Swiss-built. Swiss-hosted. Swiss-compliant. Enterprise-grade security with role-based access control, organization isolation, and encryption throughout the platform. Fully FADP & GDPR compliant. AI processing never stores your data.
Request detailed security documentation for your security review.
Product
Technical Documentation
Legal
Data Processing Agreement
Legal
Subprocessors List
A detailed look at our security architecture, data residency, AI processing flow, and compliance measures.
Votaris is built to meet the security and privacy standards of Switzerland's most demanding organizations. Our architecture is designed from the ground up to protect sensitive governance data, preserve confidentiality, and provide the transparency governance and IT teams require.
Every aspect of the platform, from role-based access control and organization isolation to encryption and audit logging, is built around the trust and confidentiality that governance work demands.
All data is encrypted in transit with TLS 1.3 and at rest with AES-256 encryption across all providers. No exceptions.
Strict data separation ensures users access only their organization and assigned spaces, enforced at every level of the stack.
Data and files stay in Switzerland (Supabase). AI inference runs in Switzerland (AWS Bedrock); text fragments stay in Pinecone Ireland.
Designed for regulated industries. FADP & GDPR compliant, with provider DPAs and FINMA-ready cloud providers contracted as auxiliary persons.
Votaris implements comprehensive data isolation at every level. Role-based access control ensures users can only access assigned spaces, while organization-scoped queries keep your governance data completely separate. Here is what this protects:
Each space has its own secure document library with dedicated vector storage for AI-powered semantic search.
All AI conversations are scoped to your space. Chats are private by default and can be shared with space members when needed.
Strict tenant separation ensures complete isolation between organizations at every level of the stack.
All meeting data—agendas, minutes, votes, decisions, and signatures—remains private to your space and organization.
Complete audit trails for security and compliance purposes, scoped to your organization and visible only to owners.
All file attachments and uploaded documents are stored in Switzerland with organization-level access controls.
All data is protected by strict access controls, encrypted at rest using AES-256 encryption, and governed by Swiss data protection law. Organization owners can immediately revoke access by deactivating the organization.
We use AWS Bedrock in Switzerland to power our AI assistant. Your data is never stored by the AI provider or used for training. Here is exactly how processing works:
Your question is sent over an encrypted TLS connection to Votaris servers hosted on Vercel (Frankfurt, EU).
Your message is combined with relevant context from your governance documents, meeting minutes, and tasks through our RAG pipeline, powered by Pinecone (Ireland, EU).
The prepared prompt is sent over an encrypted connection to AWS Bedrock in Switzerland. This transmission takes a fraction of a second.
The AI model processes your prompt entirely in memory. No data is written to disk. No data is stored. No data is used for training. No human ever sees your prompt.
The AI response streams back to you in real time and is stored in your conversation history in Supabase (Switzerland) with a full audit trail.
Votaris is designed to meet the compliance requirements of Swiss corporations, foundations, and regulated institutions. From day one, our architecture has been built around Swiss data protection law and governance confidentiality obligations.
Fully compliant with Swiss FADP and EU GDPR. Ireland is on the Swiss adequacy list, so no additional safeguards are required for Pinecone data.
AES-256 encryption for all data at rest and TLS 1.3 for all data in transit. Industry-leading encryption protocols protect your data at every stage.
Cloud providers contracted as auxiliary persons. No approval needed under FINMA guidelines. DPAs signed with all providers: Supabase, AWS Bedrock, Pinecone, and Vercel.
Your data is never used to train AI models. Strict contractual agreements with our AI infrastructure providers prohibit the use of customer data for model training.
Run meetings, manage documents, and make decisions with AI-assisted workflows and Swiss data protection. No compromises on security or compliance.