EmpfangoSecure AI with EU data residency – on dedicated Azure OpenAI infrastructure, not the public ChatGPT
The AI language model — the layer that understands your callers and decides — runs in the EU (Azure OpenAI, Sweden Central). Only the conversation text reaches the model, and Microsoft does not use it for model training.
How our AI is built
Empfango isn't built on an anonymous AI service but on Microsoft's Azure OpenAI infrastructure — with dedicated EU data residency for the language model and publicly documented compliance (evidence below).
Language model: Azure OpenAI – Sweden Central (EU) — The large language model runs exclusively on Microsoft Azure OpenAI in the EU region Sweden Central — no transfer to third countries for the language-model processing.
EU data residency — Language-model processing, hosting and data storage of the application take place in the EU — language model in Sweden Central, hosting and database in Frankfurt. Your transcripts and summaries stay within the EU.
What goes into the language model — Only the conversation text (transcript) is sent to Azure OpenAI — no call audio. Microsoft does not use these inputs and outputs for model training and does not share them with OpenAI.
No permanent audio storage — Call audio is not permanently stored by default. You only receive transcripts and summaries.
Transport & voice layer: separate from the AI — Call delivery (Twilio), speech recognition (Deepgram) and speech synthesis (ElevenLabs) run via established providers with US ties — solely as processors under Art. 28 GDPR and with safeguards for the third-country transfer (EU Standard Contractual Clauses / EU-US Data Privacy Framework). This is the transport and voice layer, not the AI decision layer.
Verifiable evidence — not just promises
Security must be verifiable. The sources below lead directly to Microsoft's own security and compliance evidence for Azure and the Azure AI services — including downloadable audit reports and certificates.
Microsoft Service Trust Portal — audit reports & certificates
This is where Microsoft provides the actual evidence for download: ISO 27001/27018, SOC 1/2/3 and BSI C5 of the Azure platform — directly from the independent auditors.
Open document ↗Microsoft Trust Center
Microsoft's central presentation of security, privacy and compliance across all Azure services.
Open document ↗Azure security — documentation
How Microsoft secures the Azure platform technically (Azure Security Fundamentals): identity, encryption, network and data-center security.
Open document ↗Azure AI services — security
Microsoft's overview of the security features of the Azure AI services on which the language model runs.
Open document ↗Azure OpenAI — data, privacy & security
Microsoft's evidence: inputs and outputs are processed in isolation, not used to train the models and not shared with OpenAI.
Open document ↗Azure OpenAI — transparency & responsible AI
Microsoft's transparency note on how the Azure OpenAI models work, their limits and their safe use.
Open document ↗EU Data Boundary
Microsoft's commitment to store and process EU customer data within the EU/EFTA.
Open document ↗Note: the audit reports and certificates (ISO 27001/27018, SOC 1/2/3, BSI C5) and the EU Data Boundary apply to the Microsoft Azure platform Empfango builds on — viewable and downloadable in the Service Trust Portal. They attest to the security of the infrastructure used, not a certification of Empfango itself.
Legal framework
Beyond the technical platform, Empfango is designed for the requirements of European law: a fixed AI disclosure with which deploying companies meet the transparency obligations of the EU AI Act (Art. 50), and data processing under Art. 28 GDPR that is part of the contract at no extra charge.
We fully disclose which sub-processors Empfango uses — including the US services for telephony, speech recognition and speech synthesis (incl. Twilio, Deepgram, ElevenLabs), which are secured by appropriate safeguards for the third-country transfer (EU standard contractual clauses under Art. 46 GDPR or the EU-US Data Privacy Framework under Art. 45 GDPR).
You'll find the full list of sub-processors and the deletion concept in our Privacy Policy.
Frequently asked questions about AI security
Empfango runs the language model (LLM) on Microsoft Azure OpenAI in the EU region Sweden Central. This means AI processing runs on a platform with dedicated EU data residency and documented compliance.
Only the conversation text is sent to the AI language model (Azure OpenAI), no call audio; per Microsoft's own documentation these inputs and outputs are not used for model training and not shared with OpenAI. Speech recognition (Deepgram) receives the call audio and speech synthesis (ElevenLabs) the response text — both solely as processors to carry out the call (DPA under Art. 28 GDPR).
The AI language-model processing via Azure OpenAI takes place in the EU region Sweden Central; hosting and data storage run in Frankfurt. For telephony and speech synthesis, US providers (incl. Twilio, ElevenLabs) are also used; a DPA under Art. 28 GDPR exists with each, and the transfer is secured by appropriate safeguards for the third-country transfer (EU standard contractual clauses under Art. 46 GDPR or the EU-US Data Privacy Framework under Art. 45 GDPR). All sub-processors are disclosed in the privacy policy.
The certifications mentioned (ISO 27001/27018, SOC 2, BSI C5) apply to the Microsoft Azure platform Empfango builds on. They attest to the security of the infrastructure used. Empfango itself operates GDPR-compliantly with a DPA under Art. 28 GDPR.
By default, call audio is not permanently stored; for call delivery Twilio (USA) processes it only transiently. Transcripts and call summaries are created and made available to you in the dashboard.
