Security & Privacy
Enterprise-grade security with privacy at the core
Zero-Knowledge Architecture
We cannot read your contracts - even if we wanted to. Your data is encrypted on your device before upload, and we never have access to decryption keys.
- Client-side encryption
- No access to your data
- End-to-end security
AES-256-GCM Encryption
Military-grade encryption protects your contracts at rest and in transit. The same encryption used by governments and banks worldwide.
- 256-bit encryption keys
- Galois/Counter Mode for integrity
- TLS 1.3 for data in transit
GDPR & nFADP Compliant
Full compliance with EU GDPR and Swiss nFADP regulations. Your rights are protected by the strictest privacy laws in the world.
- Right to erasure (1-hour deletion)
- Data minimization
- Transparent processing
1-Hour Auto-Deletion
Your data vanishes automatically after 1 hour. No exceptions, no manual deletion needed. Permanent and irreversible.
- Automatic permanent deletion
- Secure erasure of all copies
- Deletion confirmation available
Comprehensive Audit Logs
Every action is logged for transparency and accountability - without storing personal data. Full audit trail for 90 days.
- Anonymized logging
- Tamper-proof records
- GDPR accountability
DACH-Only Data Storage
Your data never leaves Germany, Austria, or Switzerland. Stored exclusively in EU/Swiss data centers with strict data sovereignty.
- No US cloud providers
- EU data sovereignty
- Local jurisdiction only
Data Lifecycle
Understand exactly what happens to your data from upload to deletion:
0:00 - Upload & Encryption
Your contract is encrypted with AES-256-GCM and uploaded to DACH servers. Advanced malware scanning protects against threats.
0:01-0:30 - AI Analysis
Encrypted data is processed by advanced AI for legal analysis. Results are encrypted and stored temporarily.
0:30-1:00 - Access Window
You can download results and generated letters. Data remains encrypted and inaccessible to Lotsio staff.
1:00 - Automatic Deletion
All data is permanently erased: contract, analysis, letters, and encryption keys. Deletion is irreversible and complete.
1:00+ - Audit Logs Only
Only anonymized audit logs remain (no personal data) for 90 days to comply with GDPR accountability requirements.
Compliance Certifications
Lotsio meets the highest standards for data protection and security:
- GDPR (EU General Data Protection Regulation): Full compliance with all articles, including data minimization, purpose limitation, and right to erasure
- nFADP (Swiss Federal Act on Data Protection): Adherence to Swiss data protection standards, including cross-border data transfer restrictions
- ISO 27001 Principles: Information security management based on international standards
- SOC 2 Type II Alignment: Security, availability, and confidentiality controls
Questions About Security?
Contact our security team for detailed information about our privacy practices
Contact Security Team