NestAI Docs

COMPLIANCE & DATA RESIDENCY

NestAI is built for teams that need provable data privacy. Every server is isolated, every byte stays in your chosen region, and zero data is sent to any external AI provider.

Data Residency

When you deploy a NestAI server, you choose the region. All AI processing, conversations, documents, and embeddings stay on that server in that region. There is no replication, no mirroring, and no cross-border data transfer.

Region	Location	Jurisdiction
NBG1	Nuremberg, Germany	EU — GDPR
FSN1	Falkenstein, Germany	EU — GDPR
HEL1	Helsinki, Finland	EU — GDPR
ASH	Ashburn, Virginia, USA	United States
HIL	Hillsboro, Oregon, USA	United States
SIN	Singapore	APAC — PDPA

ℹ

All regions use Hetzner Cloud infrastructure. Hetzner is ISO/IEC 27001 certified.

Data Residency Certificate

NestAI can generate a Data Residency Certificate — a professional document that proves where your data lives and what privacy guarantees apply. Use it for compliance documentation, DPA responses, vendor security questionnaires, or internal audits.

Go to Compliance Page

Navigate to Dashboard → Compliance.

Review Your Details

The page shows your server location, IP, infrastructure details, and all privacy guarantees.

Download Certificate

Click Download Certificate (PDF). A formatted certificate opens in a new tab. Use your browser's print function (Ctrl+P / Cmd+P) to save as PDF.

✓

The certificate includes: deployment details, server location, infrastructure provider, privacy guarantees, software stack, and a verification timestamp. It is valid for 90 days from the generation date.

Privacy Guarantees

Guarantee	What it means
Zero Data Exfiltration	No prompts, responses, or documents are sent to any third-party AI provider (OpenAI, Anthropic, Google, etc.)
No Telemetry	NestAI does not collect or transmit conversation content. Usage analytics are computed from server logs, not from your messages.
Isolated Infrastructure	Your server is a dedicated VM. No other customer shares your compute, memory, disk, or network.
Encryption in Transit	All traffic is encrypted via TLS 1.3 with Let's Encrypt certificates.
Encryption at Rest	Server disks use Hetzner's standard SSD encryption.
Data Deletion	When you cancel, the Hetzner server is permanently deleted within 24 hours. All data is irrecoverably destroyed.

Compliance Frameworks

NestAI's architecture supports compliance with multiple data protection frameworks depending on your server region.

Framework	Supported	Notes
GDPR (EU)	✓ Yes	EU servers (NBG1, FSN1, HEL1). Data stays in EU. No cross-border transfer.
DPDP Act (India)	✓ Yes	Private server architecture. No data shared with third parties.
PDPA (Singapore)	✓ Yes	Singapore datacenter available. Data stays in Singapore.
ISO 27001	✓ Infrastructure	Hetzner Cloud is ISO/IEC 27001 certified.
SOC 2 Type II	○ Partial	Infrastructure provider certified. NestAI platform SOC 2 in progress.
HIPAA	○ Not yet	Data isolation is in place, but BAA (Business Associate Agreement) is not currently provided.

⚠

NestAI provides the technical infrastructure for compliance. Legal compliance ultimately depends on how your organization uses the platform. Consult your legal team for binding compliance assessments.

Audit Logs

Every significant action is logged in the Audit Log (Dashboard → Audit Log). This includes model installations, team member changes, server status changes, and API key generation. Audit logs can be exported as CSV for compliance reporting.