Compliance

Regulatory compliance

As a European company, we are deeply committed to operating within the regulatory frameworks that protect individuals and organizations across the EU and beyond.

GDPR

We fully comply with the General Data Protection Regulation. As a data processor, we implement all necessary technical and organizational measures to guarantee the security and confidentiality of personal data. Our practices include:

• Lawful, fair, and transparent data processing
• Data minimization: we only collect what is necessary
• Purpose limitation: data is used only for its intended purpose
• Storage limitation: customers control retention periods
• Data subject rights: we support the right to access, rectification, erasure, and portability

For more details, please refer to our Privacy Policy.

EU AI act

We proactively align our practices with the EU Artificial Intelligence Act. Our AI roleplay system is designed with transparency and fairness at its core:

• Clear disclosure that users are interacting with AI
• Guardrails to prevent harmful or inappropriate AI behavior
• Human oversight mechanisms built into the platform
• Regular assessment of AI system risks and impacts

Certification roadmap

We are actively pursuing ISO 27001:2022 and SOC 2 Type II certifications as part of our security maturity journey. While these are currently under review, our infrastructure providers, including Scaleway and Auth0, already hold these certifications, providing a strong security foundation.