trust center · as of 2026-04-20

Trust Center

Our full status on security, privacy and governance. Not as marketing — as accountability.

section b

Core promise

For governments, sovereignty is not a preference but an obligation. EU AI Act, GDPR, NIS2, BIO — every regulation imposes requirements on how you handle data, models and decision-making. We have not translated those requirements into a checklist page. We have built them into the architecture.

section c

Data-class-driven architecture

Four classes. Per class: who may see it, which AI model may touch it, where it may run.

L2Geheim

PII, klacht- en meldingsdata

Persoonsgegevens, klachtdossiers, medische info. Draait op een zelf-gehost open model (Llama, Qwen, Mistral) via Ollama, binnen klant-infrastructuur of een MurmurWorks OnPremise-omgeving. Data verlaat de klantomgeving fysiek niet — ook niet voor embeddings of indexering. Strikt need-to-know toegang, altijd gelogd.

AI-provider
Zelf-gehost open model (Ollama)
Hosting
Klant-infrastructuur of MurmurWorks OnPremise

Eén platform. Vier veiligheidsklassen. De classificatie bepaalt automatisch welk AI-model de data mag raken. Geen instelling — architectuur.

section d

Four pillars

Security Model Selection, EU AI Act, GDPR, human oversight — click through for full detail.

Security Model Selection

Murmur | Works chooses the AI model per task and per data sensitivity. A public news article may hit a frontier model for maximum quality; a complaint file with special-category personal data physically cannot reach a commercial cloud. The choice is not a setting — it is architecture.

How it works

EU AI Act ready

Human oversight, risk management, technical documentation, audit log — the Act's obligations are built in, not bolted on. Working on a high-risk application? We activate the heavier set (conformity assessment, EU database registration).

Our Act positioning

GDPR built-in, not bolted-on

Your data stays on Dutch or EU soil. We are processor, you are controller — with a standard data processing agreement per art. 28. Extra-sensitive data is stored strictly separated, with its own security. All data is encrypted — at rest and in transit. When a citizen requests erasure, we actually erase everything: raw data, derived analyses, copies.

Request DPIA template

Always human-decided, always traceable

Every outgoing action requires human approval. Every AI call is logged — which document, which model, which prompt, which response, which classification. Stored immutably, reported per quarter in anonymised form.

Sample transparency report

section e

Certifications & roadmap

Standard / framework Status Target
GDPR conformitySecured in architecture + DPAOngoing
EU AI Act (GPAI)ConformingApplies from Aug 2026
ISO 27001In preparationQ4 2026
NEN 7510 (healthcare variant)Under considerationDepending on market demand
BIO (Dutch Gov Baseline)Gap analysis plannedQ3 2026
NIS2Depending on client categorisationResearch in 2026
Pen-test (external)Annually from 2026 Q3Ongoing
SOC 2 Type IINot plannedEU market, ISO 27001 prevails

section f

Honest gap analysis

What we don't have (yet):

  • No SOC 2 (priority: European standards)
  • No formal 24/7 SOC yet (on-call + monitoring in place)
  • Pen-test is annual, not continuous (internal Dependabot + Snyk in place)
  • Red-team exercises: planned Q4 2026, not yet executed
  • Model-card documentation for 3rd-party models: depends on provider disclosure

section g

Measurable promises

Includable in contracts.

  • 100%

    of data above L1 never forwarded to commercial cloud providers

  • < 30 days

    processing GDPR access or erasure requests

  • 100%

    of outgoing actions require human approval

  • 1 business day

    full audit-trail access for the client

  • 0%

    client training data leaves their environment for model training

section h

Request the security dossier

Specific security or privacy questions from your counsel, DPO or CISO? Request our security dossier — then we schedule a substantive conversation, not a sales call.

Request security dossier