Data Zones

Full control over where your data is processed.

Choose per chat where data is processed. From maximum data sovereignty in Germany to the most powerful models in European data zones.

Data zone: Deutschland

Everything stays in Germany.

Data processing exclusively in German data centres. Full anonymisation, no third-party access. Data never leaves German servers. Ideal for government agencies, the public sector, and organisations with the strictest compliance requirements.

Server locations: Frankfurt and Heilbronn, Germany

German data centres

Full anonymisation

No third-party access

Web search via dedicated search service

6 available text models

Mistral Small 24B

GPT-OSS 120B

Qwen3 VL 235B

CodeLlama 13B

Llama 3.3 70B

Llama 3.1 405B

1 available image model

FLUX.1 Schnell

Data zone: Frankreich

Top models from France.

Mistral models process requests in French data centres only temporarily for response generation. No permanent storage of inputs. Includes native web search - ideal for quick research and daily tasks.

Server location: Paris, France

French data centres

No permanent storage

Native web search included

5 available text models

Mistral Small

Mistral Medium 3

Mistral Large

Codestral

Devstral

Data zone: Europa

The most powerful AI models worldwide.

GPT-5.4, Claude Opus, Gemini, Nova, DeepSeek, Qwen, MiniMax, and Kimi - frontier and specialist models in European data zones. Processing runs in EU regions such as Frankfurt, Belgium, Ireland, or Stockholm. No data transfers to third countries.

Server locations: Frankfurt, Belgium, Ireland, Stockholm

EU regions for frontier models

EU Data Boundary

Web access included

21 available text models

GPT-5.4

ChatGPT-5

ChatGPT-5 Mini

ChatGPT-4.1

ChatGPT-5 Nano

Gemini 2.5 Pro

Gemini 2.5 Flash

Gemini 2.5 Flash-Lite

Claude Opus 4.6

Claude Sonnet 4.6

Claude Haiku 4.5

Nova Pro

Nova 2 Lite

Nova Lite

Nova Micro

DeepSeek V3.2

MiniMax M2.5

Qwen3 Coder 480B

Qwen3 VL 235B

Qwen3 Next 80B

Kimi K2.5

7 available image models

FLUX.2 Pro

Imagen 3 Fast

Imagen 3

Imagen 4 Fast

Imagen 4

Imagen 4 Ultra

Nova Canvas

Data zone: USA

US cloud with GDPR compliance.

Perplexity models with real-time web access on US infrastructure. Secured by EU Standard Contractual Clauses (SCCs) and GDPR-compliant data processing agreements. For use cases where maximum web research depth matters more than EU data residency.

Server location: USA

US infrastructure (Perplexity)

GDPR-compliant contractual basis (SCCs)

Real-time web search

Deep Research

4 available text models

Sonar

Sonar Reasoning Pro

Sonar Deep Research

Sonar Pro

1 available image model

GPT Image 2

Background

Storing data in the EU is not enough.

Physically storing data in Europe does not protect against US access. What matters is who can legally access the data.

CLOUD Act

US providers are legally required to hand over data to US authorities - even when servers are located in the EU.

Data Privacy Framework unstable

The EU-US DPF is under political and legal pressure. Key oversight mechanisms (PCLOB) have been weakened - a formal challenge like its predecessors Safe Harbor and Privacy Shield is considered likely.

No DPA on consumer plans

ChatGPT Plus, Claude Pro, and Gemini Advanced offer no DPA. Without a DPA: violation of Art. 28 GDPR.

Training on user data

ChatGPT and Claude train on consumer inputs by default. Opt-out is possible but not the default setting.

DPIA is mandatory for AI

The German DPA conference has placed AI processing on the official must-do list. Art. 35 GDPR requires a data protection impact assessment.

EU AI Act in effect

Since February 2025, Art. 4 applies: documented AI literacy obligation. From August 2026, high-risk obligations follow.

Compliance

Data protection from day one.

All required documents available immediately. Every requirement of the data protection officer is covered.

DPA available

Data processing agreement on request. Sub-processors transparently documented.

TOMs documented

Technical and organisational measures according to Art. 32 GDPR available for review.

No training on inputs

Inputs are used exclusively for response generation. Applies to all models in all data zones.

Server location verifiable

Data processing in the selected zone. User data stored in Frankfurt.

Checklist for the data protection officer

DPA available on request

TOMs documented per Art. 32 GDPR

Server location in EU/DE verified

No training on user data contractually guaranteed

Sub-processors transparently documented

Try for free

Frequently asked questions about data zones

Can different data zones be used within the same team?+

Yes. Each chat can have its own data zone. Within a team workspace, different members can use different zones.

What happens to data when the zone is changed?+

Stored data (chats, documents) remains in Frankfurt - regardless of the selected processing zone. Only the AI requests are processed in the selected zone.

Is web search in the German zone privacy-compliant?+

Yes. Web search in the German zone runs through a dedicated search service (Linkup), which only receives the search query - without access to the chat context or user data.

How does data sovereignty differ from data residency?+

Data residency only means that data is physically located in the EU. Data sovereignty goes further: it ensures that no third-country law (like the US CLOUD Act) can force access. Vantero uses exclusively non-US-based providers in the German zone.

Where is user data stored?+

All user data (chats, documents, account data) is stored in Frankfurt. The selected data zone only determines where AI requests are processed - not where data is permanently stored.

Ready for privacy-compliant AI?

Up and running in under 5 minutes. No IT project, no waiting.

Try for free