REGIUM.
Demo → Book a call
08 / SECURITY [08]

Built compliant. Hosted in the EU. Audited end to end.

Our architecture is designed to meet the same regulatory standards we help our customers comply with.

01 / COMPLIANCE POSTURE [01]

In progress

SOC 2 Type 1

Audit underway. Target completion: Q4 2026.

Planned

ISO 27001

Scope defined. Target audit: Q1 2027.

Available

GDPR DPA

Data Processing Agreement available on request for all customers.

02 / DATA ARCHITECTURE [02]

EU data residency. End-to-end.

All customer data is stored and processed exclusively on Google Cloud Platform, Frankfurt region (europe-west3). No data crosses EU borders. Sub-processor list is available on request.

Hosting Google Cloud Platform — Frankfurt (europe-west3)
Encryption at rest AES-256 — Google Cloud KMS
Encryption in transit TLS 1.3 — all surfaces
Key management Google Cloud KMS — customer-managed keys available
Audit logging Immutable log — 7-year retention
Backups Daily encrypted backups — 30-day retention
03 / ACCESS CONTROLS [03]

Role-based access

MLRO, Compliance Officer, Read-only Auditor, Administrator. Granular permission model per module.

SSO via SAML / OIDC

Integrate with your existing identity provider (Okta, Azure AD, Google Workspace) on Growth and Enterprise tiers.

Audit trail

Every administrative action — permission changes, exports, configuration edits — is logged with timestamp and user identity.

Session management

Configurable session timeout. Forced re-authentication on sensitive operations (export, permission change).

04 / INCIDENT RESPONSE [04]

4 hours

Acknowledgement SLA

All severity levels — working hours and out-of-hours.

72 hours

Incident report

Aligned with DORA's own incident reporting standard — we live the framework we sell.

100%

Breach notification

GDPR Article 33 notification to supervisory authority within 72 hours of becoming aware.

05 / DOCUMENTS [05]

Privacy Policy

How we collect, process, and protect personal data.

Read →

Data Processing Agreement (DPA)

GDPR Article 28 DPA for customers who process personal data through Regium.

Read →

Terms of Service

Platform subscription terms, IP ownership, and limitation of liability.

Read →

Have specific security questions?

Book a call with our team. We'll walk through our architecture, sub-processor list, and any specific compliance requirements your security team has.

Book a 30-minute call → Or open the demo