Home/Trust Center

Trust Center

We believe compliance should be verified, not just claimed. That's why we use independent, automated security scanning to continuously assess our infrastructure against regulatory frameworks.

How It Works

Our compliance posture is assessed by SecurityGuru — an independent, automated platform that scans infrastructure against 500+ security rules and maps findings to regulatory frameworks like GDPR, SOC 2, ISO 27001, and NIS2.

Learn more about SecurityGuru

Frameworks We Map Against

SecurityGuru scans our infrastructure and maps the results to the following regulatory frameworks. Current scores and detailed findings are available on our SecurityGuru profile.

GDPR

General Data Protection Regulation — EU data protection requirements including data processing agreements, security of processing, breach notification, and privacy by design.

SOC 2

Service Organization Control 2 — Trust service criteria covering security, availability, processing integrity, confidentiality, and privacy.

ISO 27001

International standard for information security management systems, covering 93 controls across organizational, people, physical, and technological domains.

NIS2

Network and Information Security Directive 2 — EU directive on cybersecurity risk management and incident reporting obligations.

Scanning Methodology

SecurityGuru uses a four-step process to assess compliance posture:

Scan

Automated scanning against 500+ security rules across categories including network, web, TLS, secrets, configuration, email, and endpoints.

→

Map

Each finding is mapped to specific regulatory requirements — GDPR articles, SOC 2 controls, ISO 27001 Annex A controls.

→

Score

Compliance scores are calculated per framework based on the ratio of passing controls to total applicable controls.

→

Report

Results are published in a live dashboard. Four signal types per requirement: technical scan, policy document, attestation, and external audit.

Our Security Architecture

Key architectural decisions that underpin our compliance posture:

Zero data retention

Prompts are processed in GPU memory (RAM) and discarded after response delivery. No persistent storage of customer data.

EU-only infrastructure

All compute and networking runs in Stockholm, Sweden. No US sub-processors.

Tenant isolation

Dedicated GPU compute per customer workload with no shared memory spaces.

Encryption in transit

TLS 1.3 enforced on all API endpoints.

FAQ

Who performs the security scanning?

SecurityGuru (securityguru.se) — an independent, automated compliance scanning platform. JuiceFactory does not self-assess; results are generated by SecurityGuru's scanning infrastructure.

How often is the infrastructure scanned?

SecurityGuru runs scans continuously. Results on their platform reflect the most recent scan data.

Is EU hosting enough for GDPR compliance?

No. EU hosting eliminates cross-border transfer issues, but GDPR also requires a Data Processing Agreement (Art. 28), security measures (Art. 32), breach notification procedures (Art. 33), and privacy by design (Art. 25).

How can I learn more about your security posture?

Use the contact form below to reach our security team. We're happy to discuss compliance details, share relevant documentation, and answer specific questions about our infrastructure.