Swiss-built. Swiss-hosted. Swiss-compliant. Enterprise-grade security with role-based access control, organization isolation, and end-to-end encryption. Fully FADP & GDPR compliant. AI processing never stores your data.
Request access to detailed security documentation for your security review.
Product
Technical Documentation
Legal
Data Processing Agreement
Legal
Subprocessors List
A comprehensive look at our security architecture, data residency, AI processing flow, and compliance measures.
Votaris is built to meet the security and privacy standards of Switzerland's most demanding organizations. Our architecture is designed from the ground up to protect sensitive board data, maintain confidentiality, and provide the transparency that governance and IT teams require.
Every aspect of our platform—from role-based access control and organization isolation to encryption and audit logging—has been built with the understanding that board governance demands the highest levels of trust and confidentiality.
All data encrypted in transit with TLS 1.3 and at rest using AES-256 encryption across all providers. No exceptions.
Strict data separation ensures users can only access data within their organization and assigned spaces—enforced at every level of the stack.
All application data and files stored in Switzerland (Supabase). AI inference runs in Switzerland (AWS Bedrock). Only text fragments stored in the EU (Pinecone, Ireland).
Architecture designed for regulated industries. FADP & GDPR compliant with DPAs signed with all providers. FINMA-ready with cloud providers as auxiliary persons.
Votaris implements comprehensive data isolation at every level. Role-based access control ensures users can only access their assigned spaces, while organization-scoped queries keep your governance data completely separate. Here's what this protects:
Each space has its own secure document library with dedicated vector storage for AI-powered semantic search.
All AI conversations are scoped to your space. Chats are private by default and can optionally be shared with space members.
Strict tenant separation ensures complete isolation between organizations at every level of the stack.
All meeting data—agendas, minutes, votes, decisions, and signatures—remains private to your space and organization.
Complete audit trails for security and compliance purposes, scoped to your organization and visible only to owners.
All file attachments and uploaded documents stored with organization-level access controls in Switzerland.
All data is protected by strict access controls, encrypted at rest using AES-256 encryption, and governed by Swiss data protection law. Organization owners can immediately revoke access by deactivating the organization.
We use AWS Bedrock in Switzerland to power our AI assistant. Your data is never stored by the AI provider or used for training. Here's exactly how the processing works:
Your question is sent over an encrypted TLS connection to Votaris servers hosted on Vercel (Frankfurt, EU).
Your message is combined with relevant context from your board documents, meeting minutes, and tasks through our RAG pipeline powered by Pinecone (Ireland, EU).
The prepared prompt is sent over an encrypted connection to AWS Bedrock in Switzerland. This transmission takes a fraction of a second.
The AI model processes your prompt entirely in memory. No data is written to disk. No data is stored. No data is used for training. No human ever sees your prompt.
The AI's response streams back to you in real-time and is stored in your conversation history in Supabase (Switzerland) with full audit trail.
Votaris is designed to meet the compliance requirements of Swiss corporations, foundations, and regulated institutions. Our architecture has been built with Swiss data protection law and governance confidentiality obligations in mind from day one.
Fully compliant with Swiss FADP and EU GDPR. Ireland is on the Swiss adequacy list—no additional safeguards required for Pinecone data.
AES-256 encryption for all data at rest and TLS 1.3 for all data in transit. Industry-leading encryption protocols protect your data at every stage.
Cloud providers contracted as auxiliary persons. No approval needed under FINMA guidelines. DPAs signed with all providers: Supabase, AWS Bedrock, Pinecone, and Vercel.
Your data is never used to train AI models. We have strict contractual agreements with our AI infrastructure providers that prohibit the use of customer data for model training.
Run meetings, manage documents, and make decisions—all powered by AI, with your data secure in Switzerland. No compromises on security or compliance.