Trust & Security - European Data Sovereignty & Compliance

Trust you can verify.

We sell security. That means we need to be beyond doubt about our own. Here is exactly how we handle your data - no marketing translation.

STACK SELECTION

Our principles for stack selection

Every component in Alliance42 is chosen by one filter: what is best for the customer's security, sovereignty and long-term independence.

Open source or from a European-headquartered company
Data hosted in the EU
No US cloud dependencies for customer data
The vendor must have existed long enough to prove its stability - we do not choose startups for critical components
No vendor kickbacks influence our choices
Every component is evaluated against the EU First Index sovereignty scoring

We do not publicly name our stack partners at this time - that will come when partnerships are formalized. But you get the full picture in your DPA, where all sub-processors are listed as required by law. And we are happy to walk through the stack choices on a call.

INFRASTRUCTURE

Our infrastructure

All hosting infrastructure runs on data centres in Germany. The data centres are ISO 27001:2022 and BSI C5 Type 2 certified.
We do not use AWS, Google Cloud, Microsoft Azure or any other US-incorporated cloud provider for data processing. No American cloud services.
Why it matters: the US CLOUD Act gives American authorities the right to demand access to data at US-incorporated cloud providers - regardless of where the data is physically stored. By keeping our entire stack on European infrastructure, we eliminate that exposure.
No Google Analytics, no Meta Pixel, no advertising cookies. Our analytics is cookie-free, hosted in the EU, and so privacy-friendly that tracker blockers block it by default. We accept the data loss because it is the right tradeoff.

Transparency

Your Data With Us

When you use our estimator

Your price calculation runs on our server, not in your browser. Nobody can read our pricing model or your numbers.
We only store what you enter. No hidden tracking, no third-party scripts.
If you become a client, we transfer your information to your dedicated portal. If we do not hear from you, we automatically anonymize your personal data.
You can always request full deletion.

What we DON'T do

We do not sell your data.
We do not track your behavior across pages.
We do not share your information with third parties.
We do not use your data to train AI models.
We do not place advertising or marketing cookies.

COMPLIANCE

Where we are on the compliance journey

ISO 27001

We are actively working towards certification. Our underlying data centres are already ISO 27001:2022 and BSI C5 Type 2 certified. We apply the framework internally.

NIS2

We apply the NIS2 Article 21 framework internally with the same rigour as we help our customers implement. Documentation proportional to our size - we are not under supervision yet, but we follow the framework anyway.

GDPR

Built in from day one. All data processing in the EU. Draft DPA published - awaiting legal review before formal agreements. The full list of sub-processors is in your DPA.

If anything here is wrong or unclear...

If anything on this page is unclear, that is my fault. Write to me, and I will fix the page and answer your question.

Write to us

“If something on this site is unclear, that's on me. Send me a message and I'll fix the page, and answer your question.”

Tobias Lauge JensenFounder & CEO, Alliance42

Your place in the Alliance is waiting.

No sales team. No call center. Just me.

Estimate your priceCall Tobias