Alomana runs in a private, isolated instance, your data is never used to train models, never shared with other customers, and never leaves your control. ISO/IEC 27001 certified and GDPR compliant.
GDPR compliantExercise data rights and rely on consistent, documented protection.
Independent penetration testingRegular third-party specialists test for vulnerabilities.
Vendor & sub-processor reviewsSub-processors are continuously evaluated and published for transparency.
Governance & control
Workspace-level permissionsAdmins manage settings and access across the entire organization.
Mirrored access permissionsIntegrations reflect your source-tool permissions 1:1 for consistency.
Bring your own keys (BYOK)Use your own model-provider keys; reach every model through one interface.
Full audit trailEvery input, model call, and output is logged — built-in monitoring detects threats.
ISO/IEC 27001:2022 certified.
Alomana maintains an independently certified information-security management system, is GDPR compliant, and offers single-tenant, EU-based deployment for organizations with the strictest requirements. To see what the EU regulation asks of companies using AI, read our EU AI Act guide for businesses.
No. Your prompts, documents, and outputs are never used to train, fine-tune, or improve any model, ours or a provider’s. Your data is used only to serve your own requests, inside your instance.
Where is our data hosted?
In a private, single-tenant instance isolated from other customers. EU-based hosting is available for the application and most models, so data can stay entirely within EU regions.
Is Alomana ISO 27001 certified?
Yes. Alomana holds an ISO/IEC 27001:2022 certification covering its information-security management system, validated by an independent auditor (Insight Assurance). Alomana is also GDPR compliant.
Is Alomana GDPR compliant?
Yes. Alomana is GDPR-compliant, EU-based AI: a European AI platform with a single-tenant private instance, EU hosting, and AES-256 encryption. Your data stays under your control with full data sovereignty and never trains any model.
How is our data encrypted?
All data is encrypted with AES-256 at rest and TLS 1.2+ in transit, across both storage and networks. Access is governed by zero-trust, least-privilege principles with strong authentication.
Who can access our data?
Only essential personnel, under least-privilege access verified at every step. Integrations mirror your source-tool permissions 1:1, and every input, model call, and output is logged in a full audit trail.
Can we use our own model keys?
Yes. Bring your own API keys (BYOK) for supported model providers and reach every major model through a single interface — no vendor lock-in, full control over usage.
Do you support single-tenant deployment?
Yes. Alomana can provision a dedicated, single-tenant instance in your preferred cloud — no shared compute, full isolation, and no data leaves your environment.
How do you test your security?
Independent third-party specialists run regular penetration tests and audits. Continuous monitoring watches for threats, and sub-processors are reviewed and published for full transparency.
Private by design · ISO 27001 · GDPR
Bring it to your security review.
We’ll walk your security and compliance teams through our controls, architecture, and certifications — on your requirements, with your questions.