Security & Compliance

Enterprise security and regulatory compliance, by design.

Ellis is built to meet the bar of European insurers, their regulators, and their DPOs. This page is intended to be read end-to-end — no surprises.

Compliance posture

Three commitments, made explicit.

EU processing

Data stays in the EU.

All claim data is processed in the European Union (Belgium and Germany), fully encrypted in transit and at rest. No transfer outside the EEA in the standard configuration.

No training on your data

Your data is yours.

We guarantee that neither Ellis nor any sub-processor re-trains models on your claim data. The configuration that makes this true is documented and verifiable.

AI Act & GDPR

Aligned with European regulation.

Our approach to automated decision-making is designed to comply with GDPR Article 22 and the EU AI Act. Off-the-shelf consent and disclaimer templates are provided to support deployment.

Data handling

Tenant isolation, human oversight, minimal retention.

Data segregation

Isolated, dedicated environments.

Each client's system runs on isolated, fully dedicated infrastructure. No shared production data, ever. IAM is scoped per tenant.

Human oversight

Calibration is monitored.

Calibration and roll-out of the decision engine are monitored by named human experts on our side. Every threshold change is auditable and reversible.

Purging

Non-essential data is purged on closure.

Sensitive data that is no longer required for audit or regulatory purposes is removed from our systems once a claim is closed.

Security controls

ISO 27001-compliant ISMS.

Our Information Security Management System is compliant with ISO 27001.

Encryption at rest and in transit, with separate key management

MFA enforced for all employees, including contractors

Cryptographic key rotation on a defined schedule

IAM on least-privilege principle, with restricted access to encrypted data

Production secrets managed in a dedicated secrets manager, isolated from application code

Workload Identity Federation for CI/CD pipelines

Network firewalls and private VPC segmentation

Separated environments (dev, staging, production)

Single-tenant infrastructure — each client runs on fully dedicated, isolated resources

Logging and monitoring on all production services

Quarterly access reviews and offboarding controls

Vulnerability scanning and dependency monitoring

Annual penetration testing by an independent firm

Risk register maintained and reviewed on a defined cadence, with named owners per risk

Continuous improvement loop — findings from audits, incidents, and evals feed back into the ISMS

Clear ownership and accountability for every control, with documented escalation paths

This is not an exhaustive list. Contact the team for a full security overview, including sub-processor documentation and our complete controls inventory.

AI safety

AI-specific risks, handled separately from generic infosec.

Explainability

Full per-agent rationale.

Every piece of AI analysis is underpinned by a transparent rationale. Decisions are reconstructible end-to-end from agent logs.

LLM Shield

Defended against prompt injection.

Agents are protected against prompt injection, model drift, and inference variability. Inputs from claimants and external systems pass through hardened pre-processors.

Automated evals

Regression-tested before production.

Every change to a prompt, agent, or rule passes an automated evaluation suite before it can be promoted. No silent regressions.

Bring your security and compliance team.

We're happy to spend the first part of our call working through your security questionnaire — line by line.

Talk to the founders