Skip to main content
CrawlQStudio
Try it

Trust & security

Intelligence you can defend.
Data you still own.

CrawlQ Studio is built for teams whose content has to survive Legal, Compliance, and a Board-room question. Here is how we design for that, end to end.

Where your data lives

European Union by default.

Studio runs on European AWS infrastructure — not a pass-through, not a configurable add-on, the primary deployment.

Data residency

European AWS infrastructure

Your workspace, your documents, your brand map, and every AI response all run from our EU region. GDPR is the starting line, not a bolt-on.

  • GDPR-native

    Data processing agreement available on request. Subject-access requests handled directly by support.

  • EU AI Act ready

    Designed for the governance obligations landing in the EU AI Act, including record-keeping, transparency, and human oversight requirements.

  • No transatlantic transfers by default

    EU customer data stays inside the EU region. Any exception requires explicit customer consent and is documented.

  • Encryption in transit and at rest

    TLS 1.2+ in transit. AWS-managed encryption at rest for storage and database tiers.

How accounts stay yours

Auth built for teams that get audited.

Enterprise-grade identity on day one, not a paywalled add-on.

Identity

Amazon Cognito + TOTP MFA

Accounts are backed by Amazon Cognito. Time-based one-time-password (TOTP) multi-factor authentication is available from day one — compatible with any authenticator app.

  • Cognito-backed sessions

    Industry-standard session tokens. No custom auth rolled in-house.

  • TOTP MFA available

    Turn it on from your profile. Recovery codes are generated and shown once for offline storage.

  • No forced password resets on migration

    Legacy CrawlQ accounts move to Studio without a reset dance. Same email, same credentials.

  • Least-privilege admin surfaces

    Team roles scoped to the workspace. No blanket admin tokens in customer-facing code paths.

Your brand data

Still yours. We do not train on it.

Your documents, your brand map, and the content you generate stay yours. We don't use them to improve our AI. We don't let any model provider use them either.

Data sovereignty

No training on customer data

Customer content does not enter any training pipeline — not ours, not the model provider's. Inference is the full extent of what any model sees.

  • Zero training on brand data

    Your uploads, your conversations with Athena, and your generated outputs do not feed model training. Ever.

  • Isolated workspaces

    Your brand data lives inside your workspace. It is never mixed with any other customer's data.

  • Deletion is your explicit choice

    When you delete content, it is taken out of active storage. Backups age out on a documented retention window.

  • Export without ransom

    Your documents, your outputs, and everything Studio has learned about your brand can be exported at any time. You are never locked in.

How AI stays accountable

Human-in-the-loop, by design.

Every AI output is ranked, evidenced, and reviewable before it ships. The human decides; the platform surfaces the argument.

AI governance

Evidence on every output

Studio is built around the BRAND score and citation-backed reasoning, so every output carries an explanation your Legal team can read.

  • BRAND score on every output

    Five dimensions — fidelity, reasoning, audience alignment, novelty, deliverability. Nothing ships without a score.

  • Citation-backed research

    Athena's answers surface the knowledge-graph entities they drew from, so claims can be traced to their source.

  • Reversible by default

    Drafts are drafts. Approval is explicit. Nothing auto-publishes, nothing auto-sends.

  • Audit trail

    Every generation, every review action, and every Canvas run is logged inside the workspace for your records.

Legal + procurement

DPA, security reviews, procurement questionnaires.

Send us your questionnaire. We answer directly, in writing, usually within two business days.

Request the Data Processing Agreement

Mention your company name and the products you plan to use. Our DPA template covers the standard GDPR Article 28 posture.

Request the DPA