> ## Documentation Index
> Fetch the complete documentation index at: https://docs.botbrains.io/llms.txt
> Use this file to discover all available pages before exploring further.

# FAQ

> Answers to common legal, privacy, and security questions about botBrains

This page answers the questions procurement, legal, and security teams ask most often when evaluating botBrains. For anything not covered here, email [legal@botbrains.io](mailto:legal@botbrains.io).

## Which agreements govern botBrains?

| Document                                                | Purpose                                                                |
| ------------------------------------------------------- | ---------------------------------------------------------------------- |
| Commercial offer                                        | Governs commercial terms (pricing, scope, SLAs), collateral agreements |
| [Terms of Service](/terms-of-service)                   | The contract governing your use of the platform                        |
| [Data Processing Agreement](/data-processing-agreement) | Governs how botBrains processes personal data on your behalf           |

## Is botBrains a controller or processor?

You are the controller of the personal data in your conversations, and botBrains acts as your processor. botBrains in turn engages [subprocessors](/trust/subprocessors) to deliver the service. The [Data Processing Agreement](/data-processing-agreement) sets out the details of this relationship.

## Where does botBrains store and process data?

botBrains stores all application data in Germany.
We process your data within the EU, with our server infrastructure located in Germany. AI inference runs in the EU. No third-country transfer takes place. See [Subprocessors](/trust/subprocessors) for the full list of services and data locations.

The primary hosting providers are Hetzner, AWS and DigitalOcean. We use Vercel for the static website serving, Hetzner for API and background workers servers, AWS for database and object storage, DigitalOcean for caching.

## Where does botBrains run AI inference?

botBrains uses subprocessors to run AI inference. We enforce 3 requirements on all model hosting subprocessors:

1. **Data residency in the EU**\
   Data must be stored in the EU, and no third-country transfer may take place. We opt for Zero Data Retention Agreements where offered to minimize data retention. Context-caching and short-term caching for inference is allowed, but no long-term storage of data is permitted.
2. **Inference residency in the EU**\
   It's not sufficient to proxy from an EU-intake server to a non-EU inference server. Processing must happen in the EU.
3. **Model training is prohibited**\
   Model training on botBrains-sent data is prohibited.

We currently run inference on OpenAI Enterprise EU data and inference residency and have a Zero Data Retention Agreement in place. We also use Azure OpenAI Service with regional endpoints for EU-bound storage and inference. We also run inference via AWS Bedrock in Frankfurt.

## Is botBrains GDPR compliant?

Yes. botBrains supports GDPR and DSGVO compliance through EU data residency, a Data Processing Agreement, and documented security measures. See [GDPR](/trust/gdpr) for the full Q\&A.

## Is botBrains EU AI Act compliant?

The EU AI Act sets obligations for providers and deployers of AI systems. botBrains designs its AI agents to support these obligations, including the transparency requirement to make clear when users are interacting with an AI agent rather than a human. See [EU AI Act](/trust/ai-act) for details.

## Which subprocessors does botBrains use?

The current list, including each subprocessor's purpose and data location, is on the [Subprocessors](/trust/subprocessors) page.

## Is botBrains ISO 27001 or SOC 2 Type II certified?

We're preparing for ISO 27001. See [ISO 27001](/trust/iso-27001) for our ISMS and policies, and [Certification Roadmap](/trust/roadmap) for other standards.

## How do I request security documentation?

To request a signed agreement, a completed security questionnaire, our policies, or our [technical and organizational measures](/trust/toms), email [support@botbrains.io](mailto:support@botbrains.io).

## How do I report a security vulnerability?

See our [Responsible Disclosure Policy](/trust/policies/responsible-disclosure-policy) for how to report a vulnerability.
