Privacy & GDPR by Design

Data protection is not an added feature in Queria. It is an architectural principle that has guided every design decision from the start. In a system that processes company documents with AI, confidentiality admits no compromise.

Multi-tenant architecture

Queria adopts a multi-tenant model with complete isolation between organizations:

Data separation

Each company operates in a fully isolated space. Documents, conversations, settings and search models of one organization are never accessible from another.

Isolation occurs at multiple levels:

Separate vector collections: each company has its own collection in the vector database. The embeddings of one organization exist in a completely distinct dimensional space.
Isolated relational data: each record in the database is associated with a company identifier. Queries automatically apply isolation filters.
Dedicated Knowledge Bases: curated knowledge bases are private per organization.
Conversations and history: interaction history is visible only inside the owning organization.

No cross-tenant contamination

The isolation principle extends to the semantic level. Because every company uses a dedicated vector collection, searches can never return fragments of documents belonging to other organizations. There are no shared indexes nor common embedding spaces.

Local AI processing

This is a fundamental differentiator: Queria's AI models run on dedicated local infrastructure.

No data sent to third parties

Company documents are never transmitted to cloud generative AI services. Not to American services, not to European services, not to any external provider. Processing happens entirely on infrastructure controlled by the organization.

This means:

No training on company data: AI models do not learn from the documents they process. There is no risk that confidential information ends up incorporated into model parameters and potentially exposed to other users.
Full data sovereignty: the organization retains total control over where its data lives and who can access it.
Compliance with restrictive corporate policies: organizations with strict security requirements can adopt Queria without exceptions to their data protection policies.

Custom LLM option

For organizations that prefer to use their own AI provider, Queria offers the ability to configure a custom external endpoint. In this case:

API keys are encrypted at rest with AES-256-GCM
The endpoint is validated before activation
The organization directly manages the relationship with the chosen provider
Queria only routes requests without storing responses from the external model

Data protection

Encryption

Sensitive data is protected with AES-256-GCM encryption, the standard used by financial and government institutions:

Company API keys encrypted at rest
Integration credentials with external services protected
Encryption keys managed with periodic rotation

Authentication and authorization

System access is protected by a multi-layer security model:

JWT (JSON Web Token): user session authentication with configurable expiration
API Key: authentication for programmatic integrations and widgets
Roles and permissions (RBAC): granular role-based access control
- System administrator
- Company administrator
- Operator
- Basic user
Topic-level permissions: it is possible to limit access to specific document categories per role or user

Input protection

Every input received by the system goes through:

Sanitization: removal of potentially harmful content (XSS, injection)
Validation: verification of formats and size limits
Rate limiting: per-user and per-organization frequency limits, to prevent abuse

Queria natively implements the principles of the General Data Protection Regulation:

Right to be forgotten (Art. 17)

The organization can request the complete deletion of all associated data:

Soft delete: data is marked as deleted and made inaccessible, retained for a configurable period for possible restoration
Hard delete: permanent and irreversible deletion from all archives, including relational database, vector database and file system
Deletion automatically propagates to all connected systems

Data portability (Art. 20)

The organization can export all its data in standard formats readable by other platforms. The export includes original documents, metadata, conversations and configurations.

Data minimization (Art. 5.1.c)

The system collects and retains only data strictly necessary to operate the document intelligence service. No behavioral data, personal preferences or information unrelated to the processing purpose is collected.

Purpose limitation (Art. 5.1.b)

Uploaded data is used exclusively to provide the search and document analysis service. It is not used for profiling, marketing, model training or any other undeclared purpose.

Processing records

The system maintains audit logs documenting data accesses, performed operations and deletions. These logs do not contain personal data (PII) and are available for compliance verifications.

Operational security

Secure file storage

Uploaded documents are stored with:

Restrictive file system access permissions
Per-organization separate path organization
File integrity verification at processing time

No personal data in logs

System logs are designed to exclude personally identifiable information. Error messages and diagnostic traces contain only technical identifiers, never document contents, user names or other personal data.

Rate limiting and abuse protection

The system implements multi-level usage limits:

Per-user limits (requests per minute)
Per-organization limits (requests per minute, daily volume)
Per-endpoint limits (protection against targeted attacks)
Limits configurable based on subscription plan

A no-compromise approach

The choice to run AI models on local infrastructure has a cost in operational complexity. But for organizations handling confidential documents, contracts, financial data, patient information or intellectual property, this cost is largely justified by the certainty that their data never crosses the boundaries of the controlled infrastructure.

In an era when most AI services require sending data to the cloud, Queria offers an alternative that doesn't force you to choose between artificial intelligence and confidentiality.

Privacy & GDPR by Design ​

Multi-tenant architecture ​

Data separation ​

No cross-tenant contamination ​

Local AI processing ​

No data sent to third parties ​

Custom LLM option ​

Data protection ​

Encryption ​

Authentication and authorization ​

Input protection ​

GDPR compliance ​

Right to be forgotten (Art. 17) ​

Data portability (Art. 20) ​

Data minimization (Art. 5.1.c) ​

Purpose limitation (Art. 5.1.b) ​

Processing records ​

Operational security ​

Secure file storage ​

No personal data in logs ​

Rate limiting and abuse protection ​

A no-compromise approach ​