Trust & Security

Security and compliance built for business

We work with your business data, so we treat security as a requirement, not an option. Every deployment runs isolated, with protected credentials, backups, and EU AI Act readiness.

Isolated containers per client Data hosted in the EU Human oversight by design

Our security standard

How we protect your deployment

Security is the foundation, not an optional feature. Every deployment follows the same set of measures, with no per-client exceptions.

🔒

Private-network access

Agent administration is not exposed to the public internet; technical access goes through a dedicated private network.

🧱

Isolation & least privilege

A dedicated VPS per client, no shared environments, and agents run without administrator rights on the system.

Controlled commands

The agent only runs approved actions; any risky or irreversible operation requires your confirmation.

🛡️

Manipulation resistance

Filters and strict rules make the agent refuse attempts to change its instructions. Defense-in-depth, not an absolute guarantee.

📝

Exportable audit log

Agent actions are logged in a structured way and can be exported for transparency and GDPR requests.

🔄

Conservative updates + backup

No auto-updates, no beta versions in production; snapshot and rollback on every change, encrypted daily backup.

Compliance

Built for the EU AI Act

The EU's AI regulation introduces concrete obligations for AI systems used in business. We design deployments so those obligations are covered from the start.

1

Transparency

We document what each agent does, what data it works on, and its limits. Users know they are interacting with an AI system.

2

Logging & traceability

Agent actions are logged, so decisions and outputs can be audited and reconstructed when needed.

3

Human oversight

We design for human oversight, escalation thresholds, and approval — especially during the pilot and on sensitive workflows.

Data handling

Your data, your infrastructure

Our principle: minimal collection, controlled access, and per-client isolation. We do not train models on your data and we do not mix client environments.

🇪🇺

EU hosting

Infrastructure and business communication are hosted on servers in the European Union.

🧱

Per-client isolation

Each client runs in its own container, with no shared environments and no leakage between accounts.

🛡️

No training on your data

Your data is not used to train general models. It stays within the purpose we process it for.

📋

GDPR & clear controller

MassAI is operated by Auto-Moto Office SRL (Sibiu, Romania). Details in the Privacy Policy.

Next step

Have security or procurement requirements?

Tell us what you need to check — isolation, logging, EU hosting, audit. We build the pilot to pass your security review.

Request a pilot ✉ contact@massai.ro

Isolation · Logging · Human oversight · EU hosting