Trust & Security

How we protect your supply chain data

Pangea Intelligence is built EU-first. All data stays within European infrastructure, we do not train AI models on customer inputs, and we do not share data with third parties.

Hosting & Location

Frontend: Cloudflare Pages (EU edge)
API & Database: Hetzner Online GmbH, Nuremberg, Germany (ISO 27001 certified)
AI Inference: Cloudflare Workers AI, EU region (Llama 3.3 70B, open weights)
No US-based processors for customer data or AI inference

Data Flow

Customer

→

Cloudflare EU Edge

→

API Hetzner DE

→

PostgreSQL Hetzner DE

What we store

Customer account data (email, organization, API key)
Supplier and route data you provide for risk analysis
Access logs (30 days retention, then purged)

What we do NOT do

No resale or sharing of customer data
No use of customer data for AI training
No US-hosted processing of customer data
No third-party tracking, cookies, or analytics scripts on the public site

Encryption

In transit: TLS 1.3 (HSTS enforced)
At rest: AES-256 (PostgreSQL volume encryption)
Backups: daily, encrypted, 14-day retention

AI Processing

Pangea AI runs on Cloudflare Workers AI in the EU region using Llama 3.3 70B (Meta, open weights). Prompts and responses are not retained by the inference provider for training. Score explanations are cached in Cloudflare KV (EU) for 24 hours to reduce latency and cost. No OpenAI, Anthropic, or other US AI providers are used for customer-facing inference.

Compliance

GDPR compliant (Art. 28 data processing agreement available on request)
EU-only subprocessors (Hetzner DE, Cloudflare EU)
Data Processing Agreement (AVV / DPA) on request

Contact

Security questions, DPA requests, or incident reports: contact@pangea-intelligence.eu