Built to handle regulatory data responsibly

Technical documentation is among the most sensitive material a manufacturer holds. ReGentra is designed so that this data stays in the EU, under access controls and encryption, with retention and erasure handled on the user's terms.

The Approach

Data protection by design

A regulatory engine only earns trust if the data it processes is handled with the same seriousness as the output it produces.

ReGentra processes technical documentation under principles drawn from the EU GDPR: data is hosted within the EU, collected only where needed, retained only as long as needed, and removed on request. Access is protected, isolated per account, and encrypted throughout.

These are not bolted-on features. Authentication, tenant isolation, retention windows, and audit logging were part of the architecture from the start — because for this kind of material, security cannot be an afterthought.

What's in place

How your data is protected

The controls that govern where data lives, who can reach it, and how long it stays.

Hosting

EU data residency

The application and its data are hosted within the European Union. Technical documentation does not leave EU infrastructure in the course of normal operation, keeping processing within a single, known jurisdiction.

Data protection

GDPR-aligned handling

Data is collected only where it serves a purpose, retained only as long as needed, and removed on request. Retention windows are explicit, and right-to-erasure is supported as a first-class operation, not a manual exception.

Access

Authentication & access control

Accounts are protected with hashed credentials and email-based two-factor authentication. Access is role-aware, and no account can reach data it was not granted — confirmed at the application layer on every request.

Isolation

Strict tenant isolation

Each organization's data is isolated from every other. Documents, audits, and findings are scoped to their owner, so one account's material is never visible or retrievable by another.

Encryption

Encrypted at rest and in transit

Data is encrypted in transit over TLS and at rest on disk. Stored documents and database contents remain protected even at the storage layer, beyond application-level access controls.

Accountability

Audit logging

Security-relevant actions — authentication, access, and changes to data — are logged. The record supports traceability and accountability, and underpins the usage and retention controls applied to each account.

These controls are not independent features — they form a single boundary. Hosting determines jurisdiction. Encryption protects what's stored. Isolation prevents cross-access. Authentication gates who enters. Logging records what happened. Retention governs how long it stays. Together, they define the full lifecycle of every document in the system.

Data Lifecycle

From upload to deletion

Every document follows the same controlled path — with retention and erasure built in, not bolted on.

Upload
Encrypted in transit
Process
Runtime inference only
Store
Encrypted at rest
Retain
Explicit time window
Erase
On request or expiry
Document contents are used for runtime inference only — they are never sent to model training. When AI processes a document, it does so within a single session boundary. The data informs the response; it does not become part of the model.

"Sensitive regulatory data deserves to be handled in one known jurisdiction, under clear controls, with deletion always on the table."

Hosted in the EU. Encrypted throughout. Removed on request.

Request Access

Questions about how your data is handled? Leave your details and we'll reach out with access information.

Request Access