nordflak
PLATFORM · SECURITY

Security,
from the ground up.

Security is not a layer we add on top. It is how Nordflak is built: European infrastructure, encryption at rest and in transit, and strict control over who can access what.

LAST UPDATED · 4 JUNE 2026
01

Overview

Nordflak is built for organisations that need to know their data stays in Europe. Our security work rests on three principles: encryption of all data, European infrastructure with no non-European suppliers, and minimal access to data.

This page describes the technical and organisational measures we use to protect your data.

02

Encryption

Your data is stored encrypted on European servers, both at rest and in transit. Traffic between your client and the service is protected with modern TLS standards, and stored data is encrypted at disk level.

Encrypted at rest and in transit. Keys are managed in European infrastructure and rotated according to our internal procedure.

03

European infrastructure

All operations run on European servers within the EU/EEA. We use no non-European suppliers anywhere in our infrastructure, which means your data does not depend on rules or decisions outside Europe.

That is the core of Nordflak: if the cloud on the other side of the Atlantic shuts down, your business should keep working.

04

Access and permissions

We apply the principle of least privilege. Access to systems and data is granted only to those who need it for their work, and access can be traced.

Strong authentication
Logging in is protected with multi-factor authentication for both customers and staff.
Role-based access
Permissions are governed by role and reviewed on an ongoing basis.
Traceability
Access to sensitive systems is logged and can be reviewed after the fact.
05

Operations and monitoring

The service is continuously monitored for anomalies and disruptions. Security logs are collected to detect and investigate suspicious activity.

We take regular, encrypted backups within the EU/EEA so that data can be restored when needed. Changes to production are made through reviewed and documented procedures.

06

Models and content

Nordflak uses models from the European company Mistral. The content you submit is processed to deliver responses to you.

Content is stored encrypted and is subject to the same strict access controls as other customer data.

07

Incident management

We have procedures for detecting, handling and communicating security incidents. If a personal data breach occurs that requires it, we notify the supervisory authority within 72 hours and inform affected customers in accordance with the GDPR.

08

Report a vulnerability

Have you found a security flaw? We appreciate responsible reporting and give you time to report before anything is made public.

SECURITY   security@nordflak.se
8009349