Home/Trust Center/Data Protection
TRUST CENTER

Data Protection & Compliance

GDPR governance, AI regulation alignment, subprocessor transparency, and operational traceability.

Data Governance & GDPR

366 is operated in alignment with the principles of the General Data Protection Regulation (GDPR).

Roles and responsibilities are clearly defined:

Data Controller

The Customer

For the data it uploads and processes within the platform

Data Processor

SCRIPTOR-ARTIS SAS (operator of 366)

In accordance with applicable contractual provisions

A Data Processing Agreement (DPA) is available to govern:

  • processing instructions;
  • technical and organizational security measures;
  • engagement of subprocessors;
  • data breach notification procedures;
  • data reversibility and deletion obligations.

Subprocessors & AI Model Providers

366 may rely on:

  • European cloud infrastructure providers;
  • European inference service providers;
  • third-party AI model providers (OpenAI, Anthropic, Google, Mistral AI, Meta, etc.).

Infrastructure providers act as subprocessors for hosting, storage, and compute services required for the operation of 366.

Where AI models are provided by SCRIPTOR-ARTIS SAS, relevant third-party AI model providers act as subprocessors for the execution of inference requests initiated by the customer.

Where a customer configures its own external AI provider (e.g., via its own API credentials), such provider acts under the customer's responsibility and contractual framework.

Where certain providers operate outside the European Union, appropriate contractual safeguards are implemented in accordance with GDPR requirements.

Artificial Intelligence Regulation (EU AI Act)

366 is designed to align with emerging regulatory requirements under the EU AI Act.

As a provider of professional AI systems, 366:

  • maintains a structured quality management approach;
  • documents its technical architecture and components;
  • maintains technical logs where applicable;
  • integrates human oversight principles;
  • monitors regulatory developments related to high-risk AI systems.

Customers remain responsible for ensuring that their specific use cases comply with applicable regulatory obligations.

Operational Resilience

366 governance incorporates operational resilience principles, including:

  • structured incident classification;
  • defined escalation processes;
  • continuous supervision and monitoring;
  • formal documentation of technical procedures;
  • business continuity mechanisms.

Detailed documentation may be shared under NDA where appropriate.

Transparency & Traceability

366 integrates:

  • technical event logging;
  • structured incident tracking;
  • usage monitoring metrics;
  • documented support workflows.

The official support portal, TyR™, serves as the centralized ticketing and traceability platform for customer requests and incident management.

Customer Support Portal (TyR)

Additional Documentation

The following documentation is available upon request under NDA:

Full Data Processing Agreement (DPA)

Complete contractual framework for data processing

Subprocessor List

Current list of authorized subprocessors and their roles

AI Regulatory Documentation

EU AI Act alignment documentation and quality management

Detailed Security Procedures

Access control, encryption, and vulnerability management

Governance & Update Commitments

Update cycles, security governance, and compliance roadmap

Request access under NDA

Available to customers, prospects in evaluation, and auditors. We typically respond within 48 hours.

Also in the Trust Center

Security Overview

Architecture, hosting, and AI governance

Reliability & Continuity

Uptime, SLAs, and disaster recovery

Data Protection & Compliance — 366