Your data is safe with Libra. We guarantee that your data, inputs (prompts), and outputs (completions) are:
- NOT available to other customers
- NOT available to any entities outside the EU/EEA
- NOT used to improve or train any AI models
- NOT used to improve any third-party products or services
Data Processing Agreement
Our data processing agreement (DPA) is integrated into our General Terms and Conditions. The DPA:- Defines the scope and purpose of data processing
- Specifies the types of personal data processed
- Lists all subcontractors who process data on our behalf
- Establishes the technical and organizational measures we implement
Your Rights Under GDPR
As a data subject, you have the right to:| Right | Description |
|---|---|
| Access | Request information about what data we hold about you |
| Rectification | Request correction of inaccurate data |
| Erasure | Request deletion of your data |
| Portability | Request a copy of your data in a portable format |
| Restriction | Request limitation of processing |
| Objection | Object to certain types of processing |
Data Storage and Encryption
All user data is protected with industry-standard encryption:| Protection | Method |
|---|---|
| Data in transit | TLS protocol (HTTPS) |
| Data at rest | XTS-AES-256-bit encryption |
| Storage location | Servers in Germany |
| AI processing | EU-based servers only |
How We Protect Your Data
Access Controls
Access Controls
Unencrypted access to user data is restricted to Libra employees who need access to fulfill contractual obligations. These employees are bound by confidentiality agreements in accordance with § 203 StGB. Third parties do not have unencrypted access.Within your organization, you can share documents, chats, and assistants with colleagues. Sharing outside your organization is restricted. Your administrator controls organization-wide settings.
AI Model Processing
AI Model Processing
When Libra processes your requests:
- Relevant content is sent to AI model providers
- Processing occurs on servers within the EU
- Data is not stored on AI provider servers after processing
- Your data is never used to train AI models
Subprocessors
Subprocessors
We carefully select subprocessors who process data on our behalf. All subprocessors are GDPR-compliant, ISO 27001 certified, and have servers located in the EU/EEA.
The complete list is available in our Security page.
| Subprocessor | Service | Location |
|---|---|---|
| Open Telekom Cloud | Cloud provider | Germany |
| Microsoft Azure | Cloud provider | EU/EEA |
| Amazon Web Services | Cloud provider | EU |
| DeepL | Translation | EU |
Data Transfers
Data Transfers
All data processing occurs within the European Economic Area (EEA):
- User data is stored in Germany
- AI processing occurs on EU-based servers
- No data is transferred to the United States
Data Protection Officer
Data Protection Officer
For GDPR questions or to exercise your rights: privacy@libratech.aiFor documentation (TOMs, subcontractor list), visit the Security page. Our terms, including the DPA, are available at libratech.ai/terms.
Security Controls
Libra maintains comprehensive security controls verified through our Security page:Infrastructure Security
Infrastructure Security
- Capacity management: Resource utilization is monitored and adjusted to meet current and projected requirements
- Password policies: All system components are configured according to enterprise security policies
Organizational Security
Organizational Security
- Business continuity plans: Documented BC/DR plans with defined communication channels to ensure information security continuity
- Annual testing: BC/DR plans are tested annually
- ICT readiness: Planned, implemented, maintained, and tested based on business continuity objectives
- Data backup: Regular backups of information, software, and systems with periodic recovery testing
Product Security
Product Security
- Incident response: Documented security and privacy incident response policies communicated to authorized users
- Supplier management: Information security requirements defined and contractually agreed with all suppliers
- Incident planning: Processes, roles, and responsibilities for information security incident management
Data & Privacy Controls
Data & Privacy Controls
- Encrypted transmission: Secure protocols ensure encryption of confidential data during transmission over public networks
- Encrypted remote access: Remote access to production systems is restricted to authorized employees via approved, encrypted connections only
- Data encryption at rest: Storage systems containing sensitive customer data are protected with appropriate encryption
- Privacy impact assessments: Conducted for processing activities that pose high risks to data subjects’ rights and freedoms