Trust Center

Transparency is the foundation of every business relationship. Here you will find all information on data protection, security and compliance that your procurement or legal department needs for evaluation.

Compliance Documents

Data Processing Agreement

Platform-specific DPA pursuant to Art. 28 GDPR with subprocessor list, data categories and retention periods.

DPIA

Complete risk assessment per Art. 35 GDPR: processing description, risk matrix and conclusion.

Privacy Policy

Central privacy policy by BlackSwanAI for all platforms.

Terms of Service

General terms and conditions.

Legal Notice

Information pursuant to § 5 TMG.

Infrastructure & Data Flow

Auftragr processes two types of data: personal user data and public tender data. Personal data does not leave the EU.

Personal Data

Database: Neon PostgreSQL
EU (Frankfurt)
Hosting: Netlify
EU
File Storage: Netlify Blobs
EU
E-Mail: one.com SMTP
EU (Denmark)

Public Data & AI Analysis

Intelligence DB: Neon PostgreSQLEU (Frankfurt)
Data Sources: TED, Bund.de, DTVPPublic
AI Analysis: Groq (Llama 3.3 70B)USA*

* Groq receives only public tender texts — no personal data. SCC (EU Standard Contractual Clauses) in place.

Technical Security Measures

Row Level Security

8 tables, 16 policies, FORCE enabled — each user sees only their own data

Encryption

TLS 1.3 (Transit), AES-256 (Rest), bcrypt 12 Rounds (Passwords)

Auth & Session

NextAuth.js JWT, 30d Expiry, E-Mail-Verifizierung

Middleware

Global auth middleware on all protected API routes

Rate Limiting

IP-based on signup, login and public APIs

Access Validation

German business emails only (.de/.at/.ch/.eu), admin approval

Availability & Operations

As a platform built on proven cloud infrastructure, Auftragr benefits from the availability commitments of our infrastructure partners. We are transparent about what we control and what depends on third parties.

Infrastructure Availability (Third-Party)

Neon PostgreSQL (Database)99.95% SLA
Netlify (Hosting & CDN)99.99% SLA
Groq (AI Analysis)Best-effort (public data)

SLA values are based on the published availability commitments of the respective providers.

What We Directly Control

  • Application code, security updates and bug fixes — continuous maintenance by our development team
  • Data integrity and data security — Row Level Security, encryption, auth middleware
  • Daily intelligence updates — automated data import from TED, Bund.de, DTVP and state portals
  • Support response within 24 hours on business days via email (info@blackswanai.de)

Our Approach to Availability

Auftragr is currently in early-access operation. We do not currently offer a formal SLA as our availability directly depends on our infrastructure partners (Neon, Netlify). We rely on proven, highly available cloud services and actively work on monitoring and optimizing our platform. If you are interested in a custom service level agreement for your organization, please contact us directly.

Data Subject Rights

Access (Art. 15)

Settings → Export Data

Portability (Art. 20)

JSON export of all 7 data tables

Erasure (Art. 17)

Settings → Delete Account (immediate, cascading)

Objection (Art. 21)

info@blackswanai.de

Questions about compliance or security?

Does your procurement or legal department need additional information? We are happy to provide individual documentation.

info@blackswanai.de

Last updated: April 2026 | BlackSwanAI, Erlangen