Security & Trust

Your data stays yours.

Prevector Studio is built for firms that handle sensitive financial data. Dutch-hosted, EU-compliant, and designed so your client data never trains an AI model.

EU-hosted, Dutch-stored

All client data at rest, trial balances, reports, exports, is stored in the Netherlands on EU-based cloud infrastructure. AI text generation is processed by a provider certified under the EU-US Data Privacy Framework, with contractual guarantees that your data is never used for model training.

Isolated multi-tenant design

Each firm's data is logically isolated with strict access boundaries. No data is shared or visible across tenants. Role-based access controls ensure only authorised team members see what they should.

Zero LLM training on your data

All data is processed and stored within the Netherlands on EU-based cloud infrastructure. Your client financial data never leaves Dutch jurisdiction. This simplifies compliance with Dutch privacy regulations and sector-specific data handling requirements.

EU AI Act ready

Prevector Studio is designed with the EU AI Act's requirements in mind. We maintain transparency on AI decision-making within the platform, provide human oversight at every workflow step, and document our AI systems in line with the Act's risk-based framework.

NL GAAP & SBR compliant output

Every generated statement is built on structured NL GAAP (RJ) knowledge. iXBRL tagging follows the Dutch Taxonomy for SBR filing. The output is designed to meet the same standards you'd apply to manually prepared reports.

ISO-certified infrastructure

Prevector runs on cloud infrastructure certified to ISO 27001, ISO 27017, and SOC 2. We leverage the security investments of enterprise-grade providers rather than rolling our own, because your data deserves infrastructure that's been audited, not just configured.

FAQ

Your questions answered.

Everything you need to know about data security for Prevector Studio

Where is my data stored?

All data at rest, your trial balances, generated statements, exports, and audit logs, is stored in the Netherlands on ISO 27001-certified cloud infrastructure. When AI generates text (accounting policies, disclosure narratives), data is transmitted to our AI provider under the EU-US Data Privacy Framework with strict contractual safeguards. Your data is never used for model training.

Can I get a data processing agreement (DPA)?

Yes. Every Studio client signs a Data Processing Addendum (DPA) as part of onboarding, it's a standard part of the agreement, not an optional extra. The DPA covers sub-processors, international transfers, security measures, breach notification, and data retention. Contact us at privacy@prevector.ai to request a copy in advance.

How is data separated between firms?

Prevector uses a multi-tenant architecture with strict logical isolation. Each firm's data is separated at the application and database level. No data is shared or accessible across tenants.

What happens to my data if I cancel?

After cancellation, you can request an export of your data within 30 days. We retain data for up to seven years in line with Dutch statutory requirements (the same retention period that applies to your own financial records). After the retention period, data is permanently deleted. You can request earlier deletion at any time, subject to statutory obligations.

Who has access to my data within Prevector?

Access to production data is restricted to essential operations personnel only, under strict access controls and audit logging. We follow the principle of least privilege.

How does Prevector comply with the EU AI Act?

Prevector Studio is designed with human oversight at every step, AI generates drafts and mappings, but you review, adjust, and approve all output before export. Every AI decision is logged with a full audit trail: which model was used, what it was asked, and what it produced. All financial figures are computed by our deterministic engine, not by AI. We maintain documentation on our AI systems in line with the Act's risk-based framework.

FAQ

Your questions answered.

Everything you need to know about data security for Prevector Studio

Where is my data stored?

All data at rest, your trial balances, generated statements, exports, and audit logs, is stored in the Netherlands on ISO 27001-certified cloud infrastructure. When AI generates text (accounting policies, disclosure narratives), data is transmitted to our AI provider under the EU-US Data Privacy Framework with strict contractual safeguards. Your data is never used for model training.

Can I get a data processing agreement (DPA)?

Yes. Every Studio client signs a Data Processing Addendum (DPA) as part of onboarding, it's a standard part of the agreement, not an optional extra. The DPA covers sub-processors, international transfers, security measures, breach notification, and data retention. Contact us at privacy@prevector.ai to request a copy in advance.

How is data separated between firms?

Prevector uses a multi-tenant architecture with strict logical isolation. Each firm's data is separated at the application and database level. No data is shared or accessible across tenants.

What happens to my data if I cancel?

After cancellation, you can request an export of your data within 30 days. We retain data for up to seven years in line with Dutch statutory requirements (the same retention period that applies to your own financial records). After the retention period, data is permanently deleted. You can request earlier deletion at any time, subject to statutory obligations.

Who has access to my data within Prevector?

Access to production data is restricted to essential operations personnel only, under strict access controls and audit logging. We follow the principle of least privilege.

How does Prevector comply with the EU AI Act?

Prevector Studio is designed with human oversight at every step, AI generates drafts and mappings, but you review, adjust, and approve all output before export. Every AI decision is logged with a full audit trail: which model was used, what it was asked, and what it produced. All financial figures are computed by our deterministic engine, not by AI. We maintain documentation on our AI systems in line with the Act's risk-based framework.

FAQ

Your questions answered.

Everything you need to know about data security for Prevector Studio

Where is my data stored?

All data at rest, your trial balances, generated statements, exports, and audit logs, is stored in the Netherlands on ISO 27001-certified cloud infrastructure. When AI generates text (accounting policies, disclosure narratives), data is transmitted to our AI provider under the EU-US Data Privacy Framework with strict contractual safeguards. Your data is never used for model training.

Can I get a data processing agreement (DPA)?

Yes. Every Studio client signs a Data Processing Addendum (DPA) as part of onboarding, it's a standard part of the agreement, not an optional extra. The DPA covers sub-processors, international transfers, security measures, breach notification, and data retention. Contact us at privacy@prevector.ai to request a copy in advance.

How is data separated between firms?

Prevector uses a multi-tenant architecture with strict logical isolation. Each firm's data is separated at the application and database level. No data is shared or accessible across tenants.

What happens to my data if I cancel?

After cancellation, you can request an export of your data within 30 days. We retain data for up to seven years in line with Dutch statutory requirements (the same retention period that applies to your own financial records). After the retention period, data is permanently deleted. You can request earlier deletion at any time, subject to statutory obligations.

Who has access to my data within Prevector?

Access to production data is restricted to essential operations personnel only, under strict access controls and audit logging. We follow the principle of least privilege.

How does Prevector comply with the EU AI Act?

Prevector Studio is designed with human oversight at every step, AI generates drafts and mappings, but you review, adjust, and approve all output before export. Every AI decision is logged with a full audit trail: which model was used, what it was asked, and what it produced. All financial figures are computed by our deterministic engine, not by AI. We maintain documentation on our AI systems in line with the Act's risk-based framework.

Founded by a Dutch Chartered Accountant

Questions about security or compliance?

We're happy to walk you through our security architecture, provide a DPA, or discuss specific compliance requirements for your firm.

Schedule a demo

Schedule a demo

Founded by a Dutch Chartered Accountant

Questions about security or compliance?

We're happy to walk you through our security architecture, provide a DPA, or discuss specific compliance requirements for your firm.

Schedule a demo

Schedule a demo

Founded by a Dutch Chartered Accountant

Questions about security or compliance?

We're happy to walk you through our security architecture, provide a DPA, or discuss specific compliance requirements for your firm.

Schedule a demo

Schedule a demo