SCCs, 2021/914), and additionally the EU-US Data Privacy Framework (DPF) where the provider is certified. China is off by default.
| What | Where it is processed | Leaves the EU? | Legal basis |
|---|---|---|---|
| Hosting, database, file storage | EU (Hetzner, Germany and Finland) | No | None needed, EU |
| Payments | EU (Stripe, Ireland) | No | None needed, EU |
| EU-package AI models | EU (Mistral, France) | No | None needed, EU |
| EU-package email | EU (Brevo, France) | No | None needed, EU |
| Everyday chat (default) | US (OpenAI / Codex) | Yes | SCCs, plus DPF where certified |
| Building / code sessions | US (Anthropic, on your own account) | Yes | SCCs, plus DPF where certified |
| Model routing fallback | US (OpenRouter) | Yes | SCCs, plus DPF where certified |
| Integration OAuth tokens | US (Composio) | Yes | SCCs, plus DPF where certified |
| DNS, CDN, edge security | US (Cloudflare) | Yes | SCCs, plus DPF where certified |
| Transactional email (default) | US (Postmark) | Yes | SCCs, plus DPF where certified |
| Voice (only if you use it) | US (ElevenLabs) | Yes | SCCs |
| Optional cheap model | China (z.ai) | Only if you opt in | Off by default. If enabled: SCCs plus supplementary measures |
To keep everything in the EU: the local EU package routes all AI, email, token storage, and hosting to EU-resident providers, so no personal data leaves the EU/EES at all.
Subprocessors
Every company we rely on to deliver GATE is listed, with its location and opt-in status, on our Subprocessors page. We give 30 days notice before adding a new one.
Incident response
If a personal-data breach meets the GDPR threshold, we notify the Swedish authority (IMY) within 72 hours and affected customers without undue delay.
Questions
For a control map, a DPA, or anything else, email legal@gate.software.