Trust center

Security, compliance and data residency

Pathwize is EU-native from the data layer up. Here's how we handle security, where your data lives, who processes it, and your rights.

Security controls

Data residency

Personal & project data stored and processed in the EU by default.

Encryption

TLS 1.2+ in transit; encryption at rest.

Access control

Role-based access; least privilege; audit logging.

Provenance

Hash-chained, tamper-evident per-task audit trail.

Sandboxing

No-download annotation workspace for sensitive data.

Worker classification

Jurisdiction-correct engagement of experts.

Certifications

Status

SOC 2 Type II[ in progress, placeholder ]

ISO 27001[ planned, placeholder ]

GDPRCompliant by design

EU AI Act readinessAnnex IV provenance built in

Subprocessors

Who processes data

Supabase

Database & storage

EU (Frankfurt)

Clerk

Authentication

EU data residency

Stripe

Payments (Connect)

EU / global

Anthropic (Claude)

AI drafting & scoring

EU inference where available

Resend

Transactional email

Vercel

Hosting

EU region

Supported countries

EU & EEA by default

Expert engagement and data residency default to the EU/EEA. 30 countries supported.

ATBEBGHRCYCZDKEEFIFRDEGRHUIEITLVLTLUMTNLPLPTROSKSIESSEISLINO

Your GDPR rights

Access, export, erasure

· Access and export your data at any time.
· Request rectification or erasure.
· Provenance events are pseudonymized on erasure to preserve dataset integrity.

Experts manage requests in the portal's data-rights area.NoteDocument text marked “placeholder” awaits counsel review.

Make your AI-Act documentation a non-event

Every batch ships with an Annex-IV-ready provenance bundle. Run a pilot and see one.

Request a pilot Book a demo

Vendor-neutral · your data stays your IP