Aquil
Aquil
Legal

Trust & Security

Where your data lives, how it is protected, and how we operate Aquil.

Version 1.0.0 · Effective 7 April 2026

Download PDFDownload Markdown

Trust & Security at Aquil

Last updated: 2026-04-16

Aquil is built and operated by Sokigo AB (org.nr 556550-6309), part of Addnode Group AB (publ). We help organisations manage their information security management systems — so we take our own security seriously.

Where your data lives

  • Hosted in Sweden. Aquil runs on Sokigo's own infrastructure in a Swedish datacenter, managed by Nordlo as our IT service provider.
  • No US cloud for Customer Data. Application servers, databases, logs, metrics and analytics all run inside our environment in Sweden.
  • Encrypted backups are stored at a separate Swedish geographic location.

Encryption

  • In transit: TLS 1.2+ for all connections.
  • At rest (infrastructure): AES-256 full-disk encryption protects all data, including databases, logs and backups.
  • Per-tenant file encryption (application layer): on top of disk encryption, all customer-uploaded files are additionally encrypted with AES-256 authenticated encryption using a per-tenant derived key. No two tenants share the same file-encryption key, providing cryptographic separation between organisations in addition to application-level tenant isolation.
  • Key management: encryption keys are managed by Sokigo within its own secrets-management infrastructure. Access is strictly controlled, logged and reviewed. No sub-processor holds Sokigo's master key material.
  • Azure Key Vault: used for key material related to Sokigo's Azure platform services (e.g. the AI Foundry deployment), held by Sokigo as Microsoft's customer — not by Microsoft.
  • No customer BYOK at this time: Aquil does not currently offer Bring-Your-Own-Key where customers supply their own root keys. If you have a regulatory requirement for BYOK, contact us.

Authentication

  • Auth0 (EU tenant, Frankfurt) for user authentication and MFA.
  • Multi-factor authentication required for administrative roles.
  • Auth0 stores only email, hashed password and MFA metadata — no document content, no audit data.

AI features

  • Inference runs in Sweden Central on Microsoft Azure AI Foundry, using the open-weights model gpt-oss-120b.
  • The model is deployed in Sokigo's own Azure tenant, governed by the Microsoft Product Terms and the Microsoft EU Data Boundary.
  • No customer prompts or completions are used to train any AI model, by Sokigo or by Microsoft.
  • AI prompts and model outputs are not retained beyond the user session. Sokigo's database stores only usage metadata (feature name, model, token counts, organisation and user identifiers, timestamps) for quota enforcement and billing — never the prompt text or the model response.
  • Any AI output that you explicitly save as part of your data (for example, a generated document you keep) is treated like any other Customer Data and lives in your tenant's own storage until you delete it.

Payments and billing

  • Payment processor: Stripe Payments Europe Ltd (Ireland), with Stripe, Inc. (US) as its ultimate parent. Stripe is a PCI DSS Level 1 service provider and a regulated EU payment institution.
  • Card data never touches Aquil. Sokigo operates at PCI DSS SAQ A scope — the narrowest self-assessment level, applicable where all card acceptance is redirected to the processor's hosted environment. Card primary account numbers (PANs) are entered on Stripe's hosted Checkout page at stripe.com, tokenised by Stripe, and only the token is ever returned to Aquil.
  • Hosted flows: Aquil uses Stripe's hosted Checkout for new subscriptions and Stripe's hosted Customer Portal for self-service billing management. Stripe Elements / JS are not embedded in the Aquil UI, which confines Stripe-side cookies and fingerprinting to stripe.com.
  • Data transferred to Stripe: billing contact name and email, billing address, VAT / organisation number, transaction metadata and payment method token. This minimum-necessary set is documented in the Aquil Sub-processor list and in the Aquil TIA.
  • Currency and VAT: Fees are charged in SEK. Swedish VAT is added for Swedish Customers; EU B2B Customers with a valid VAT number are invoiced under the reverse-charge mechanism at 0% VAT. Invoices include all particulars required by Mervärdesskattelagen (2023:200) 17 kap.
  • Accounting retention: invoices and payment records are retained for 7 years as required by Bokföringslagen (1999:1078) kap. 7 § 2.
  • Fraud prevention: Stripe Radar is used to score payment risk. Radar may process transaction metadata (including device/IP signals) on Stripe's own legal basis as a controller for fraud-prevention purposes; see Stripe's privacy notice for details.
  • Strong Customer Authentication (PSD2): handled by Stripe's hosted Checkout (3-D Secure 2 where required by the card issuer).

Sub-processors

We publish our complete sub-processor list at /legal/subprocessors with 30 days' notice of any changes. Subscribe to changes there.

Compliance and certifications

  • ISO/IEC 27001:2022certified. Statement of Applicability available under NDA to prospects and customers on request.
  • GDPR — Sokigo acts as Processor for Customer Data; Data Processing Agreement at /legal/dpa.
  • NIS2 — Sokigo is in scope as a managed service provider; group-level NIS2 governance.
  • EU AI Act — Aquil is currently classified as a limited-risk AI system; we monitor obligations and update our AI Addendum accordingly.

Operational security

  • Access control: role-based access; principle of least privilege; quarterly access reviews.
  • Vulnerability management: dependency scanning, container image scanning, periodic penetration testing.
  • Logging: application, infrastructure and security logs are aggregated to a self-hosted observability stack within Sokigo's environment. No customer content is logged — only metadata (identifiers, counts, timestamps).
  • Incident response: documented runbooks; 48-hour Customer notification commitment for confirmed Personal Data Breaches affecting Customer Data.
  • Background-checked personnel under written confidentiality undertakings.

Service availability

  • SLA: 99.0% during the Service Window (Mon–Fri 08:00–17:00 Europe/Stockholm). See /legal/sla.
  • Status & incidents: communicated in-app and by email to designated contacts.

Disaster recovery

  • Backups: encrypted, taken regularly, stored at a separate Swedish location.
  • Current RTO target: [TBD — please update]
  • Current RPO target: [TBD — please update]
  • A redundant production site is on the roadmap.

Data subject rights

If you are a data subject and would like to exercise your rights under GDPR, please contact the Customer organisation that holds your data. If your inquiry concerns Sokigo's role as Controller of marketing-site or prospect data, contact infosec@sokigo.com.

Reporting a vulnerability

We welcome coordinated disclosure. Email infosec@sokigo.com with details. Please do not exploit vulnerabilities, access data that is not your own, or run scans without prior written consent.

Contacts

Document hash (SHA-256): aa97a58be92a32b392246a0a670169ae6caea4e487aed3640671d846756c7905