How does amaise meet data protection requirements (GDPR, nDSG, US)?
amaise operates three independent regional environments — Swiss, EU, and US. Each environment is a dedicated deployment: customer data, processing, backups, and AI inference for that environment stay within the corresponding regional perimeter. Customers select the environment that matches their regulatory and data-residency requirements. Since the core privacy principles — purpose limitation, data minimization, transparency, security, and data subject rights — align broadly across jurisdictions, all customers benefit from the same high baseline of controls, with regulator-specific obligations honored by the corresponding environment.
EU environment — GDPR:
Data processing agreement (DPA) compliant with Art. 28 GDPR
Notification obligation within 72 hours (Art. 33/34)
Data residency in the EU (AWS Frankfurt)
Details: see GDPR compliance
Swiss environment — nDSG (effective since September 1, 2023):
Data residency in Switzerland (AWS Zurich, Azure OpenAI Switzerland North)
Tenant-specific encryption (dedicated KMS key per tenant)
Documented data deletion (8-step process at contract termination; supports nDSG Art. 6)
Compliance with Art. 321 StGB (professional secrecy: medical confidentiality, attorney-client privilege)
Notification to the FDPIC according to nDSG Art. 24
Processing record according to nDSG Art. 12
US environment — US data protection:
Data residency in the USA (AWS Ohio)
Compliance with applicable state privacy laws (e.g., CCPA/CPRA)
Security controls aligned with HIPAA requirements for healthcare customers
Industry-specific compliance available on request
International organizations:
amaise supports the requirements of international organizations and can address specific compliance needs on a customer basis.
See also: Data regions · Cross-border transfers · Sub-processors · Customer-managed keys (BYOK)
For specific compliance inquiries, please contact us at [email protected].