Built for your GDPR review.
No marketing fluff — named sub-processors, explicit regions, documented processes. This page is written for CIOs and data protection officers.
1. GDPR compliance
Rentarion meets Art. 13/14 (notice), Art. 15 (access), Art. 17 (erasure) and Art. 20 (portability) of the GDPR. Every tenant can export its data as JSON or request full deletion.
2. Sub-processors
All providers are located within the EU. DPAs per Art. 28 GDPR are in place or in progress.
Azure OpenAI: no training on customer data — contractually ensured via EU Data Boundary.
3. Data minimisation & encryption
Encryption at rest and in transit throughout. Password hashing with bcrypt (12 rounds). No tracking tools without consent. Session cookies httpOnly, SameSite=Lax.
4. Multi-tenant isolation
Strict tenant separation at the application level: every database query is tenant-bound. In addition, PostgreSQL Row Level Security acts as a default-deny safeguard at the database level. Regular tenant-isolation audits — most recently without a single exploitable finding.
5. Audit log & four-eyes
Every field change, every approval step, every upload, every export — with user ID, timestamp, before/after. Critical fields require two-person approval.
6. Anti-hallucination
The AI provides citations, but we do not trust blindly: every citation is checked via exact substring match (after whitespace and case normalisation) against the OCR text. No fuzzy matching. Failed verification → citation discarded.
7. Legal Alert Engine
9 legal categories from BGB/BetrKV/HkVO. Deterministic rules, no LLM legal advice. Details and statutes on the Features page under #legal-engine.
8. Role permissions
Five roles with fine-grained rights: admin (full tenant control), portfolio manager (day-to-day operations), approver (four-eyes approvals), viewer (read-only) — plus platform administration. Individual permission flags per user, role changes are audit-tracked.
9. Password security & auth
Self-service password reset with 1-hour token. Anti-enumeration (same response regardless of whether the email exists). New passwords are checked against known data breaches (k-anonymity — the password never leaves the browser). Invite-only onboarding — no public registration.
10. Backups & recovery
Daily encrypted off-site backups of database and files at Hetzner in Nuremberg — deliberately with a different provider than the primary storage (3-2-1 principle). Restorability is verified automatically every week.
Questions from your IT or DPO?
We provide DPA templates, TOMs and an architecture overview on request.