Conversational Platform
Compliance
GDPR, EU AI Act, DORA, and Accessibility compliant – LoyJoy meets all regulatory requirements for enterprise chatbots.
LoyJoy offers you the assurance that every customer dialogue meets the highest legal standards – from the first click to archiving.
Why Compliance is Crucial Now
Stricter Regulations: The EU AI Act and DORA increase the demands for transparency and resilience.
Reputation Protection: Violations not only cost money but also trust.
Growing Customer Expectations: Accessible and data protection-friendly experiences are expected.
Legal Frameworks & How LoyJoy Complies
⚖️ GDPR
EU-only: Hosting exclusively in EU data centers, securely encrypted.
Privacy-by-Design: Data minimization, pseudonymization & encryption.
Consent-Aware Tracking: LoyJoy only starts after consent in the cookie banner.
⚖️ EU AI Act (Limited Risk)
Transparency Obligations Met: Notice banners & Explainable AI feature.
Model Freedom without vendor lock-in – compliant with Art. 53 para. 1 lit. d.
⚖️ DORA (Digital Operational Resilience Act)
End-to-end audit logs for all chat events.
Automated API Incident Notification via email.
⚖️ Accessibility according to the German Barrier-Free Strengthening Act (BfSG)
LoyJoy Web Component is screen reader compatible and standard-compliant HTML.
Keyboard navigation & high color contrast out-of-the-box.
Automated Accessibility Tests with every release.
Further Standards & Certificates
| Standard | Status at LoyJoy |
|---|---|
| ISO 27001 | Hosting provider certified |
| SOC 2 Type II | Hosting provider certified |
| OWASP ASVS v4 | Penetration test passed |
| WCAG 2.2 AA | Compliant |
Technical & Organizational Measures (TOMs)
Encryption: TLS 1.3 in transit, AES-128 at rest.
Role-Based Access Control & optional multi-factor authentication requirement.
Scheduled Penetration Tests.
Data Retention Policy with automatic deletion period.
Data Residency & Hosting
All customer data is stored exclusively in EU regions by our hosting provider. Redundant backups are kept in a separate data center within the EU. LoyJoy does not have access to your data unless you explicitly grant us permission.
Privacy by Design & Explainable AI
Explainable AI View: Source highlighting for every generated answer.
Anonymized Logs: Personal references are removed before storage.
Model-Switch-Log: Every LLM change is documented.
Audits & Reports
Customer Audit Portal: 24/7 access to reports and log exports.
External Audits: Annually by independent auditors (last report: April 2025).