Skip to content

Security & architecture

Security by architecture. Not by promise.

The strongest data-protection argument is a data flow you can audit. Here is ours — including what we don't have.

The data flow

Where everything runs.

Every Copilot and every agent we build is deployed into your environment — your cloud tenant or your on-prem hardware. The model weights are static, open-weight files on your disk. Inference happens next to your data. There is no aplexio backend, no phone-home, no telemetry. After handover, nothing in the system talks to us.

┌─ YOUR ENVIRONMENT (tenant / on-prem) ─────────────┐
│                                                   │
│   your systems ──► agent ──► open-weight model    │
│   (SAP, CRM, files)   │        (static files)     │
│                       ▼                           │
│                    answer                         │
│                                                   │
└───────────────────────────────────────────────────┘
      no connection to aplexio infrastructure

Roles under GDPR

You stay the controller.

Your data is processed by you, on your systems — you remain the controller in the GDPR sense at all times. Where an engagement touches personal data at all, we act as a processor under a data processing agreement (DPA) we bring to the table. After handover, aplexio is not involved in any processing. During development we work with synthetic and sample data; if a build genuinely requires excerpts of real data, they are anonymized inside your environment first, under a contract addendum.

Design constraints

Five constraints we build under. Every engagement.

No phone-home

Nothing in the deployed system calls aplexio — no updates, no metrics, no “anonymous usage data.”

Open weights only

The model is a file you hold, under a license you can read. No API dependency that can be repriced or revoked.

Reproducible deployment

The runbook we hand over rebuilds the entire system from scratch — your team can redeploy without us.

You retain all data

Inputs, outputs, logs, embeddings — everything the system produces lives and stays in your environment.

Tested model-upgrade path

When a better open-weight model ships, the swap is a documented, tested procedure — not a new project.

Certifications

What we don't have.

aplexio holds no ISO 27001 and no SOC 2 certification, and we won't imply otherwise. Those certifications attest to how a vendor handles your data on their systems. Our architecture is designed so that your data is never on our systems — which is why we point auditors at the deployment in your environment, and hand over the documentation to audit it. If your procurement requires a certified vendor regardless, we'd rather tell you now than after a workshop.

Bring your data-protection officer.

The fit call works with your DPO or IT security in the room — the architecture answers most questions in the first ten minutes.