Compliance by Design
Compliance by Design
ROZUM meets GDPR, EU AI Act, and German data protection requirements — not on paper, but in the architecture.
GDPR Compliance
All data stays on your infrastructure
No data processing outside the EU
ROZUM acts as your data processor
DPA template ready for legal review
Data minimisation: only indexes what's needed
Processing activity records for Art. 30 GDPR
EU AI Act
Standard use cases classified as minimal/limited risk
No autonomous decisions — human review required
No employee scoring
Clear intended purpose documented
AI disclosure in the interface
Human oversight mandatory
Data Sovereignty
No vendor lock-in. No US cloud dependency. No hidden data flows.
On-Premises — entirely in your data centre
German sovereign cloud — Hetzner, STACKIT, IONOS
Private cloud — European provider of your choice
Works Council Transparency
Full documentation of how AI works
No covert employee monitoring
Logs are purpose-limited and role-restricted
Support preparing works council documentation