Security and compliance
Last updated: 19 June 2026
Hosting and data location
Processing takes place on infrastructure located within the European Union. No data is reused to train models. Audio files are not retained after the call.
GDPR framework
The record of processing (Article 30), the impact assessment (DPIA) and the data processing agreement (DPA) are provided. Retention periods and legal bases are documented per use case.
Transparency — Mode Clarté
Every answer cites its regulatory source and is time-stamped. The audit log (answer, source, confidence score, latency, model) is available. The user is told they are speaking to an AI (AI Act, Art. 50).
Risk control
ARIA declines to answer when the source is missing, incomplete or contradictory, and escalates to an agent with the exchange summary. A prompt-injection firewall and “golden” tests precede every go-live.
Accessibility
The service targets level AA of the WCAG 2.1. See the dedicated accessibility statement.
Public procurement
Pricing and contractual terms are calibrated to comply with public procurement rules.
Reversibility and continuity
Your data remains yours: export and reversibility are provided for. Service continuity and recovery procedures are documented.
Security contact
For any CISO/DPO question or to request the compliance pack: contact@cassinvendome.com.