Security & Infrastructure

Your data, protected
by design.

Full transparency on how we protect your firm's and your clients' data. European infrastructure, bank-grade encryption and complete regulatory compliance.

In plain language

Your data is stored in European data centers (Belgium, EU), protected by advanced encryption and accessible only to you and your firm. We use the same Google infrastructure and the same security measures as banks. No data is ever sold or shared with third parties for commercial purposes. AI only analyzes your documents when you request it, and every action is logged for transparency.

Architecture

How Prisma works

Every request passes through layers of security and isolation. All data stays in Europe.

Your Browser
Encrypted connection
TLS 1.3
Firebase Hosting
Global CDN, static assets
CDN + SSL
Cloud Functions
Serverless business logic
EU europe-west1
Firestore + Storage
Encrypted database & files
EU europe-west1
Gemini AI
On-demand only, no training
EU europe-west4
Third-party integrations
Stripe
PCI DSS Level 1
Gmail / Outlook
OAuth 2.0
WhatsApp Business
Official Meta API
TSA / Blockchain
RFC 3161 + OpenTimestamps
Security

Protection at every level

From connection to database, every layer of the platform implements specific security measures.

End-to-End Encryption
TLS 1.3 for all in-transit communications. AES-256 for stored data. Credentials are never stored in plaintext.
EU Data Residency
All data resides in the europe-west1 region (Belgium, EU). No extra-EU transfers without adequate safeguards (SCC, Data Privacy Framework).
Multi-Tenant Isolation
Each firm's data is completely separated at the database level. Role-based access control (RBAC) for every operator.
Transparent AI Pipeline
AI (Google Gemini) processes data only on your request. Your data is never used to train models. Every AI action is logged in the audit trail.
Secure Payments
Payments are handled by Stripe, PCI DSS Level 1 certified. Card data never passes through our servers.
Document Integrity
SHA-256 hash for every document. TSA timestamping (RFC 3161), Merkle trees, and optional Bitcoin blockchain anchoring via OpenTimestamps.
Compliance

Standards & certifications

European regulatory compliance and international security standards.

GDPR
Reg. EU 2016/679
eIDAS
Reg. EU 910/2014
AI Act
Reg. EU 2024/1689
SOC 2 Type II
Google Cloud
ISO 27001
Google Cloud
PCI DSS
Stripe Level 1
Legal Documents

Policies & terms

All legal documents for the service, written in accessible language.

Privacy Policy
How we handle your data
Cookie Policy
Terms of Service
Service usage conditions
DPA
Data processing agreement