AI governance at Ansvar — how we actually operate.
Auditable AI requires honest operating posture. Here's how we handle model access, data retention, training, and the citation pipeline that sits between the model and its sources.
Model access (bring your own AI client)
Ansvar runs no server-side AI model. You connect your own AI client — Claude Desktop, Microsoft Copilot Studio, Cursor, or a custom MCP client — to the gateway over OAuth 2.1. Model traffic flows directly from your client to your model provider; Ansvar never sees, stores, or proxies it, and never holds your model keys.
Training on customer data
We do not train, fine-tune, or evaluate any model on customer data. Uploaded documents, query text, and citation metadata are used only to serve the user's own workflow. Your model provider's retention terms apply to the traffic between your AI client and that provider — a path Ansvar is not on.
Citation validation pipeline
Every citation that leaves the gateway passes through a deterministic (non-model) validation pipeline: article numbers are resolved against corpus indexes, paragraph anchors are checked, URLs are verified to return the cited text. Failed citations are shown as unavailable, not silently dropped or fallen back to AI guesswork.
Retrieval transparency
Our standalone legal connectors carry Apache 2.0 code and go public only where their source-licensing audit returns GREEN — inspect them at github.com/Ansvar-Systems. You can audit how each one reaches its source; the chassis that serves them in production, and the licensed data itself, stay private.
Data residency
Infrastructure runs on Hetzner in the EU. Cloudflare provides edge and TLS termination in front, under SCCs and the EU-US Data Privacy Framework — the same disclosure our Terms make. Model traffic flows directly from your AI client to your model provider and does not cross our infrastructure. Audit logs stay in-region.
Model versions and determinism
Model choice and version are set in your AI client, not by Ansvar — there is no Ansvar-side model to pin. What Ansvar controls is deterministic: retrieval, cross-referencing, and citation validation return the same sources for the same question across runs.
Questions? Security overview covers procurement-grade architecture. For a written answer to a specific question, contact team@ansvar.eu.