The DSGVO Problem with AI Assistants
Most AI productivity tools are built by US companies, hosted on US infrastructure, and designed with US privacy assumptions. When a German founder connects their email and calendar to one of these tools, their data — client names, deal terms, internal discussions — crosses the Atlantic.
Under DSGVO, that creates a transfer mechanism problem. Standard Contractual Clauses help, but they are a legal workaround, not a technical solution. The data still sits on US servers, subject to US jurisdiction.
For founders who handle sensitive client information — consulting firms, advisory practices, portfolio companies — that is not acceptable.
How PILOT Handles DSGVO Compliance
PILOT was built in Germany, for German founders, with DSGVO compliance as an architectural constraint, not a feature added later.
EU-Only Infrastructure
Every component of PILOT runs in Azure Germany West Central: the application server, the PostgreSQL database, Azure Key Vault, blob storage, and AI processing via Azure OpenAI. There is no US region in the stack. No fallback. No analytics pipeline that routes data overseas.
This eliminates the Schrems II problem entirely. There is no cross-border transfer to justify.
Per-User Data Isolation
Each user's data lives in its own PostgreSQL schema. This is not row-level filtering on a shared table — it is physical isolation. A query in one user's context cannot access another user's data, even if the application has a bug.
For DSGVO purposes, this means data subject requests (access, deletion, portability) can be fulfilled cleanly. Your data is in one place, clearly bounded, and easy to export or destroy.
Field-Level Encryption
Personal data fields — names, email addresses, transcripts, decisions, contact notes — are encrypted with AES-256 using PostgreSQL's pgcrypto extension. This is application-layer encryption on top of Azure's default encryption at rest.
The practical effect: a database backup or a compromised admin account yields encrypted blobs, not readable personal data. This is a technical and organizational measure (TOM) under DSGVO Art. 32 that most competitors do not implement.
True Deletion (Art. 17 — Right to Erasure)
When you request deletion, PILOT drops your entire PostgreSQL schema. Every table, every row, every index — destroyed immediately. Not soft-deleted. Not retained for 30 or 90 days. Not anonymized and kept for analytics.
This is what Art. 17 actually requires: erasure without undue delay. Most SaaS products interpret "without undue delay" generously. PILOT interprets it literally.
No Password Database
PILOT authenticates exclusively through OAuth (Microsoft Entra ID or Google). There is no internal credential store. Under DSGVO, fewer categories of personal data mean lower risk. No passwords means no password hashes, no reset tokens, no breach notification for credential exposure.
Built for the German Market
PILOT is built by NOVELDO AI GmbH, a German company. The founder uses PILOT daily while running his own consultancy and AI startup across DACH. This is not a US product with a European region bolted on. It is a German product built for German privacy expectations.
If your Datenschutzbeauftragter asks hard questions, PILOT has real answers — not a marketing page with a shield icon.
FAQ
Frequently Asked Questions
Get Started
Get Early Access
Currently accepting 10 founding users.
You’ll hear from Sebastian directly.