Cypherz.
Start free

European Union · GDPR

GDPR-compliant AI

Article 4(5) of GDPR explicitly recognizes pseudonymization as a privacy-enhancing measure. Tokenization is its strongest form. Cypherz replaces personal data with deterministic surrogates before any request leaves your infrastructure, materially reducing your exposure under Articles 5, 25 (privacy by design), and 32 (security of processing).

Start freeTry the free PII detector

  • 01

    European hosting available

    Cypherz runs in Hetzner's Helsinki and Falkenstein DCs. Data never leaves the EU at the proxy layer.

  • 02

    EU-specific detectors

    IBAN, EU passport numbers, postal codes for UK/DE/FR/IT/ES, IPv6, GDPR-classed names and addresses.

  • 03

    DPA available

    Standard Data Processing Agreement on every paid tier; we sign as your processor.

  • 04

    Self-host in your own region

    Deploy on Hetzner, Scaleway, OVH, or any EU-resident infra you trust.

What GDPR requires you to do

• Data minimization (Art. 5(1)(c)) — Process only personal data that is adequate, relevant, and limited to what is necessary. Tokenization sends zero personal data to the model.

• Privacy by design (Art. 25) — Controllers must implement technical measures that integrate data protection from the design phase. A tokenization proxy is exactly that.

• Cross-border transfers (Chapter V) — Sending personal data to US-based AI vendors triggers SCCs or DPF requirements. Tokenized surrogates aren't personal data — the transfer obligation thresholds shift.

• Right to erasure (Art. 17) — Delete a project in Cypherz and the per-project vault key is destroyed; all tokenization mappings become unrecoverable.

How Cypherz helps

• European hosting available — Cypherz runs in Hetzner's Helsinki and Falkenstein DCs. Data never leaves the EU at the proxy layer.

• EU-specific detectors — IBAN, EU passport numbers, postal codes for UK/DE/FR/IT/ES, IPv6, GDPR-classed names and addresses.

• DPA available — Standard Data Processing Agreement on every paid tier; we sign as your processor.

• Self-host in your own region — Deploy on Hetzner, Scaleway, OVH, or any EU-resident infra you trust.

Important caveat

GDPR compliance is your responsibility as controller. Cypherz provides infrastructure that supports key obligations but does not certify compliance.

Common questions

Frequently asked.

Does Cypherz make my app GDPR-compliant by itself?

No tool can — compliance is a posture across people, process, and technology. Cypherz handles a critical technical layer (pseudonymization, encryption, audit logging) but you still need policy, training, and assessment.

Where is Cypherz hosted?

EU (Hetzner — Helsinki and Falkenstein) by default for the managed product. Self-host anywhere with one docker-compose command if your compliance posture requires it.

Do you sign formal agreements?

Yes — Business and Enterprise tiers include DPAs and BAAs. We're working through SOC 2 Type II audit; ask for our latest report.

Can I get an audit log export?

Yes — every action is logged with structured metadata, exportable via the API. Common formats supported for SIEM ingestion.

Get started

Bring your AI features into GDPR scope cleanly.

Sign up free. Create a project. The audit trail starts logging from request one.

Start freeTry the free PII detector

Other compliance topics