Your data stays in the EU. By design. Not by exception.

VidiLex is built for organizations that require strict data residency, data protection, and operational transparency — without compromising usability.

Review EU data handling Talk to us about compliance
VidiLex dashboard showing searchable video knowledge platform
Built for teams at scale
Works across languages
EU-grade privacy by default
EU data residency
GDPR-first
No training on your data
Audit-ready logging

Why data sovereignty is not optional

For many organizations — especially in Europe and the public sector —
data protection is not a preference. It's a requirement.

Concerns we hear often:

  • "Where is our data stored — really?"
  • "Which third parties can access it?"
  • "Is our data used to train models?"
  • "Can we explain this setup to auditors or works councils?"

If those questions remain unanswered, tools don't get approved — no matter how useful they are.

The VidiLex principle

Your data remains under your control,
within European infrastructure,
and is never used for model training.

This is not an add-on.
It is part of the platform's design.

EU data residency — clearly defined

All core customer data is handled within the European Union:

  • Video files
  • Transcripts and metadata
  • Search indexes and embeddings
  • User and workspace data

No silent replication.

No hidden cross-region transfers.

If processing components can be configured by region, this is made explicit.

EU-hosted infrastructure

Netcup GmbH - EU hosting provider

All customer data is hosted in Germany

German data centers
GDPR-compliant hosting
No data transfer outside EU

AI processing without data leakage

OpenRouter
Nebius AI
AssemblyAI

AI usage without data leakage

VidiLex uses AI to make video searchable and useful —
without compromising data ownership.

What this means in practice:

  • Your content is not used to train models
  • Requests follow zero-retention policies
  • Processing happens only to deliver your results
  • No reuse of customer data across tenants

You get the benefits of AI — without losing control.

Provider breakdown — when and where

VidiLex uses different providers for different functions. This table clarifies which provider is used for each function, where processing occurs, and how data is handled.

Function Provider Region Retention Policy Data Sent
Transcription AssemblyAI Ireland (EU endpoint) / USA (US endpoint) Zero-day retention Audio/video content for transcription, timestamps, detected language
LLM Inference Nebius AI (EU endpoint) / OpenRouter (US endpoint) Netherlands (EU) / USA (US) Zero-day retention Text segments for LLM requests
Embeddings Nebius AI Netherlands Zero-day retention Text segments for embedding generation
Email Resend USA Per provider policy Recipient email address and invitation content

Note on endpoint configuration: VidiLex supports configurable endpoint routing. When the EU endpoint is selected, LLM operations use Nebius (Netherlands) and transcription uses AssemblyAI's EU endpoint (Ireland). When the US endpoint is selected, LLM operations use OpenRouter (USA) and transcription uses AssemblyAI's US endpoint. Embeddings always use Nebius (Netherlands) regardless of endpoint setting.

Data Processing Agreements (DPAs) and Technical and Organizational Measures (TOMs): Available on request. Contact us for documentation suitable for legal or procurement review.

Controlled access — by default

Workspace-based isolation
Role-based access control
No cross-customer visibility
Explicit permission boundaries

This applies equally to:

  • • internal users
  • • external collaborators
  • • customer-facing workspaces

Audit-ready by design

VidiLex includes built-in audit logging for security-relevant actions:

  • logins and access events
  • permission changes
  • content creation and deletion
  • configuration changes

Logs are:

  • append-only
  • retention-controlled
  • suitable for audit and incident review

This supports internal reviews, external audits, and compliance frameworks.

Audit log dashboard showing event-based audit logs with summary cards, filters, and event table

Suitable for regulated environments

VidiLex is designed to be explainable — not just functional.

This matters for:

  • works councils (Betriebsräte)
  • data protection officers
  • procurement and legal teams
  • public-sector approval processes

Clear answers beat vague assurances.

What VidiLex explicitly does not do

  • No training on customer data
  • No selling or sharing of content
  • No opaque subprocessors
  • No uncontrolled data transfers

If something is not needed to deliver the service, it is not done.

Designed for trust, not just speed

VidiLex is used by organizations that:

  • operate under strict data protection rules
  • require EU data residency
  • need systems they can defend internally

You should never have to justify a tool you rely on.

Let's talk about your requirements

If EU data residency, GDPR compliance, or public-sector suitability matter to you,
we're happy to walk through the details.

Talk to us about compliance View security documentation