Skip to content
9brains
GDPR-compliant Protected from the US CLOUD Act Made in Germany

Privacy &
Data Sovereignty

Everything about security, privacy and compliance – transparently in one place.

Try for free Talk to a founder

Made in Germany · Bavaria

Developed, maintained and legally governed in Germany.

Hosted in Germany · Hetzner

No US provider. Protected from the US CLOUD Act.

EU AI Act Ready

Transparency & auditability by design – built for the EU AI Act.

Sustainable

100 % renewable energy in our data centers – resource-efficient by default.

"Protected from the US CLOUD Act – we can't be switched off."

Key facts at a glance

Data sovereignty and strict privacy are not marketing terms for us – they have been firmly anchored in the architecture of 9brains since day one. We have specifically designed our platform for the demanding requirements of German-speaking SMEs. Our claim: to unlock the full potential of modern artificial intelligence for you – absolutely secure, transparent, and without the slightest compromise on control over your data.

The data flow

Full transparency about how your data flows: from browser input to the model's response – every stage is documented and encrypted.

Zone A
Your browser
Your device – at home or in the office
Zone B
9brains Platform 🇩🇪
Our server in Falkenstein, Germany
Zone C
AI providers
OpenAI, Anthropic, Google & Co.
1
Zone A · Your browser
You ask a question
You type your question into the chat. It leaves your browser encrypted — like a sealed envelope.
TLS 1.3 encrypted
2
Zone B · 9brains 🇩🇪
We prepare everything
Our server adds your chat history, your knowledge base and settings to the question. Everything stays in Germany.
Falkenstein, Germany
3
Zone B → Zone C
Question goes to the AI model
We send your question encrypted to the AI model — without your name or your company. No training on your data.
No training · No name
4
Zone C → Zone B
The AI responds
The AI model sends the answer back to our server. The provider forgets the request immediately afterwards — Zero Data Retention.
Zero Data Retention
5
Zone B · 9brains 🇩🇪
We store it securely
Your chat history is stored encrypted in Germany. Only you can see it — no other user, no admin.
AES-256 · For your eyes only
6
Zone B → Zone A
You see the answer
The answer arrives encrypted at your browser and is displayed there. The loop is closed.
TLS 1.3 encrypted

Where is your data stored?

All production data lives in Germany. Backups are AES-256-encrypted and kept in Helsinki (EU).

Data type Location Encryption
Database (chats, accounts) Falkenstein 🇩🇪 TLS · AES (Secrets)
Knowledge bases (documents) Falkenstein 🇩🇪 TLS
Vector database (RAG) Falkenstein 🇩🇪 TLS
Files & images (S3) Frankfurt 🇩🇪 AES-256 Client-Side
Backups Helsinki 🇫🇮 AES-256 at rest

The three modes – set by the admin per workspace

9brains offers three sovereignty modes that differ in protection level and available AI models. A workspace administrator picks exactly one mode – defining which of the four privacy tiers can be used in that workspace.

The admin decides. For each workspace, the administrator selects one of these three modes. The mode controls which AI models are available to users – and therefore the data-protection tier their data is processed under.

EU-Sovereign

EU provider, EU infrastructure. Full data control within the EU.

GDPR

International provider, processing on EU servers. GDPR-bound via DPA.

GDPR (DPF)

DPF-certified US providers. GDPR-compliant under the EU Commission adequacy decision.

Global

No EU server location, no DPF. Only for non-sensitive, non-personal data.

Reading hint: Tiers shown in grey are not available in the currently selected mode. Regardless of mode, for all models: your data is never used for training.

AI models & privacy status

For every chat and image model we publish server location, privacy tier, training policy and Zero Data Retention. No provider may use your data for training — this applies to all models, regardless of the selected sovereignty mode.

OpenAI

GPT

OpenAI

Anthropic

Claude

Anthropic

Gemini

Gemini

Google

Mistral

Mistral

Mistral AI

DeepSeek

DeepSeek

DeepSeek

Grok

Grok

xAI

Qwen

Qwen

Alibaba

MoonshotAI

Kimi

Moonshot

Zhipu

GLM

Zhipu AI

18+
Models available
From 9 providers, continuously expanded
0 %
Training on your data
Applies to all models, contractually guaranteed
EU
Server options
EU-sovereign, GDPR & DPF-certified
Privacy status of all models →

EU AI Act Ready

Transparency. AI-content labelling and source traceability (RAG).

Risk management. Model-provider conformity statements aggregated centrally.

Not high-risk AI by default. 9brains is built as a general-purpose AI – typical use cases do not fall into the notifiable high-risk category.

Supply-chain evidence. Especially with EU-sovereign models you can fully prove which technology runs where.

Security

Encrypted transport. TLS on every connection – inputs as well as outputs.

Encrypted storage. AES-256 client-side encryption for files. Backups AES-256 at rest.

Full tenant isolation. Row-level security at the database – every workspace is isolated.

Identity & access management. Password login or Microsoft SSO, optional MFA (admin-enforceable).

Certifications & compliance

Data center (Hetzner)

Our entire infrastructure runs in Hetzner Online’s certified data centers in Germany (with backups in Finland). The following certifications exclusively relate to Hetzner as a data-center operator. They confirm physical security, quality, environmental and energy management of the infrastructure.

  • ISO/IEC 27001 – information security
  • ISO 9001 – quality management
  • ISO 14001 – environmental management
  • ISO 50001 – energy management
  • TÜV-audited – independent audits (physical security, fire, resilience)
  • DIN EN 50600 – European data-center infrastructure standard

Details and current audit reports: Hetzner certifications.

Platform & company (9brains)

Beyond the infrastructure, 9brains as a platform and company will also undergo comprehensive certification. An ISMS according to ISO/IEC 27001 and a certification under ISO/IEC 42001 (AI management system) are in preparation. We track the current status transparently here.

  • ISO/IEC 27001 – roadmap 2026
  • ISO/IEC 42001 – AI management system · roadmap 2026

Frequently asked questions

Is my data used for AI training?

No. All AI providers are contractually required not to use your data for training. Governed by our Data Processing Agreement (DPA).

Can my administrator read my chats?

No. Admins see usage stats but no chat content.

What happens when I switch models?

Your chat history stays with us. The previous provider uses nothing for training.

May I process personal data with global models?

No. Personal data belongs exclusively in models of tier EU-Sovereign, GDPR or GDPR (DPF).

More details – current model overview, Data Privacy Framework and ZDR status – in the full privacy documentation ↗.

Documents for download

Data Processing Agreement (DPA) As of May 2026 · PDF

Convinced by our security?

Try 9brains free for 7 days or get personal advice.

Try for free Talk to the founder
See all features → See pricing →
Try