Trust & Security

Your data stays in Germany. Your buyers get the receipts.

Lovelaice is built by a German company, hosted on AWS Frankfurt, and covered by GDPR from day one — so regulated buyers can green-light you without a six-week procurement review.

GDPR-compliant
German legal entity, EU data residency, DPA on request.
Hosted in Germany
AWS eu-central-1 (Frankfurt). Data does not leave the EU.
Made in Germany
Cata Creative Software UG — Kaufbeuren, Bavaria.

Data residency

Where your data lives

All customer data — evaluations, test cases, prompts, model outputs, uploads — is stored in AWS eu-central-1 in Frankfurt, Germany. Backups are encrypted and remain within the same EU region.

Traffic is served via AWS's EU points of presence. Customer data never leaves the EU during normal operation.

Subprocessors

Who touches your data

SubprocessorPurposeLocation
Amazon Web ServicesApplication hosting, storage, backupsEU (Frankfurt)
HubSpotSales & support communicationsEU
Model providersLLM inference (OpenAI, Anthropic, others as configured by customer)Provider-dependent

Full, versioned list is included with the DPA. We notify customers in writing before adding a new subprocessor.

Data handling

Retention, deletion, and model training

Retention

Customer data is retained for the life of the subscription. On-request deletion is available at any time and completes within 30 days.

Deletion on termination

On contract termination, all customer data is deleted within 30 days unless a longer retention period is required by law.

No training on your data

Your prompts, test cases, and outputs are never used to train Lovelaice or third-party models. Zero-retention endpoints are used with model providers where available.

Encryption

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256 via AWS-managed keys).

Legal entity

Who you're actually contracting with

Cata Creative Software UG (haftungsbeschränkt)

Kemptener Straße 64, 87600 Kaufbeuren, Germany

Amtsgericht Kempten · HRB 17896

Full company details on the Impressum. Data protection details in the Privacy policy.

Certifications

What's live, what's on the roadmap

Live

GDPR + BDSG compliance, EU data residency, standard DPA

Roadmap

ISO 27001 certification — kickoff Q4 2026

Reach out if you need certification evidence for procurement — we can share the timeline in writing.

FAQ

Common procurement questions

Where is my Lovelaice data stored?

All customer data is stored in AWS eu-central-1 (Frankfurt, Germany). Data never leaves the EU during normal operation.

Is Lovelaice GDPR-compliant?

Yes. Lovelaice is operated by Cata Creative Software UG, a German legal entity subject to the GDPR and the German BDSG. We sign a Data Processing Agreement (DPA) with every customer on request.

Can I get a signed Data Processing Agreement (DPA)?

Yes. Email contact@lovelaice.com and we will send you our standard DPA — signed and ready to countersign — within one business day. Custom terms can be negotiated for enterprise contracts.

What is your subprocessor policy?

We publish our full up-to-date subprocessor list inside the DPA and notify customers in writing before adding a new subprocessor. Contact contact@lovelaice.com for the current list.

How long do you retain customer data?

Customer data (evaluations, test cases, prompts, model outputs) is retained for the life of your subscription. On termination, data is deleted within 30 days unless a longer retention period is required by law. On-request deletion is available at any time.

Do you train models on my data?

No. Your prompts, test cases, and evaluation outputs are never used to train Lovelaice models or third-party models. Model providers (e.g. OpenAI, Anthropic) are contractually bound to the same terms via zero-retention API endpoints where available.

Are you SOC 2 / ISO 27001 certified?

Certification is on the roadmap for late 2026. In the meantime, our GDPR posture, EU-only hosting, and DPA cover the compliance requirements of most European buyers. Speak to us if you need certification evidence for procurement.

Need a signed DPA or a security review?

Email contact@lovelaice.com and we'll come back within one business day.

Book a security review →