Iteration Layer supports GDPR-sensitive workflows with EU-hosted infrastructure, transient content processing, processor terms, and transparent subprocessors.
What Is The GDPR Posture
Iteration Layer is designed to support GDPR-sensitive processing through EU-hosted infrastructure, transient content processing, Privacy Policy, Data Processing Agreement, subprocessor transparency, and data-subject rights processes.
For formal language, use the Privacy Policy and Data Processing Agreement. This docs page is a technical summary, not a substitute for legal review.
Is Iteration Layer Formally GDPR Certified
Iteration Layer does not provide a formal GDPR certification certificate.
GDPR compliance depends on legal basis, controller and processor roles, contracts, subprocessors, retention, and the customer’s workflow. Review Privacy Policy and Data Processing Agreement, then evaluate your own use case with counsel where needed.
What Is The EU AI Act Posture
Iteration Layer does not provide a blanket EU AI Act conformity assessment for every customer workflow.
Iteration Layer provides infrastructure and APIs that customers may use inside their own AI systems or workflows. The final EU AI Act role, risk category, transparency duty, and human oversight requirement can depend on the customer’s application, domain, deployment context, and downstream use.
What Certifications Are Not Claimed
Iteration Layer does not currently provide these third-party certifications or attestations.
| Certification or Attestation | Current Status |
|---|---|
| SOC 2 | No report available today |
| ISO 27001 for Iteration Layer as an organization | No certificate available today |
| ISO 42001 for Iteration Layer as an organization | No certificate available today |
| BSI C5 | No attestation available today |
| HIPAA compliance or BAA availability | Not offered today |
| Independent penetration test completed | No public report available today |
What Infrastructure Certification Can Be Referenced
Iteration Layer runs on certified European infrastructure. Hetzner’s data centers and cloud services are covered by ISO/IEC 27001:2022 and BSI C5:2020 Type 2.
For example, a hosting provider certificate is not the same as an Iteration Layer organizational certification. Procurement teams should distinguish Hetzner infrastructure evidence from Iteration Layer audit evidence.
What Should Customers Review For Their Own Compliance
Customers should review their full workflow, legal basis, retention policy, webhook destination, downstream storage, user access, and human review process.
Iteration Layer can reduce the number of processing vendors in a workflow, but customer compliance also depends on what happens before the API request and after the API response.