Custodea exists because European businesses shouldn't have to choose between modern data tooling and legal certainty. Below is an honest, current account of how we run the platform — what's true today, what's in flight, and what we won't do.
All tenant data — connector credentials, raw extracts, the warehouse, backups, and audit logs — lives in EU data centres: primary capacity in Falkenstein, Germany and encrypted backups in Helsinki, Finland. No tenant byte ever leaves EU territory or transits a US-headquartered cloud.
Data is encrypted at rest with LUKS-managed AES-256 on each storage volume and encrypted in transit with TLS 1.3. Connector credentials are wrapped a second time with a KMS-style envelope; the unwrapping key never leaves the warehouse cluster.
You hold the keys. Credentials for each tool — your BI dashboard, dbt, your auditor's read-only access — are minted in Settings and revoked the same way.
We don't sell or share your data. We don't train models on it. We won't add a US sub-processor to make a feature ship faster. The product roadmap exists downstream of these constraints, not the other way around.
We're GDPR-compliant by default and sign a DPA with every customer at sign-up. ISO/IEC 27001 is planned for Q4 2026 and SOC 2 Type II is planned for 2027. The internal control framework is in place; what's still happening is the third-party audit.
We aim for a 1-hour internal acknowledgement and a 24-hour customer notification on any confirmed security incident affecting tenant data.