ReguShield AI · Trust Center
Trust, security & governance
ReguShield AI is European Compliance Intelligence Infrastructure for regulated organisations. This Trust Center sets out how we secure data, respect privacy, govern AI and meet our legal and regulatory commitments. Platform status: Operational.
Protection
Security
Technical and organisational measures protecting customer data across the platform.
Encryption
ImplementedTLS 1.3 in transit, AES-256 at rest.
Tenant isolation
ImplementedRow-level security scopes every workspace to its owner.
Access control
ImplementedSupabase Auth with per-tenant role-based access control.
Immutable audit
ImplementedAppend-only audit trails for compliance and acceptance events.
Secrets management
ImplementedServer-side secrets only; never shipped to the client bundle.
External penetration test
RoadmapIndependent assessment targeted for Q3 2026.
Full detail: Security Statement → · Identity & Access → · Assurance & ISMS →
Data protection
Privacy
How personal data is processed under the GDPR, including our controller/processor model and sub-processors.
EU data residency
ImplementedCustomer data is stored in the EU region.
Controller / processor model
ImplementedWe act as processor for workspace data on documented customer instructions.
Data subject rights
ImplementedAccess, rectification, erasure, portability and objection supported.
Data Processing Agreement
ImplementedGDPR Article 28 DPA available to enterprise customers.
Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Managed PostgreSQL database & authentication | EU |
| Vercel | Application hosting & edge delivery | EU / Global edge |
| Resend | Transactional email delivery | EU / US |
| OpenAI | AI reasoning for compliance decision-support | US |
Full detail: Privacy Policy → · Data Processing Agreement →
Regulatory
Compliance
Our readiness posture against the European regulatory frameworks our customers operate under. These are posture statements, not product gating rules.
GDPR
ImplementedController/processor model, DPA, data-subject rights.
DORA
PlannedICT risk posture and incident readiness.
AMLA 2027
PlannedSupervisory readiness assessment in product.
AMLR
PlannedUnified CDD and reporting support.
MiCA
PlannedCASP authorisation and Travel Rule support.
EU AI Act
PlannedExplainability, human oversight, FRIA scaffolding.
NIS2
RoadmapNetwork & information security alignment.
eIDAS 2
RoadmapFuture qualified e-signature integration.
ISO 27001
RoadmapISMS roadmap, gap assessment Q2 2026.
ISO 27701
RoadmapPrivacy information management extension.
SOC 2
RoadmapType I scoping targeted Q4 2026.
Live, source-cited regulatory intelligence: Regulatory Intelligence Center →
Responsible AI
AI Governance
ReguShield AI provides compliance decision-support — not legal advice. Our AI governance posture is aligned with the EU AI Act.
Explainability
ImplementedDeterministic reasoning with regulatory citations and confidence scoring.
Human oversight
ImplementedOutputs are decision-support inputs; a qualified person reviews before action.
Risk classification
PlannedAI features classified and documented under the EU AI Act.
Bias review & FRIA
PlannedPeriodic bias review and Fundamental Rights Impact Assessment scaffolding.
Agreements
Legal
Versioned legal documents governing use of the platform. Each is generated from a controlled template and versioned for re-acceptance.
Terms of Service
v1.0.0Master terms governing access to and use of the ReguShield AI platform.
Legal · Effective 2026-06-28
Privacy Policy
v1.0.0How ReguShield AI collects, processes, retains and protects personal data (GDPR).
Privacy · Effective 2026-06-28
Cookie Policy
v1.0.0Use of cookies and similar technologies across the platform and website.
Privacy · Effective 2026-06-28
Acceptable Use Policy
v1.0.0Permitted and prohibited uses of the platform, fair-use and abuse boundaries.
Legal · Effective 2026-06-28
Data Processing Agreement
v1.0.0GDPR Article 28 controller–processor terms, sub-processors and transfer safeguards.
Privacy · Effective 2026-06-28
Pilot Agreement
v1.0.0Terms specific to time-boxed pilot evaluations of the platform.
Commercial · Effective 2026-06-28
Enterprise Agreement
v1.0.0Master enterprise subscription terms, SLA, support and commercial conditions.
Commercial · Effective 2026-06-28
Security Statement
v1.0.0Technical and organisational security measures protecting customer data.
Security · Effective 2026-06-28
Live posture
Trust Status
Last reviewed 2026-06-28.
EU data residency
ImplementedPostgreSQL hosted in the EU region.
Encryption in transit & at rest
ImplementedTLS 1.3 in transit, AES-256 at rest.
Tenant isolation
ImplementedRow-level security scoped per workspace.
Immutable audit trails
ImplementedAppend-only compliance + acceptance audit.
Role-based access control
ImplementedPer-tenant roles and permissions.
External penetration test
RoadmapTargeted for Q3 2026.
Disclosure
Security Contact
Report a security concern or vulnerability. We operate coordinated disclosure.
Email security@regushield.ai (or hello@regushield.ai).
Coordinated disclosure — acknowledge within 72 hours.
Evaluating ReguShield AI for your organisation?
Review the procurement & vendor package, or start enterprise registration.
ReguShield AI is operated by ReguShield UAB, a private limited liability company incorporated in the Republic of Lithuania (EU). Status labels: Implemented (live today) · Planned (in progress) · Roadmap (intended, not yet in place).
ReguShield AI provides compliance decision-support intelligence — not legal advice or a regulatory determination.