Security & Compliance

Does MiOpsAI comply with GDPR for European customers?

Yes — MiOpsAI is GDPR-compliant for European customers and end users, with the legal, technical, and operational controls required by Articles 5, 17, 20, 25, 28, and 32 of the regulation. This includes data subject access requests, the right to erasure ("right to be forgotten"), data portability, privacy by design, processor agreements, and security of processing.

What our GDPR compliance covers

  • Data Processing Agreement (DPA): Available on request and signed before any EU customer data is processed
  • Lawful basis for processing: Clearly documented per data category (contract performance for client data, legitimate interest for usage analytics, consent for optional features)
  • Right of access: Customers can export all personal data held about them or their end users in a structured, machine-readable format (JSON or CSV)
  • Right to erasure: Hard-delete requests honored within 30 days, with confirmation log retained for compliance audit
  • Right to rectification: Inline editing of any client record, with version history preserved per our Hard Rules
  • Data portability: Full export of client data, communications, tasks, and history in standard formats
  • Privacy by design: Tenant isolation means each client's data stays separated by default — no cross-tenant queries possible
  • Security of processing: AES-256 at rest, TLS 1.3 in transit, encrypted backups, access logging
  • Breach notification: 72-hour notification SLA to affected customers and supervisory authorities
  • Sub-processor transparency: Public list of sub-processors (cloud infrastructure, AI providers like OpenAI and Anthropic) with notification of changes

EU data residency

Standard MiOpsAI infrastructure is hosted in the United States. EU customers requiring EU-based data residency for compliance with national addenda (Schrems II considerations, sector-specific regulations) can request EU hosting on the Enterprise+ tier — see our pricing page for custom quote details.

AI sub-processors and GDPR

LizziAI uses OpenAI and Anthropic as model providers. Both are bound by their own DPAs that flow through to your DPA with us. No customer data is used to train shared foundation models. Request beta access or contact us for a DPA copy.

Last updated April 20, 2026

Related questions

Is MiOpsAI SOC 2 compliant?Does MiOpsAI use my data to train AI models?How does MiOpsAI handle data breaches and incidents?Can I delete all my data from MiOpsAI permanently?Does MiOpsAI comply with CCPA for California residents?Is MiOpsAI HIPAA compliant for healthcare clients?

Ready to see MiOpsAI in action?

Request access and we’ll walk you through how the platform solves your specific workflow.

Request Access →