Skip to main content
PANTA OS is hosted explicitly within the European Union, unless agreed differently, on Microsoft Azure infrastructure in Frankfurt, Germany. All data remains within the EU at all times. Customer data is never used to train AI models. A fully executed Data Processing Agreement compliant with Article 28 GDPR is available and forms part of every client contract.
The setup described below is the standard configuration of PANTA OS. Different arrangements, including self hosted deployments or specific regional requirements, can be agreed on a per client basis as part of onboarding.

Hosting and Infrastructure

PANTA RHAI GmbH operates no physical server infrastructure of its own. The platform runs on Microsoft Azure data centres within the European Union, with the standard region being Frankfurt, Germany. Physical security, including access controls and monitoring, is provided by Microsoft Azure under its ISO 27001, SOC 2, and related certifications. Application, database, and file storage all sit within the same EU region. Backups are performed on a routine schedule and stored within the EU.

Encryption and Access

All data transmission between users and the platform runs over encrypted connections. Data at rest is encrypted using industry standard methods. Access is authenticated per user, with role based permissions limiting what each person can see and do. Each client organisation is logically separated from every other, so that data from one tenant is not accessible to another. Administrative access to production systems is restricted to authorised PANTA staff.

Data Processing and GDPR

PANTA RHAI GmbH acts as a data processor within the meaning of Article 28 GDPR. The client organisation remains the data controller. A Data Processing Agreement is provided with every client contract and covers the applicable technical and organisational measures, sub processors, and responsibilities regarding data subject rights. Content entered into PANTA OS is processed solely for the purpose of providing the service and is not used to train AI models, neither by PANTA RHAI GmbH nor by the underlying enterprise model providers. PANTA RHAI GmbH operates under the supervision of the Hamburg Commissioner for Data Protection.

Logging

Operational logs are collected for the purposes of error analysis, performance monitoring, and security. Logs are retained for a limited operational window and are not used for profiling, advertising, sale to third parties, or AI training.

Automated Decisions

No automated decision making within the meaning of Article 22 GDPR takes place on the platform. AI generated content is produced as a tool for users to review, edit, and approve. The platform does not make autonomous decisions about users without human involvement.

Deployment Options

The standard deployment runs on EU based Azure infrastructure as described above. Where data sovereignty requirements or internal IT policies call for a different setup, PANTA OS can also be deployed on the client’s own infrastructure, with all processing within the client environment and support for self hosted open source language models where required. Such arrangements are agreed and implemented during onboarding.
Last modified on May 28, 2026