Security and Privacy

at muffintech

Security and Privacy

at muffintech

Security and Privacy

at muffintech

At muffintech, the security of your data is our top priority. In a world driven by artificial intelligence, we understand how important the protection of personal information is.

At muffintech, the security of your data is our top priority. In a world driven by artificial intelligence, we understand how important the protection of personal information is.

Security at muffintech is non-negotiable. We rely on the best technologies and comprehensive measures to protect your data and privacy. Your trust is our highest priority, and we ensure that all users have a safe and reliable experience.

Security at muffintech is non-negotiable. We rely on the best technologies and comprehensive measures to protect your data and privacy. Your trust is our highest priority, and we ensure that all users have a safe and reliable experience.

Safe AI – security you can trust

Safe AI – security you can trust

01

01

As proof of our commitment, we have appointed Tomas Gan as Chief Information Security Officer (CISO). Through these measures, we ensure compliance with legal and regulatory requirements, while reinforcing the trust of our partners and customers.

As proof of our commitment, we have appointed Tomas Gan as Chief Information Security Officer (CISO). Through these measures, we ensure compliance with legal and regulatory requirements, while reinforcing the trust of our partners and customers.

Our Information Security Management System (ISMS) is certified according to ISO 27001:2022, and we use continuous audits and monitoring systems to ensure the protection of your data. We identify, assess, and minimize all data protection risks through stringent security controls.

Our Information Security Management System (ISMS) is certified according to ISO 27001:2022, and we use continuous audits and monitoring systems to ensure the protection of your data. We identify, assess, and minimize all data protection risks through stringent security controls.

Data protection guarantee

Data protection guarantee

02

02

We implement comprehensive Technical and Organizational Measures (TOM) to ensure the security and protection of personal data. Our employees undergo regular training, and compliance with these measures is routinely monitored.

We implement comprehensive Technical and Organizational Measures (TOM) to ensure the security and protection of personal data. Our employees undergo regular training, and compliance with these measures is routinely monitored.

Technical and organizational measures (TOM) in accordance with the GDPR

Technical and organizational measures (TOM) in accordance with the GDPR

We maintain detailed records of all processing activities, including risk analyses and Data Protection Impact Assessments (DPIA), to ensure compliance with all data protection requirements. Third parties involved in our data processing are subject to strict contractual agreements.

We maintain detailed records of all processing activities, including risk analyses and Data Protection Impact Assessments (DPIA), to ensure compliance with all data protection requirements. Third parties involved in our data processing are subject to strict contractual agreements.

Documentation of data processing

Documentation of data processing

muffintech strictly adheres to the legal foundations of data processing. New processes are developed with a strong focus on data protection, and we have implemented strict IT usage policies to ensure both data privacy and compliance with AI regulations.

muffintech strictly adheres to the legal foundations of data processing. New processes are developed with a strong focus on data protection, and we have implemented strict IT usage policies to ensure both data privacy and compliance with AI regulations.

Data protection regulations and AI Act compliance

Data protection regulations and AI Act compliance

Our employees are thoroughly trained and committed to adhering to data protection policies, promptly reporting incidents, and participating in regular audits to ensure compliance with data protection regulations.

Our employees are thoroughly trained and committed to adhering to data protection policies, promptly reporting incidents, and participating in regular audits to ensure compliance with data protection regulations.

Internal protective measures

Internal protective measures

Data processing and protection measures

Data processing and protection measures

03

03

Our advanced security solutions identify vulnerabilities and threats as they emerge, and respond immediately to protect the integrity of your data. In the event of an incident, we promptly notify both the authorities and the affected individuals if necessary.

Our advanced security solutions identify vulnerabilities and threats as they emerge, and respond immediately to protect the integrity of your data. In the event of an incident, we promptly notify both the authorities and the affected individuals if necessary.

Real-time threat detection and prevention

Real-time threat detection and prevention

Our systems are active around the clock to detect potential security threats in real time and address them immediately. Thanks to our continuous monitoring processes, we ensure that your data is protected at all times.

Our systems are active around the clock to detect potential security threats in real time and address them immediately. Thanks to our continuous monitoring processes, we ensure that your data is protected at all times.

24/7 protection for your data

24/7 protection for your data

Continuous monitoring and threat detection

Continuous monitoring and threat detection

04

04

We have developed an automation tool that can identify and anonymize personal data. This tool can be implemented upon request to ensure additional security measures. We always process personal data within the framework of data processing agreements (DPA) and do not use chat data for model training.

We have developed an automation tool that can identify and anonymize personal data. This tool can be implemented upon request to ensure additional security measures. We always process personal data within the framework of data processing agreements (DPA) and do not use chat data for model training.

Automation tool for detecting personal data

Automation tool for detecting personal data

05

05

All data is hosted on Microsoft Azure servers in Frankfurt, within the EU. We ensure that all data processing complies with the stringent requirements of the GDPR and guarantee that no data is used for model training. Microsoft contractually commits to using the data solely for the purposes agreed upon in the contract.

All data is hosted on Microsoft Azure servers in Frankfurt, within the EU. We ensure that all data processing complies with the stringent requirements of the GDPR and guarantee that no data is used for model training. Microsoft contractually commits to using the data solely for the purposes agreed upon in the contract.

Hosting and data processing in the EU

Hosting and data processing in the EU

06

06

Person responsible at muffintech

Person responsible at muffintech

Our founder, Tomas Gan, serves as COO and CISO, overseeing all information security and data protection matters. He ensures that all processes meet the highest security standards and are GDPR-compliant, leading the ISMS and being responsible for the ISO27001 certification.

Our founder, Tomas Gan, serves as COO and CISO, overseeing all information security and data protection matters. He ensures that all processes meet the highest security standards and are GDPR-compliant, leading the ISMS and being responsible for the ISO27001 certification.