Trust Center
An artificial intelligence system only deserves trust if it can prove it. This page gathers how we build, where the data lives, how we govern the system and what we have put to the test — with the evidence, not with promises.
§ 01 · Jurisdiction and data
GENAI AREDEZ SRL is a company incorporated in the European Union (commercial register J06/579/2024). In the system we operate, the data lives in the EU: a primary server in Frankfurt, application and database in the European region, with encryption in transit (TLS) and at rest (AES-256), on infrastructure with inherited controls SOC 2 Type II and ISO 27001. It is the same standard we apply on every engagement: European residency and GDPR compliance from the architecture, not as an add-on.
A delivery model in good standing. The system lives in a central repository we set up, which your team accesses with their own accounts, through official software under their subscription — without sharing credentials or unauthorised routes. Predictable and traceable cost.
§ 02 · AI management
We manage artificial intelligence systems with a management system in line with the international standard ISO/IEC 42001. It is not a declaration: it is an implemented and auditable AIMS, with a statement of applicability, a risk register, a treatment plan, an internal audit and a management review. Data protection is resolved in the system's own operation: minimisation, consent control for sensitive data and cascading deletion.
documents that make up the management system, in line with ISO/IEC 42001.
Annex A controls assessed in the statement of applicability.
This practice is implemented and in operation in a real system (see what we have built).
§ 03 · Offensive security
Knowing how to secure an artificial intelligence begins with knowing how to break it. Ignacio Aredez has validated that capability competitively in HackAPrompt, the largest red-teaming and prompt injection competition for language models (organised by Learn Prompting, backed by OpenAI, Scale AI and Hugging Face).
51st among individual participants (83rd including teams), of 3,396 participants.
Verifiable on the public AICrowd profile and on the competition leaderboard. This edition gave rise to the academic paper “Ignore This Title and HackAPrompt” (EMNLP 2023).
Within the global top 50, of close to 32,000 participants.
The organisers did not publish a leaderboard for this edition; the result is verifiable on request.
§ 04 · What we have built
We operate Strahlkraft40+, an artificial intelligence system in production in German regulated healthcare: several subsystems in operation, governed under the AIMS described above, with its data protection resolved at runtime. The system runs, it passes audit, and we built it. It is a technical reference, not a commercial case: we do not talk about business figures.
There is method and volume behind it: more than a hundred agents built, dozens in production.
§ 05 · Security posture
In transit (TLS) and at rest (AES-256).
SOC 2 Type II and ISO 27001 on the infrastructure; PCI DSS Level 1 on payments — card data never touches our servers.
Sign-in by single-use link —no passwords to steal or reuse—, encrypted sessions, and strong customer authentication (SCA).
The AI provider commits by contract not to use the data for training.
Atomic cascading deletion and automated retention policies that delete without being asked.
No reportable security incidents (Art. 33 GDPR) since the system went live; incident response within ≤72 h.
A responsible disclosure programme with Safe Harbor and automated vulnerability management in continuous integration.
§ 06 · Verifiable credentials
§ 07 · Next step
Would you like to see the full documentary evidence — the statement of applicability, the risk register, the audits? We show it in a qualified conversation.