Legal

Compliance

Enterprise AI demands enterprise-grade compliance. Our security posture, certifications, and regulatory coverage are designed for organizations where data governance is non-negotiable.

Certifications & Standards

Our compliance posture

We maintain compliance with major international standards and data protection regulations across all jurisdictions where we operate.

In Process

ISO 27001

Information Security Management

International standard for information security management systems. Covers risk assessment, security controls, and continuous improvement of data protection practices.

In Process

SOC 2 Type II

Security, Availability & Confidentiality

Independent audit of controls relevant to security, availability, and confidentiality of client data processed by Econetworks' systems and personnel.

Compliant

GDPR

EU Data Protection Regulation

Full compliance with the General Data Protection Regulation for all personal data processed in the European Economic Area. Includes Data Processing Agreements for all client engagements.

Compliant

LGPD

Brazilian Data Protection Law

Compliance with the Lei Geral de Proteção de Dados for all operations and client engagements in Brazil. Data residency controls available for Brazilian personal data.

Aligned

EU AI Act

AI Systems Risk Classification

All AI systems designed and deployed by Econetworks are assessed and classified against EU AI Act risk categories. High-risk systems include mandatory conformity assessments and human oversight.

Compliant

DSGVO

German Implementation of GDPR

Full compliance with the Datenschutz-Grundverordnung as implemented in German law, including all specific requirements of the Bundesdatenschutzgesetz (BDSG).

ISO 27001 and SOC 2 Type II certifications are currently in process of being obtained. Clients may request the current status and supporting documentation at any time.

Security Controls

Built secure by design

Data Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption at rest
  • End-to-end encryption for sensitive payloads
  • Key management with rotation policies

Access Management

  • Role-based access control (RBAC)
  • Multi-factor authentication enforced
  • Principle of least privilege
  • Regular access reviews and deprovisioning

Infrastructure Security

  • Private cloud instances per client
  • Network segmentation and isolation
  • Intrusion detection and prevention
  • Vulnerability scanning and patching

Operational Security

  • Security awareness training for all staff
  • Background checks for all personnel
  • Incident response plan with defined SLAs
  • Regular third-party penetration testing

AI-Specific Controls

  • No client data used for public model training
  • Model version control and audit logs
  • Bias testing and fairness assessments
  • Human-in-the-Loop escalation for high-risk decisions

Audit & Monitoring

  • Comprehensive audit trails for all agent actions
  • Real-time security event monitoring
  • Quarterly internal compliance reviews
  • Annual external audits

Regulatory Coverage

Jurisdiction by jurisdiction

European Union

GDPREU AI ActNIS2 DirectiveePrivacy Regulation

Note

Standard Contractual Clauses (SCCs) available for all cross-border transfers.

Germany

DSGVO / BDSGIT-SicherheitsgesetzTelemediengesetz

Note

Headquarters jurisdiction. All core operations comply with German federal and state law.

Brazil

LGPDMarco Civil da InternetBACEN Resolution 4.893

Note

Brazilian data residency option available. DPA templates aligned with ANPD guidance.

France

RGPD (French GDPR)Loi Informatique et LibertésCNIL Guidelines

Note

CNIL registration and notification procedures followed for all applicable processing.

United States

CCPA / CPRA (California)HIPAA (where applicable)SOC 2 Framework

Note

Data Processing Addendums available for US clients. HIPAA BAA available for healthcare engagements.

Need compliance documentation?

Request our Security Questionnaire, Data Processing Agreement templates, or a compliance briefing tailored to your regulatory context.