Fencia analyzes technical documentation and detects compliance risks under the EU AI Act, GDPR and ISO 42001.

What documents can I scan?

PDF, DOCX and TXT files up to 25 MB: technical specifications, model cards, risk assessments, privacy policies.

Does Fencia replace legal advice?

No. Fencia is a RegTech support tool. It does not replace professional legal advice. Human review is recommended for final decisions.

TLS 1.3 + AES-256 encryption. GDPR-compliant European infrastructure. Minimal retention. Your documents are never used to train models.

Trust & Security Center

Your compliance documentation,
handled with the care it demands.

Fencia analyzes sensitive policies, contracts and technical documentation. Here we explain exactly how we protect that data, who processes it, and what safeguards apply.

Security measures

Encryption in transit

TLS 1.3 on every connection between your browser and our servers.

Encryption at rest

AES-256 for all stored data, including documents and analysis results.

Row-Level Security (RLS)

PostgreSQL Row-Level Security: each user can only access their own data at the database level.

Two-factor authentication

2FA available for all accounts. Authentication managed by Supabase Auth.

Production/staging separation

Isolated environments. Customer data is never used in development or testing.

Access monitoring

Immutable audit log and monitoring of anomalous access patterns.

How we handle your data with AI

We never train models on your documents

Your documents are sent to the model only to generate your analysis. They are not used to train or improve any AI model — neither ours nor the provider's.

Model provider

Analysis runs on Google Gemini via API. Google does not use data submitted through the API to train its models (Gemini API usage policy).

Minimal retention

We keep your documents and results only while your account is active or per your retention settings. You can delete individual analyses at any time.

Subprocessors

These are the providers that may process data on your behalf. We maintain data processing agreements (DPAs) with all of them.

Provider	Purpose	Data location	Safeguard
Supabase	Database, authentication and storage	EU (AWS Frankfurt)	GDPR / EU region
Vercel	Application hosting and deployment	EU / USA	SCCs
Google (Gemini API)	AI document analysis	USA	SCCs · no training
Stripe	Payment processing	USA	SCCs + PCI DSS
Vercel Analytics	Aggregated usage metrics (no PII)	USA	SCCs · no tracking cookies

Data residency and transfers

Your database and documents are hosted in the European region (AWS Frankfurt, via Supabase). Some subprocessors (hosting, AI, payments, analytics) are US-based companies and may process data outside the EEA. For those transfers we rely on the EU Commission's Standard Contractual Clauses (SCCs). We do not claim our entire infrastructure is 100% EU-only — we are transparent about what is processed where and under which safeguard.

Incident response

If you detect or suspect a security issue, email us at security@fencia.co. We investigate every report. In the event of a personal data breach that poses a risk, we will notify affected users and authorities in line with GDPR timelines (Art. 33-34).

Compliance posture

GDPR

Compliant processing, DPA available, data-subject rights handled

ISO 42001

Readiness in progress — voluntary AI management standard

SOC 2

On the roadmap — not yet certified

EU AI Act

Article-level analysis methodology, updated with each regulatory change

Legal documents

We're an early-stage company. We don't overstate certifications we don't have yet. What you see here is what we actually apply today.

Need more detail for your vendor review?

If your security team or DPO needs additional documentation (signed DPA, subprocessor list, security questionnaire), get in touch.

Contact security

Your compliance documentation,handled with the care it demands.