After Schrems II, using American cloud platforms is legally uncertain for European businesses. Canvos eliminates that risk entirely.
The Schrems II ruling by the European Court of Justice has fundamental consequences for every organisation using US cloud.
The Court ruled in 2020 that the EU-US Privacy Shield provides insufficient protection. Data transfers to the US have been legally uncertain since.
The US can compel American companies to hand over data, even when stored in the EU. This applies to Microsoft, Google, Amazon and all US providers.
US intelligence agencies may request data of non-American persons from US cloud providers without a court order.
The GDPR provides for fines up to 4% of annual turnover or €20 million. European supervisory authorities are increasingly enforcing on international data transfers.
Canvos is designed with GDPR as its foundation, not an afterthought.
All data is stored in Datacenter United, Ghent, Belgium. Data never leaves the EU. No replication to non-EU locations.
All processing takes place on European servers. AI inference locally via Ollama. No data sent to external cloud APIs.
Retention policies configurable per organisation. Automatic deletion after retention period. GDPR right to erasure built in.
Full account and data deletion on request. Automatic trash cleanup. Export capability for data portability.
Share this checklist with your DPO. Every point is verifiable.
Canvos offers a standard DPA in accordance with Article 28 GDPR, signed by a Belgian legal entity.
All data stays in Belgium. No sub-processors outside the EU. No CLOUD Act exposure.
36+ hardening measures, encryption at rest & in transit, rate limiting, CORS, CSP headers, input validation.
Data classification (4 levels), DLP rules, sharing policies, email policies, retention policies — all configurable and enforceable.
Structured logging on 130+ routes. Export in JSON, CSV or CEF. Monthly compliance reports per organisation.
Full account and data deletion on request. Retention policy with automatic cleanup built in.
Export all your data in standard formats. No vendor lock-in, no proprietary formats.
From network to application — Canvos implements security at every level.
TLS 1.3 in transit, AES-256 at rest. All communication between components encrypted. Email with mandatory TLS enforcement.
Role-based access, per-organisation isolation, SSO built in. No shared credentials, no cross-tenant data access.
Structured logging on 130+ routes. Who, what, when, result. Tamper-evident, exportable in 3 formats.
Rate limiting, CORS, CSP headers, input validation, SQL injection prevention, XSS protection. 36+ measures active by default.
Request a demo and discuss your GDPR requirements with our team. We will show you how Canvos simplifies your compliance.