The Synergy Group AG
EN DE FR IT
Book Consultation

Trust Centre

Transparency about how we protect your data, govern our AI systems, and comply with Swiss and European regulations.

Swiss Data Hosting nDSG Compliant GDPR Aligned AI Governance Framework ISO 27001 Self-Assessed
Verified Swiss Sovereign

Swiss Data Sovereignty

100% of production data hosted on Exoscale Zurich (ch-dk-2 zone). Swiss company, Swiss data centres. No AWS, Azure, or GCP for production workloads.

  • Exoscale SKS (Managed Kubernetes) — Zurich region
  • Encryption at rest (volume encryption, Vault-encrypted secrets)
  • TLS 1.3 on all endpoints, HSTS enforced
  • No US cloud dependency

Security & Compliance

Enterprise security controls mapped to ISO 27001 Annex A categories. Self-assessed with external penetration testing.

  • HashiCorp Vault for secrets management
  • Security headers (HSTS, CSP, X-Frame-Options)
  • Wordfence WAF on all WordPress sites
  • Annual external penetration testing
  • Automated deployment guardrails (file size, duplicate detection, syntax validation)

AI Governance Framework

52 autonomous agents governed by 10 constitutional rules. Aligned with ISO 42001:2023 (AI Management System).

  • 10 immutable rules validated before every agent action
  • Human-in-the-loop for all critical decisions
  • Dual AI review (Claude + Grok) for design evaluations
  • Audit trail: every agent action logged with reasoning
  • No training on client data (opted out at all AI providers)

Data Protection (nDSG / GDPR)

Compliant with Swiss new Federal Act on Data Protection (nDSG) and aligned with EU GDPR.

  • Data minimisation — only collect what's needed
  • 72-hour breach notification (nDSG Art. 24)
  • Right of access, portability, and erasure supported
  • DPA templates available for enterprise clients

Monitoring & Observability

Real-time monitoring of all 52 agents with automated alerting.

  • Prometheus metrics scraping per-agent
  • Grafana dashboards (agent health, throughput, cost)
  • Circuit breakers prevent cascading failures
  • Post-deployment health verification

Incident Response

Structured incident response with automated detection, containment, and post-incident analysis.

  • Automated detection via Prometheus + Wordfence
  • Circuit breaker isolation for affected agents
  • Root cause analysis documented
  • 84 encoded lessons from past incidents

Data Protection — Full Compliance Documentation

We comply with the revised Swiss Federal Act on Data Protection (revFADP / nDSG) and the EU GDPR. The following documents are maintained internally and reviewed quarterly by our Data Protection Compliance Agent (AZ-DP-COMPLIANCE-001).

I nDSG Art. 12 · GDPR Art. 30

Records of Processing Activities

Catalogue of every processing activity, legal basis, retention period, and recipient. Required by nDSG Art. 12 and GDPR Art. 30.

Reviewed quarterly
II nDSG Art. 22 · GDPR Art. 35

Data Protection Impact Assessment

Risk assessment of the StarGate agent fleet covering 10 risk categories with mitigations. Required by nDSG Art. 22 and GDPR Art. 35.

Reviewed quarterly
III nDSG Art. 25–32 · GDPR Art. 15–21

Subject Rights Procedure

Documented workflow for handling access, rectification, erasure, portability and objection requests within the 30-day SLA.

Reviewed quarterly
IV nDSG Art. 24 · GDPR Art. 33–34

Breach Notification Procedure

Detection, containment, FDPIC notification and post-incident review workflow. Risk-classed thresholds for regulator and subject notification.

Reviewed quarterly
V nDSG Art. 16–17 · GDPR Ch. V

International Transfers Register

Every external service that may receive personal data, the destination country, the legal safeguards (SCCs), and supplementary technical measures applied.

Reviewed quarterly
VI Autonomous Monitoring

Compliance Monitoring Agent

AZ-DP-COMPLIANCE-001 runs daily compliance scans, computes a 0–100 compliance score, and flags drift across documents, integrations, and DSR/breach SLAs.

Reviewed quarterly

Documents are available on request from our Data Protection Contact: andre@thesynergygroup.ch

Certified by The Synergy Group AG, CHE-497.254.492

Security & Data Protection Inquiries

For data protection requests (access, erasure, rectification, portability), breach reports, or compliance documentation requests:

andre@thesynergygroup.ch

Response within 30 days. We comply with revFADP (nDSG) and EU GDPR. Formal ISO 27001 certification available on request for enterprise contracts.

Scroll to Top