---
title: "Security Trust Center for production AI agents"
description: "Duale AI's production AI agent security posture: German hosting, tenant isolation, review artifacts, no certifications, and contact paths for security/privacy inquiries."
lang: en
lastUpdated: 2026-06-07
url: https://duale.ai/en/product/security
---

## AI-generated summary

This Security Trust Center page outlines Duale AI’s current security, privacy, and hosting posture for production AI agents, including data residency, encryption, tenant isolation, available review artifacts, lack of formal certifications, and contact information for security reviews.

- The page states that managed customer application data is hosted in Germany by Hetzner, with Cloudflare providing website delivery and network protection.
- It explicitly notes that Duale AI does not currently claim SOC 2, SOC 3, ISO 27001, or EU AI Act certification, and any readiness work is not presented as a completed audit.
- The page lists review artifacts such as security questionnaire answers, architecture notes, DPA request path, subprocessor list, hosting description, and incident contact.
- It explains that transit encryption uses HPKE over TLS with X25519, HKDF‑SHA256 and ChaCha20‑Poly1305, while data at rest is encrypted client‑side with AES‑256 before storage.
- The page provides email contacts for security review, privacy and data‑processing requests, and subprocessor objections, each using a dedicated address.

Summaries were generated by AI. Generative AI is experimental.

---

<Hero
  eyebrow="Security Trust Center"
  title={
    <>
      Review the production boundary before <AccentText>agents scale</AccentText>
    </>
  }
  subtitle="This Trust Center summarizes the current Duale AI security, privacy, hosting, and review-input posture for teams evaluating production AI agents."
  primaryCta={{ label: "Request security review", dialog: "contact" }}
  secondaryCta={{ label: "Review subprocessors", href: "https://duale.ai/en/legal/subprocessors.md" }}
/>

<Section
  title="Current status"
  subtitle="This is a product posture page, not a certification claim. It separates available controls, review artifacts, and roadmap work."
>
  <CardGrid columns={4}>
    <Card title="Available today" icon="check">
      Managed customer application data is hosted in Germany by Hetzner. Duale AI is a French company. The current
      posture describes tenant isolation, access controls, audit events, scoped retention, and subprocessors for the
      managed service.
    </Card>
    <Card title="Review artifacts" icon="reader">
      Security questionnaire answers, architecture notes, data-processing agreement request path, subprocessor list,
      hosting description, incident contact, and product-control summary can be requested during review. Availability
      depends on current artifact status and review scope.
    </Card>
    <Card title="Certification status" icon="exclamation-triangle">
      Duale AI does not currently claim SOC 2, SOC 3, ISO 27001, EU AI Act certification, or equivalent certification.
      Readiness work is not presented as a completed audit.
    </Card>
    <Card title="No unsupported badges" icon="lock-closed">
      There is no public SOC 3 PDF, EU AI Act certification, or EU Cloud Code of Conduct adherence claim today. Those
      labels will appear only after the underlying audit or adherence work is complete.
    </Card>
  </CardGrid>
</Section>

<Band>
  <Section
    title="Document map"
    subtitle="The buying review usually needs the same documents. Use this map to ask for the right artifact."
  >
    <CardGrid columns={3}>
      <Card title="Subprocessors" icon="layers" href="https://duale.ai/en/legal/subprocessors.md">
        Current subprocessors, roles, processing locations, and transfer safeguards are documented in the legal pages.
      </Card>
      <Card title="Data-processing agreement" icon="file-text">
        The data-processing agreement request path is available during procurement review. The legal pages remain the
        public source for privacy and processor notices.
      </Card>
      <Card title="ISO 27001 roadmap" icon="commit">
        ISO 27001 readiness work is not presented as certification.
      </Card>
      <Card title="EU residency map" icon="globe">
        Managed application data is hosted in Germany today. Website delivery and network protection use Cloudflare edge
        services.
      </Card>
      <Card title="Model provider card" icon="mixer-horizontal">
        Customers select and contract with model providers during deployment review. Duale AI treats model routing as
        configurable infrastructure, not as a hidden bundled provider.
      </Card>
      <Card title="AI Act references" icon="reader">
        Review inputs can support discussion of logging, transparency, risk management, and human oversight references
        where those obligations apply. This is not an EU AI Act compliance certification.
      </Card>
    </CardGrid>
  </Section>
</Band>

<Section
  title="Controls that matter for production agents"
  subtitle="The platform is designed around stable agent contracts, operational events, and requestable review inputs. Audit exists because production needs it, not as the product category."
>
  <CardGrid columns={3}>
    <Card title="Track routed work" icon="commit">
      Submitted work, errors, retries, and routing decisions can be recorded as operational events so teams can
      understand what happened without reconstructing the workflow from application logs.
    </Card>
    <Card title="Separate tenants and providers" icon="id-card">
      Customer context is scoped by tenant. Model providers are selected in the customer deployment and treated as
      replaceable infrastructure.
    </Card>
    <Card title="Keep project review explicit" icon="eye">
      Teams can document risk thresholds, stop paths, and project-specific review requirements around agent work that
      carries business or security risk.
    </Card>
    <Card title="Limit data movement" icon="globe">
      Managed application data is hosted in Germany today. Model-provider traffic depends on the providers selected by
      the customer and the contracts attached to that choice.
    </Card>
    <Card title="Review failures" icon="exclamation-triangle">
      Timeouts, rejected calls, degraded providers, and failed work can be made visible as product events where the
      integration captures them, instead of staying hidden inside one-off scripts or notebooks.
    </Card>
    <Card title="Preserve an exit path" icon="file-text">
      Stable input and output contracts make it easier to move models, policies, and deployment targets without
      rewriting each agent from scratch.
    </Card>
  </CardGrid>
</Section>

<Section
  title="Data processing posture"
  subtitle="The legal pages remain the source of truth for contractual privacy and subprocessor details."
>
  <CardGrid columns={3}>
    <Card title="Managed application data" icon="globe" href="https://duale.ai/en/legal/subprocessors.md">
      Managed application data is hosted by Hetzner Online GmbH in Germany. Cloudflare is used for website delivery and
      network protection.
    </Card>
    <Card title="Model providers" icon="layers">
      Customers choose and contract directly with model providers. Duale AI does not impose a single model provider as a
      hidden subprocessor.
    </Card>
    <Card title="Training-use boundary" icon="lock-closed">
      Training-use commitments are governed by the privacy notice, customer agreements, and selected model-provider
      contracts. Confirm the exact scope during security review.
    </Card>
  </CardGrid>
</Section>

<Section title="Contact paths" subtitle="Use the channel that matches the review question.">
  <CardGrid columns={3}>
    <Card title="Security review" icon="lock-closed">
      Request a review through the contact form or email <contact+security@mail.duale.ai> for security-specific questions.
    </Card>
    <Card title="Privacy and data processing" icon="id-card">
      Privacy requests: <contact+privacy@mail.duale.ai>. Data-processing agreement requests: <contact+dpa@mail.duale.ai>.
    </Card>
    <Card title="Subprocessor objections" icon="file-text">
      Subprocessor objections and legal notices use <contact+legal@mail.duale.ai>, as documented in the legal pages.
    </Card>
  </CardGrid>
</Section>

## Security review questions

### How is customer data protected at rest and in transit

In transit, all SDK to platform traffic uses application-layer end-to-end encryption on top of TLS: HPKE per RFC
    9180 with X25519, HKDF-SHA256, and ChaCha20-Poly1305 in pre-shared-key mode, where the tenant API token is bound as
    the PSK. The same encrypted channel covers file attachment upload and completion, so CDNs and proxies on the path
    see ciphertext only. At rest, managed application data hosted at Hetzner in Germany is encrypted before it reaches
    object storage (client-side AES-256 for analytical storage and PostgreSQL backups). The platform holds the HPKE
    private key and rotates it on a 30-day schedule; the SDK fetches the public key from the discovery endpoint and
    has no embedded secrets. Exact key custody and rotation terms are reviewed in the data-processing agreement during
    procurement.

### Does Duale AI hold any formal certifications today

No. Duale AI does not currently claim formal certification under SOC 2 (American Institute of Certified Public
  Accountants Trust Services Criteria), SOC 3, ISO/IEC 27001 (information security management), or the European Union
  Artificial Intelligence Act. No audit report, attestation, or certificate from a third-party auditor is published
  today. Readiness work on the security and privacy roadmap is not an audit and is not presented as one.

### How are tenants and model providers isolated

Tenant isolation is logical and cryptographic, enforced consistently across the stack. Every NATS subject is prefixed
  with the tenant identifier and bound to the tenant's JWT permissions, so an SDK client cannot subscribe, publish, or
  enumerate outside its own tenant. PostgreSQL rows and ClickHouse spans carry tenant_id as a mandatory filter, with
  database-level scoping in the IAM policy engine on a default-deny baseline. Audit events use per-tenant Ed25519 keys
  derived through HKDF into AES-256-GCM, with tenant_id bound as additional authenticated data; deleting that key makes
  a tenant's records cryptographically unrecoverable. Each tenant's transit channel is also isolated by its own HPKE
  pre-shared key derived from the tenant API token. Model providers are configured per deployment: customers contract
  directly with the providers they pick (Anthropic, Bedrock, Microsoft Foundry, Vertex AI, OpenAI, others) and bring
  their own provider credentials. Duale AI is not a hidden bundled provider and does not introduce a shared subprocessor
  across tenants.

### How do we report a vulnerability or request a security review

Send vulnerability reports to <contact+security@mail.duale.ai> under the responsible disclosure terms documented in the
  legal pages. Include reproduction steps, affected endpoint or SDK version, and your preferred contact for follow-up;
  good-faith research that does not exfiltrate customer data or degrade the service is welcome. The same address handles
  security-review requests from prospects and customers. Privacy and data-processing requests go to
  <contact+privacy@mail.duale.ai> and <contact+dpa@mail.duale.ai>. Subprocessor objections and other legal notices use
  <contact+legal@mail.duale.ai>. For confirmed incidents affecting customers, the legal pages document the notification
  timing committed in the terms (early warning within 24 hours of becoming aware, incident notification within 72 hours,
  final report within one month).

### What artifacts are available during a security review

Public artifacts cover the subprocessor list, hosting and residency description, and security contact paths in the
    legal pages. On request and under a non-disclosure agreement, the data-processing agreement, the security
    questionnaire with current control statements, an architecture and data-flow summary covering the topics on this
    page (transit encryption, tenant isolation, audit events, retention scope), and the incident notification path are
    shared and scoped to the deployment under review. Duale AI does not currently publish a SOC 2 report, an ISO 27001
    certificate, or a third-party penetration test summary; that work is on the readiness roadmap and is not presented
    as a completed audit. A software bill of materials and dependency provenance can be discussed during review based
    on the SDK and platform components in scope.

<Cta
  title="Review the production boundary before agents scale."
  primaryCta={{ label: "Request security review", dialog: "contact" }}
  secondaryCta={{ label: "Review subprocessors", href: "https://duale.ai/en/legal/subprocessors.md" }}
/>

<JsonLd
  data={{
    "@context": "https://schema.org",
    "@type": "WebPage",
    name: "Duale AI Security Trust Center",
    description:
      "Security, privacy, hosting, model provider, and requestable review-input posture for production AI agent deployments with Duale AI. No certification claim.",
  }}
/>

## Related content

- [Govern AI agents in production with shared operating signals](https://duale.ai/en/solutions/governance.md)
- [Privacy policy and data protection details](https://duale.ai/en/legal/privacy.md)
- [List of subprocessors handling personal data](https://duale.ai/en/legal/subprocessors.md)
- [Production runtime for durable AI agents](https://duale.ai/en/home.md)
- [Terms of Use for platform services](https://duale.ai/en/legal/cgu.md)
- [Role-based solutions for platform, business, and governance](https://duale.ai/en/solutions.md)

---

## Sitemap

See the full [Markdown sitemap](https://duale.ai/sitemap.md) for all pages.