Talk to us
Security

A compliance product is only as good as the jurisdiction it sits in.

Ansikt is hosted, governed and built in the EU, under Danish and EU law. No US vendors are used to operate the production service.

100% EU hosted Production infrastructure runs in the EU, on EU providers.
0 US vendors No US vendors are used to operate the production service.
0 Originals kept Temporary processing copies are discarded after scanning.
100% Access events logged User, timestamp and reason on every action.
01 · Three pillars

Where we hold the line.

i.

Stay in the bloc.

Infrastructure, processing, support and company jurisdiction stay in Europe. No US vendors are used to operate the production service.

  • EU infrastructure
  • EU compute
  • Danish company · EU jurisdiction
  • No US vendors
ii.

Hold less data.

Ansikt keeps the match record, not your photo archive. Original photos stay in your systems. Temporary processing copies are discarded after scanning.

  • Match records only
  • Original images stay at the source
  • Encrypted at rest and in transit
  • Erasure on subject request
iii.

Show your work.

Customer operators are the people in your organisation who handle searches, reviews, exports and takedowns. Every action is recorded with user, timestamp and reason.

  • Append-only audit log
  • User and reason on every action
  • Exportable for compliance review
02 · Where data lives

From your source to the answer, in one diagram.

Every production hop is named. Ansikt keeps the match record, not your photo archive. Original photos stay in your systems; temporary processing copies are discarded after scanning.

Fig. 03 · Ansikt data flow EU jurisdiction · HTTPS throughout
Your environment
Source systems Drive · SharePoint · S3 · CMS
Read-only connector OAuth · IAM · token-scoped
Pull HTTPS
Ansikt · EU compute
Face processing Hetzner · Frankfurt
Match index Encrypted at rest
Audit log Append-only
Query HTTPS
Customer operator
Ansikt console SSO · SCIM · MFA
Audit-ready export PDF · JSON
03 · Practices

The everyday stuff, written down.

01
Access control SSO and SCIM. MFA supported for customer operators. A customer operator is a user in your organisation who handles searches, reviews, exports or takedowns. Access is scoped to what the role needs. No shared admin accounts.
02
Encryption Encrypted at rest. HTTPS for connector traffic and console. Production data is encrypted in EU-hosted storage and in transit.
03
Backups Encrypted, EU-resident, tested regularly. Restoring from backup applies the current erasure list — removed subjects stay removed.
04
Coordinated disclosure Email security@ansikt.dk. We acknowledge and credit reporters. Pre-launch we are still building out the formal disclosure programme. Email reaches a human.
04 · Sub-processors

The whole list. One name.

The live production sub-processor list has one name: Hetzner in Frankfurt. No US vendors, no external analytics, no third-party model providers. Additional sub-processors will be added before launch — and you'll be told about each one.

Sub-processor
Purpose
Region
Status
Hetzner Online GmbHDE · Gunzenhausen
Compute & primary storage
Frankfurt
EU
05 · Reporting a problem

Found something? Tell us.

We honour coordinated disclosure and credit reporters by name unless asked otherwise. Pre-launch, we are still building out our formal disclosure programme — your email reaches a human.

security@ansikt.dk

Vulnerability disclosure.

Email a description of what you found, where, and how to reproduce. We acknowledge promptly and work the fix in priority order.

trust@ansikt.dk

Procurement, DPAs, audit questionnaires.

If you're filling out a vendor risk form, send it. We will get back to you with what we can answer today and what's still in progress.