Privacy & EU Hosting
How Kasimir delivers GDPR compliance, EU hosting and data sovereignty — from self-hosted models to the non-EU gate and cookie consent.
Kasimir was built from the ground up for the German mid-market: GDPR-compliant, with clear data sovereignty and a default mode of operation in which your content never leaves the EU. This page explains where your data is processed, how to tell which AI model writes data where, how administrators control access, and which legal building blocks (DPA, cookie consent, privacy policy) are wired into the product.
The sovereignty principle in brief
Kasimir assigns every AI model to exactly one of three "sovereignty tiers". This classification governs whether data leaves the EU — and it is surfaced everywhere in the product.
Tier | Meaning | Where processed | Data leaves EU? |
|---|---|---|---|
| Runs on Kasimir's own servers — the most sovereign option, the default | EU (Hetzner, Germany) | No |
| EU region, but via a third-party processor | EU (Azure AI Foundry / Microsoft) | No |
| Processed outside the EU — only available after opt-in | Outside the EU (e.g. xAI/US, DeepSeek/China) | Yes |
The default is maximum sovereignty. The pre-selected chat model (Gemma) is self-hosted and runs exclusively on the EU infrastructure in Germany. Non-EU models are technically disabled until an administrator explicitly enables them.
Where your data lives
The core of Kasimir is self-operated on servers in Germany (Hetzner, Falkenstein). It holds:
Database, login and sessions — self-hosted Supabase (
api.kasimir.ai)File storage — uploaded documents, chat attachments and audio recordings
AI routing — the LiteLLM proxy through which every chat and embedding request flows
Vector embeddings —
BAAI/bge-m3, also self-hostedAudio transcription —
faster-whisperfor the voice and meeting featuresWeb search — a self-operated SearXNG instance (no requests to US search services)
A few features use external processors under standard contractual clauses: Cloudflare (CDN, DDoS protection, TLS, bot protection via Turnstile), SendGrid/Twilio (transactional email) and — only with consent — Google Analytics. The full list with legal bases is in the privacy policy at /privacy.
All connections to Kasimir are TLS-encrypted (recognizable by the padlock icon and https:// in the address bar), at both the origin and the edge.
Spotting the sovereignty tier in chat
You don't need any provider knowledge — Kasimir shows the data-processing location right on the model.
In the model picker
When you open the model picker in the chat composer, every model carries a badge:
A green
EUbadge for self-hosted and EU-cloud modelsAn amber
Non-EUbadge for models that process data outside the EU
Hovering a model opens a detail panel with provider, context window, vision support and a Data processing section. It states in plain language where the data ends up:
Processed on Kasimir's own servers in the EU(shield icon, green)Processed in the EU · Azure AI Foundry (Microsoft)(EU globe icon, blue)Processed outside the EU – data leaves the EU(warning triangle, amber)
In the composer hint
If you've selected a model that isn't self-hosted, the composer also shows a hint:
For EU-cloud models:
Processed in the EU via Azure Foundry (Microsoft)For non-EU models (warning tone):
Note: processed outside the EU – data leaves the EU
For the default (self-hosted) model no hint appears by design — everything is sovereign here.
Non-EU models: per-company opt-in
Stronger international models (e.g. xAI's Grok or DeepSeek) can be useful, but they process data outside the EU. That's why in Kasimir they are hidden entirely by default and must be enabled per company.
How to enable them (administrators only)
Open
Administration→Chat settings.Tick the
Allow non-EU modelscheckbox.Save.
The hint text makes the consequence unambiguous: "Enables stronger models hosted outside the EU (e.g. Grok/xAI US, DeepSeek China). Chat data then leaves the EU — not GDPR-sovereign. Off by default."
While this option is off, non-EU models appear neither in the picker nor can they be reached via the API. The lock is double-enforced: the picker hides the models, and the server rejects any hand-crafted request to a non-EU model with a 403 error. There is no way for a regular user to bypass the gate.
What enabling changes
With Allow non-EU models on, the enabled models appear in the picker for all employees — each carrying the Non-EU badge and the composer warning hint. The individual user then makes a conscious choice to use such a model for a given conversation. Self-hosted and EU-cloud models remain available at all times and stay the default.
Data Processing Agreement (DPA)
For production use with real personal data you enter into a Data Processing Agreement (DPA) with Kasimir under Art. 28 GDPR. It is built right into the product.
Open
Administration→DPA.The agreement is pre-filled with your company details and fully readable.
Use
Download as HTMLto keep a copy for your records.To execute it, tick the confirmation statement and click
Accept DPA now.
After acceptance the page shows status Signed with the name, email, timestamp and version number of the signing person.
Only the owner of the company account can accept the DPA — all other administrators can read the agreement but, instead of the button, see a note that only the owner may sign. Until acceptance, the page states that signing is required before production use with real personal data.
Cookies & consent
Kasimir sets only the bare minimum without consent and loads everything else only after your active opt-in — in line with the TTDSG and GDPR.
Three cookie categories
Category | Contents | Consent required? |
|---|---|---|
| Login session, language preference, dark mode | No (always on) |
| Google Analytics — pseudonymous reach measurement | Yes |
| no tools active at this time | Yes |
How the banner works
On your first visit the banner We respect your privacy appears with three equally prominent options: Accept all, Reject and Settings. Settings opens the per-category toggles — and the non-necessary ones are not pre-ticked.
Google Analytics is only ever loaded after you consent — before that no data is sent to Google and no _ga cookie is set. If you later withdraw consent via Cookie settings, the analytics cookies are deleted immediately.
Your decision is stored in a first-party cookie (kasimir_consent) and lasts about six months. You can reopen and change it at any time via the Cookie settings link (e.g. in the footer).
Your rights and further information
The full privacy policy at /privacy lists all processing activities, legal bases, processors, retention periods and your data-subject rights (access, rectification, erasure, portability, objection, complaint) under the GDPR. You can also delete your chat content and generated texts yourself at any time. For privacy requests contact support@kasimir.ai; the controller is Viedev GmbH.