Trust Center

Security is embedded into the design, development, and operation of our platform from the ground up. We follow Secure Software Development Lifecycle practices with logical separation between development, staging, and production environments. Change management processes ensure controlled and auditable deployments, with secure configuration standards applied across all infrastructure and applications.

Our infrastructure is hosted with trusted cloud providers that maintain rigorous security controls. Network segmentation and firewall rules reduce the attack surface, while all production traffic uses encrypted connections. Data is encrypted at rest using industry-standard algorithms such as AES-256, and in transit using TLS 1.2 or higher.

Business continuity is ensured through regular backups of critical systems and data, with documented recovery procedures to support service continuity in the event of any incident.

G2-F uses AI technologies to support document processing and automation while maintaining the highest standards of security, transparency, and regulatory compliance. Customer data is never used to train or fine-tune AI models. Our AI systems are pre-trained and used exclusively to generate customer-requested outputs, with processing limited to the minimum data required to deliver the intended functionality.

All AI inputs and outputs are treated as Customer Data with temporary processing and limited retention periods. Logical isolation between customer sessions ensures complete data separation. AI-assisted outputs are designed to support, not replace, professional judgment. Human review and validation remain integral parts of the workflow, and all AI-generated content is provided for review and may require verification.

G2-F complies with GDPR requirements and acts as a data processor where applicable. Our processing activities are lawful, transparent, and purpose-limited. We practice data minimization and limited retention, implementing technical and organizational measures to protect personal data. We support data subject rights and maintain Data Processing Agreements with all customers. Our incident and breach response procedures are fully aligned with GDPR requirements.

Our AI practices are aligned with the principles and obligations of the EU AI Act. We adopt a risk-based approach to AI usage with full transparency regarding AI functionality and limitations. Human oversight over AI-assisted outputs is maintained at all times, with controls in place to prevent prohibited or unlawful uses.

We prioritize the protection of personal data and transparency in how data is handled. Personal data is processed only for defined and legitimate purposes, with data retention following a minimal-retention principle. Secure deletion procedures are applied when data is no longer required.

Internal privacy policies and procedures govern all data handling activities. Clear ownership of privacy and data protection responsibilities is established throughout the organization, with ongoing review of data flows and subprocessors to ensure continued compliance.

Additional documentation, including our security overview, subprocessor list, data flow overview, and incident response summary, is available upon request or under NDA.