Trust & Security

How we protect your supply chain data

Pangea Intelligence is built EU-first. All data stays within European infrastructure, we do not train AI models on customer inputs, and we do not share data with third parties.

Data Residency: 100% EU

  • API + Database: Hetzner Nuremberg, Germany (ISO 27001)
  • CDN + Edge: Cloudflare EU endpoints (Frankfurt POP)
  • E-Mail: Resend EU endpoint
  • AI (opt-in): Anthropic Ireland, Cloudflare Workers AI EU

No US processing. No US subprocessors. No data leaves the EU.

Hosting & Location

  • Frontend: Cloudflare Pages (EU edge)
  • API & Database: Hetzner Online GmbH, Nuremberg, Germany (ISO 27001 certified)
  • AI Inference: Cloudflare Workers AI, EU region (Llama 3.3 70B, open weights)
  • No US-based processors for customer data or AI inference

What we store

  • Customer account data (email, organization, API key)
  • Supplier and route data you provide for risk analysis
  • Access logs (30 days retention, then purged)

What we do NOT do

  • No resale or sharing of customer data
  • No use of customer data for AI training
  • No US-hosted processing of customer data
  • No third-party tracking, cookies, or analytics scripts on the public site

Encryption

  • In transit: TLS 1.3 (HSTS enforced)
  • At rest: AES-256 (PostgreSQL volume encryption)
  • Backups: daily, encrypted, 14-day retention

AI Processing

Pangea AI runs on Cloudflare Workers AI in the EU region using Llama 3.3 70B (Meta, open weights). Prompts and responses are not retained by the inference provider for training. Score explanations are cached in Cloudflare KV (EU) for 24 hours to reduce latency and cost. No OpenAI, Anthropic, or other US AI providers are used for customer-facing inference.

Subprocessors

We use EU-based subprocessors only (e.g. for hosting, edge delivery, transactional email and opt-in AI inference). The complete, up-to-date list is part of our standard data processing agreement under Art. 28 GDPR and is provided on request.

Request the list: contact@pangea-intelligence.eu

Compliance

  • GDPR-compliant, EU subprocessors only
  • Data processing agreement under Art. 28 GDPR on request

Please request a signed standard DPA or a negotiated DPA directly: contact@pangea-intelligence.eu

Contact

Security questions, contract requests, or incident reports: contact@pangea-intelligence.eu