Compliance: GDPR, EU AI Act & DPA Chain

The three pillars

How Miyon stays compliant — on every call.

Compliance isn't a chip at the bottom of the page. It's how the platform is wired. Here's what that means in practice.

Pillar 1 · Data protection

GDPR · DSGVO · compliant on every call

Every interaction is processed under EU law. Customer data is encrypted at rest and in transit, scoped to your tenant, and never used to train other customers' models.

Per-tenant data isolation — no cross-customer training
Right to erasure (Art. 17) automated via dashboard
Data minimisation — only what's needed for the call
Configurable retention (default: 30 days)
DPO and DPA available on request

Live

Pillar 2 · AI governance

EU AI Act · explainable, auditable

Miyon's voice agents fall under the EU AI Act's transparency obligations. The agent declares itself as AI on first contact, gives users access to a human, and logs every decision for audit.

Identifies as AI per Art. 50 (mandatory from 2 Aug 2026)
One-word escalation to a human on request
Decision logging per call — auditable end-to-end
No emotion analysis, no biometric profiling, no scoring
Bias monitoring across language, voice, region

Live

Pillar 3 · Information security

Security built into the platform

Per-tenant data isolation, EU data residency and full audit logging across every call. A detailed security overview is shared on request, under NDA.

Live

Sub-processors

Who else touches your data — named upfront.

A short list of sub-processors handle parts of the call flow. All are EU-resident or operate under an active EU Data Transfer Framework. The full list is available, talk to us.

Voice infrastructure

Real-time speech routing, transcription, low-latency synthesis

EU

LLM provider (configurable)

Conversation reasoning · partner can pin to EU-only models

EU / EU-config

Telephony PSTN gateway

Inbound number termination · call recording (opt-in)

EU

SMS / WhatsApp routing

Confirmation messages, reminders, outbound nudges

EU

Cloud infrastructure

Compute · storage · EU data residency on every region

EU

Email service provider

Transactional mail · daily digest · DPA in place

EU

Audit trail

Every call, every decision, every step — logged.

When the agent answers, it logs the inputs (caller ID, route, language). When it reasons, it logs the decision. When it calls an integration, it logs the request and the response. When the call ends, it logs the outcome and the audit chain is closed.

What's logged

Timestamp, caller phone, language detected, intent classification, integration calls made, outcome (booked / escalated / resolved). Voice recordings only if you've enabled them — opt-in per tenant.

Who can see it

Your admins, your auditors (with role-based access), and Miyon's compliance team (only when triggered by your support ticket). Sub-processors never see the audit trail.

How long it lives

Data retention is decided by the end user: no retention, 3 days or longer.

FAQ

The compliance questions that come up first.

European servers, EU data residency. We don't name the specific cloud region in public copy because partners need flexibility for their own customer contracts — but the exact region is named in your DPA, with addresses and certifications.

Yes. From 2 August 2026 the EU AI Act mandates AI-system disclosure on first contact. Miyon's agents declare themselves as AI in the opening line, in the user's language, before the conversation begins.

Yes. One-word escalation ("speak to a human" / "Mensch sprechen" / "parler humain") routes the call warm to your team, with the call summary already typed. The agent never blocks the escalation.

No. Per-tenant data isolation is hard-wired. Your customer conversations, your CRM records, your call summaries — never leave your tenant boundary and never inform models that serve other customers.

Your data leaves with you. We export everything (audit trail, call summaries, CRM sync history) in a structured format. After the 30-day grace period, the data is cryptographically deleted from our systems. You keep your phone number.

Yes. Every call has a unique audit ID. Your admin can request the full chain (inputs / decisions / API calls / outcome) via the dashboard. Useful for dispute resolution, compliance reviews, or quality auditing.

Compliance you can count on.

How Miyon stays compliant — on every call.

GDPR · DSGVO · compliant on every call

EU AI Act · explainable, auditable

Security built into the platform

Need the paperwork? It's ready.

Who else touches your data — named upfront.

Every call, every decision, every step — logged.

What's logged

Who can see it

How long it lives

The compliance questions that come up first.

Compliance reviewed. Built before launch.