Andri
Getting started

Safety and Security

Andri.ai is built with enterprise-grade security to protect your data and maintain compliance with European data protection standards.

All data is stored in our dedicated AWS environment within the EU (EEA), ensuring full data sovereignty and GDPR compliance. Each account operates in complete isolation.

Data Protection

Your data is protected with AES-256 encryption at rest and TLS 1.2+ encryption in transit. We enforce strict data isolation—your account operates in a fully protected environment, and your data is never shared with other customers.

We do not use your data to train AI models. Client prompts, documents, and case files remain private within your environment. Data is not retained longer than necessary, and zero-day retention policies apply where appropriate.

For legal professionals: Full case files are allowed within Andri's secured environment. NOvA compliance requires "only strictly necessary data," but for quality legal advice, complete case information is necessary and permitted within a protected environment—anonymization is not required.

Access Control & Monitoring

Security features include:

  • Multi-factor authentication (MFA) — Required for all users

  • Role-based access control (RBAC) — Granular permission management

  • Full audit logging — All activity tracked via AWS CloudTrail

  • Network segmentation — Isolated infrastructure layers

  • SAML SSO — Enterprise single sign-on integration

Only authorized DevOps engineers can access systems when strictly necessary. All access is logged and periodically reviewed.

Compliance Standards

Andri.ai is compliant with:

  • GDPR/AVG — Full compliance with European data protection regulations

  • NOvA Recommendations — Compliant from day one with the five core values for legal professionals

  • EU AI Act — Follows principles for transparency, human control, and accuracy

  • NEN 7510 — Meets requirements for information security in healthcare (ISMS, risk management, access control, encryption, logging)

  • ISO 27001 — Certification in progress via KIWA

Security Testing & Audits

We conduct regular third-party penetration testing and security audits. Our security team monitors threats 24/7 and is advised by a security council of experts from European institutions.

We maintain a responsible disclosure policy. If you discover a security issue, please report it to our security team. We assess all reports based on impact and severity.

Documentation & Agreements

Available on request:

  • Data Processing Agreement (DPA) — Standard verwerkersovereenkomst conforming to AVG/GDPR

  • Security documentation — Detailed infrastructure and security practices (NDA available)

  • Penetration test reports — Third-party security assessment results

If a data breach poses high risk to your rights, we'll notify you within 72 hours as required by GDPR.

For complete details, visit our Security page and Privacy Policy.

Was this helpful?