Launch offer: −20% off the Starter plan on top of your first free audit with code NEW20

Our AI approach

We don't guess.
We compute.

same input
0/100
A deterministic engine — not a chatbot. Run it again, same score.
Two engines

The scoring is rules. The writing is AI.

Treating regulation and prose as the same problem is how you end up with a number you can't defend. We keep them apart on purpose.

Engine 01 — Deterministic

The scoring engine. Not a model.

An expert rules engine encodes the exact text of EU Regulation 2024/1689 and the GDPR. It reads your answers and returns a risk tier and a /100 score by applying logic — never probability.

  • Reproducible— same answers always yield the same score, to the point.
  • Auditable— every point traces back to a specific article and answer.
  • Defensible— a regulator can follow the exact path to your classification.
  • No hallucination— there is no generation step, so nothing can be invented.
Engine 02 — Generative

The drafting layer. Mistral AI.

Once the score and obligations are fixed, a European GPAI provider drafts the narrative — summaries, recommendations and the prose of each mandatory document, structured to Annex V.

  • European model— Mistral AI, a GPAI provider, keeps generation inside the EU.
  • Pseudonymised input— direct identifiers are masked before anything is sent.
  • Constrained— it writes within the structure the rules engine already decided.
  • Verified— every output is checked article by article before you see it.
Before the model

What reaches Mistral, and what doesn't.

Your raw answers
email: jane@acme.eu
SIRET: 123 456 789
phone: +33 6 12 34 56 78
sector: recruitment
What Mistral receives
email: EMAIL_1
SIRET: SIRET_1
phone: PHONE_2
sector: recruitment
Direct identifiers are swapped for neutral tokens before anything leaves. The business context that makes generation possible — sector, use case — is the only thing the model ever sees.
Our line in the sand

Things we will never do.

Never #01

Train on your data

Your answers and documents are never used to train any model — ours or a provider's. Generation is a one-way request, not a contribution to a dataset.

Never #02

Score with a black box

We refuse to let a probabilistic model decide your risk tier. A score you can't trace is a score you can't defend before a regulator.

Never #03

Send data outside Europe

Storage is in Switzerland, generation runs on a European GPAI provider. Your data doesn't leave the continent to become training fuel.

A score you can defend.

Run the deterministic audit, see exactly how your classification is computed, then let the verified documents follow.

Start free audit
Our AI Approach — DILAIG