Data Protection & Compliance

366 is operated in alignment with the principles of the General Data Protection Regulation (GDPR).

Roles and responsibilities are clearly defined:

A Data Processing Agreement (DPA) is available to govern:

• •processing instructions;
• •technical and organizational security measures;
• •engagement of subprocessors;
• •data breach notification procedures;
• •data reversibility and deletion obligations.

366 may rely on:

• •European cloud infrastructure providers;
• •European inference service providers;
• •third-party AI model providers (OpenAI, Anthropic, Google, Mistral AI, Meta, etc.).

These entities act as subprocessors, strictly for the execution of inference requests initiated by the customer.

Where certain providers operate outside the European Union, appropriate contractual safeguards are implemented in accordance with GDPR requirements.

366 is designed to align with emerging regulatory requirements under the EU AI Act.

As a provider of professional AI systems, 366:

• •maintains a structured quality management approach;
• •documents its technical architecture and components;
• •maintains technical logs where applicable;
• •integrates human oversight principles;
• •monitors regulatory developments related to high-risk AI systems.

366 governance incorporates operational resilience principles, including:

• •structured incident classification;
• •defined escalation processes;
• •continuous supervision and monitoring;
• •formal documentation of technical procedures;
• •business continuity mechanisms.

Detailed documentation may be shared under NDA where appropriate.

366 integrates:

• •technical event logging;
• •structured incident tracking;
• •usage monitoring metrics;
• •documented support workflows.

The official support portal, TyR™, serves as the centralized ticketing and traceability platform for customer requests and incident management.

The following documentation is available upon request under NDA: