π¨π Swiss Data Sovereignty
100% of production data hosted on Exoscale Zurich (ch-dk-2 zone). Swiss company, Swiss data centres. No AWS, Azure, or GCP for production workloads.
- Exoscale SKS (Managed Kubernetes) β Zurich region
- Encryption at rest (volume encryption, Vault-encrypted secrets)
- TLS 1.3 on all endpoints, HSTS enforced
- No US cloud dependency
π Security & Compliance
Enterprise security controls mapped to ISO 27001 Annex A categories. Self-assessed with external penetration testing.
- HashiCorp Vault for secrets management
- Security headers (HSTS, CSP, X-Frame-Options)
- Wordfence WAF on all WordPress sites
- Annual external penetration testing
- Automated deployment guardrails (file size, duplicate detection, syntax validation)
π€ AI Governance Framework
52 autonomous agents governed by 10 constitutional rules. Aligned with ISO 42001:2023 (AI Management System).
- 10 immutable rules validated before every agent action
- Human-in-the-loop for all critical decisions
- Dual AI review (Claude + Grok) for design evaluations
- Audit trail: every agent action logged with reasoning
- No training on client data (opted out at all AI providers)
π Data Protection (nDSG / GDPR)
Compliant with Swiss new Federal Act on Data Protection (nDSG) and aligned with EU GDPR.
- Data minimisation β only collect what's needed
- 72-hour breach notification (nDSG Art. 24)
- Right of access, portability, and erasure supported
- DPA templates available for enterprise clients
π Monitoring & Observability
Real-time monitoring of all 52 agents with automated alerting.
- Prometheus metrics scraping per-agent
- Grafana dashboards (agent health, throughput, cost)
- Circuit breakers prevent cascading failures
- Post-deployment health verification
π¨ Incident Response
Structured incident response with automated detection, containment, and post-incident analysis.
- Automated detection via Prometheus + Wordfence
- Circuit breaker isolation for affected agents
- Root cause analysis documented
- 84 encoded lessons from past incidents
