Subprocessors
We carefully select our subprocessors to ensure they meet our high standards for security and privacy. All subprocessors are bound by data processing agreements and must comply with GDPR requirements.
| Service Provider | Location | Data Processed | Last Updated | Compliance |
|---|---|---|---|---|
| Switzerland (eu-central-2) | Cloud Infrastructure Emails (SES), AI processing (Bedrock) | 13.11.2025 | ISO 27001 GDPR SOC 2 | |
| Global Network | CDN, DDoS Protection, Security & Edge Network Services Network traffic metadata, security logs, CDN-cached content | 13.11.2025 | ISO 27001, GDPR SOC 2 | |
| Switzerland (Exoscale) | Cloud Hosting & Managed Infrastructure SaaS application data, user data, backups, logs | 13.11.2025 | ISO 27001 GDPR FADP | |
| European Union | Communication & Productivity Suite Emails, documents, calendar data, anonymized operational analytics | 13.11.2025 | ISO 27001 GDPR SOC 2 | |
| European Union | Product Analytics Anonymous usage analytics only | 13.11.2025 | ISO 27001 GDPR | |
| European Union | Application Monitoring & Error Tracking Anonymous error and performance data only | 13.11.2025 | ISO 27001 GDPR SOC 2 | |
| European Union | Payment Processing Payment information, billing details, subscription and invoicing data | 13.11.2025 | ISO 27001 GDPR SOC 2 |
Data We Collect
We are transparent about the data we collect and how we use it. We only collect data necessary to provide and improve our services.
We collect Customer personally identifiable information.
These include standard personal data necessary for providing our services.
We collect Employee personally identifiable information.
These include employment-related data necessary for HR, payroll, and operational purposes.
We do not collect credit card information.
Payment details are handled exclusively by certified third-party payment providers.
We do not collect sensitive personal information.
These include also particularly sensitive personal data according to swiss law.
For more information about our data collection practices, please refer to our Privacy Policy.
AI in devguard
AI is not the core of our product but can be used to enhance your workflows.
All AI features can be disabled at any time.
Easy to opt out
AI features are enabled by default but can be disabled at any time in your settings. No data is sent to AI services unless you explicitly trigger an AI-powered action.
Not the core of the product
devguard is a compliance platform first. AI serves as an optional enhancement to help with tasks like drafting policies or suggesting control mappings. The platform is fully functional without any AI features enabled.
Swiss-hosted AI processing
When AI features are used, processing is handled through AWS Bedrock hosted in Switzerland (eu-central-2) using closed-source foundation models. We do not train or fine-tune any models on customer data.
Frequently Asked Questions
Find answers to common questions about our security practices and data handling.
Report Vulnerability
To report a security issue, please contact us via our email below. While we don’t offer a bounty program at this stage, we welcome and appreciate your contribution to safety.
Help Shape the Future of Compliance
Join the teams shaping tomorrow’s compliance. As an early adopter, you’ll help refine devguard’s compliance platform, turning your feedback into real features that make compliance effortless for your business.