Security & Compliance

A transparent approach to protecting your data

AIESS uses managed cloud services hosted in selected European regions and bases data processing on publicly available compliance documentation and providers' DPA/SCC agreements.

EU Data
GDPR
SOC 2 & ISO
E2E Encryption

Infrastructure in the European Union

Application data is stored and processed primarily in European regions, in accordance with the configuration of selected services and providers' contractual terms.

EU Region — GermanyFrankfurt
BackendAITelemetryConfigurationGeocoding
EU Region — IrelandDublin
AccountsProfilesRelational DataAuthentication

Both regions are located in the European Union and subject to European data protection regulations.

European regions

Key system components operate in the Frankfurt (eu-central-1) and Ireland (eu-west-1) regions — both within the European Union.

DPA and SCC agreements

All infrastructure providers have Data Processing Agreements and Standard Contractual Clauses compliant with GDPR requirements.

Region selection by configuration

Data processing regions are established at the project configuration level, not by chance. Each layer has a specific EU region assigned.

Local autonomy (edge)

The edge controller operates locally at the client site — operational data can be processed without leaving the premises.

Personal Data & GDPR

AIESS handles data with the utmost care, classifying it in accordance with GDPR and applying appropriate protection measures.

Personal data

Account data

  • Email address
  • Login credentials
  • User profile
  • Account–device associations
May constitute personal data

Technical & location data

  • Site address
  • GPS coordinates
  • Installation parameters
  • Energy telemetry
Lower sensitivity

Operational data

  • Energy prices (market)
  • Weather data
  • Work schedules
  • System configuration

Energy telemetry and AI assistant conversation content are handled with heightened care, as they may constitute personal data under GDPR when linked to a user account.

Technical Safeguards

Multi-layered protection at every level of the infrastructure.

Encryption

Data is encrypted in transit (TLS) and at rest (AES-256) across every layer of the infrastructure.

Access Control

Multi-level authentication, role-based permission policies, and project isolation at the provider level.

Monitoring & Audit

Continuous infrastructure monitoring, event logging, and incident response procedures at every provider.

Backups

Automated application data backups with retention aligned to operational and legal requirements.

Provider Certifications & Reports

We work with providers who publish or make available compliance and security documentation.

SOC 2 Type II

Independent audit of security, availability, and confidentiality controls.

SOC 3

Public report confirming the effectiveness of security controls.

ISO 27001

Information Security Management System (ISMS).

ISO 27701

Privacy information management and personal data protection.

ISO 27018

Protection of personal data in public cloud environments.

BSI C5

Cloud security standard particularly relevant in the DACH region.

Certifications apply to provider infrastructure. AIESS operates under a shared responsibility model and is responsible for configuration, access control, and application-level security policies.

Public Compliance Documentation

EU Data Protection

Official provider materials on European data processing, regional commitments, and GDPR compliance.

Security Certifications & Reports

Public SOC reports, ISO certifications, and infrastructure security control documentation.

Data Processing Agreements (DPA)

Data processing agreements, standard contractual clauses, and GDPR addenda.

Trust Portals & Responsibility

Compliance portals, shared responsibility models, and compliance program overviews.

Infrastructure Partners

We describe service categories and processing regions — without disclosing the full technical stack.

Account & relational data

EU Region (Ireland)

Authentication, profiles, relational data. Region selected at project creation. DPA, SOC 2 Type II, SCC.

Telemetry database

EU Region (Frankfurt)

Energy data, statistics, history. Encryption, VPC isolation, SOC 2 Type II.

AI services

European inference profile

Application-supporting AI functions running on a managed AI service using a European inference profile spanning selected EU regions.

Backend & configuration

EU Region (Frankfurt)

Site configuration, schedules, device control. Managed cloud services in the European region with DPA and SCC.

Geocoding

EU Region (Frankfurt)

Location service for address-to-coordinate conversion. Data is not stored by the provider.

Transparency: For security and competitive reasons, we do not publish the full technical stack. We do, however, provide the information necessary to assess compliance, security, processing regions, and certification documents.

Why It Matters

We deliberately choose infrastructure in EU regions and openly communicate this.

Typical solution

  • Databases and services often outside the EU
  • No transparent information about regions
  • Compliance documentation hard to access
  • Unclear responsibility model

AIESS

  • Infrastructure in EU regions (Frankfurt, Ireland)
  • Open disclosure of regions and certifications
  • DPA, SCC, and SOC reports publicly referenced
  • Shared responsibility model described openly

Frequently Asked Questions

Where is my data stored?
Application data is stored and processed primarily in European regions (Frankfurt, Ireland), in accordance with the configuration of selected services and providers' contractual terms.
Is AIESS GDPR-compliant?
Yes. The system relies on providers offering GDPR-compliant mechanisms, including Data Processing Agreements (DPA), Standard Contractual Clauses (SCC), and security certifications.
What data does AIESS process?
AIESS processes account data (email, profile), installation technical data (address, device parameters), energy telemetry, and — optionally — AI assistant conversation content. All categories are handled with the utmost care in accordance with GDPR.
Can I get detailed compliance documentation?
Yes. We provide business clients and partners with extended compliance documentation — including architecture details, SOC 2 reports, and additional materials — after signing an NDA. Contact us at kontakt@aiess.pl.
How does AIESS differ from competitors regarding data?
Many solutions on the market rely on databases and services hosted outside the European Union, often without transparent information about processing regions. AIESS deliberately selects infrastructure in EU regions and openly discloses its providers' certifications, DPAs, and hosting regions.
What is the shared responsibility model?
Cloud providers secure the physical infrastructure, network, and platform. AIESS is responsible for configuration, access control, data management, and application-level security policies. Both parties publish materials describing their scope of responsibility.

Need detailed documentation?

We provide business clients and partners with extended compliance materials — including architecture details and security reports — after signing an NDA.

Contact us

Last updated: March 9, 2026