Home How it works Platform AI Agent API Pricing Contact Sign in Sign up

Your data, on a European server, with every control you'd expect.

Karkium is built around GDPR principles by design. No "data anywhere". No opaque algorithms processing your information. Here we explain, plainly, how we protect the data you trust us with.

Where your data lives

Clearly located infrastructure, no opaque third parties in between.

🇪🇺 Server in the European Union

Infrastructure hosted in the European Union, with Cloudflare as a global security and performance layer. For the exact list of providers and subprocessors, see our privacy policy.

  • EU-based servers
  • Built around GDPR principles
  • No silent international transfers

🔒 Encryption in transit and at rest

Mandatory HTTPS with valid certificates, and database-level encryption for sensitive fields.

  • TLS 1.3 on every connection
  • Column encryption on critical PII
  • API tokens signed with Sanctum

Who can see what

Granular, traceable access. Nothing happens without an audit trail.

👥 Roles and workspaces

Strict separation between workspaces. Each account has its own bucket; nobody sees what they shouldn't.

  • Admin, manager, technician, viewer
  • workspace_id isolation on every query
  • Model-level policies (Laravel Policies)

📜 PII audit log

Every access to personal data is logged. If something happens, we know what, when, and who.

  • pii.audit middleware on sensitive routes
  • Records IP, user, and operation
  • Retention configurable per workspace

🛡️ Real-time DLP

Data Loss Prevention active: if someone tries to pull large volumes of data they shouldn't, the system cuts it off.

  • Anomalous-volume detection
  • Automatic blocking with log
  • Bypass only for admin/super_admin roles

🔑 Scoped API tokens

API tokens have limited abilities. A token for sending leads can't read your whole CRM.

  • Sanctum Personal Access Tokens
  • Webhooks with bearer token per workspace
  • Instant revocation from Settings

GDPR: what we owe you

Your users' rights are yours to honor. We give you the tools.

📋 Data-subject rights

Access, rectification, erasure, objection, portability, and restriction. All operable from the contact's panel.

🚫 One-click unsubscribe

Every commercial email includes a public /unsubscribe/{token} link without requiring an account.

🗑️ Real deletion

When a client requests erasure, PII data is actually deleted, not just flagged. No misleading soft-delete.

📝 Consent record

Every lead stores origin, date, and exact consent text given. If a regulator asks, you answer with data.

Our honest disclosure

We don't train any AI model on your data. The Copilot queries Anthropic (Claude) with just enough data to answer your specific question. Nothing is retained on Anthropic's side for training purposes.

We don't resell data. Ever. It's not a viable business model and it would be illegal in the EU.

We're small. A small team means less attack surface, but also fewer people to respond if something breaks. That's why we audit aggressively and show up quickly when there's a problem.

Questions, incidents, or exercising rights?

Write to our Data Protection Officer. We always reply before the legal 30-day deadline and usually much sooner.

✉️ info@karkium.com

From $150/month. All included. No excuses.

No demo. No sales reps. No contract. You pay, you log in, you get to work. If it does not fit, you cancel. Done.

Start now Ask anything