basemotion AI integrates artficial intelligence to process and execute operational workflows. We maintain strict control over how your data interacts with these models.

We use Google Cloud Vertex AI to analyze your strategy data.

• Purpose: Automated analysis of company data and execution of workflows.
• Legal Basis: Art. 6 para. 1 lit. b GDPR (performance of a contract).
• Location: Frankfurt, Germany (europe-west3)
• Security: End-to-end encryption according to the AES-256 standard.

To ensure complete operational safety, our AI processing adheres to the following principles:

• Strategic Augmentation: basemotion AI uses Google Vertex AI (Gemini Pro) to assist in strategic analysis. The AI functions as an operational assistant. All final strategic decisions remain under human control.
• Zero-Training Guarantee: We process data exclusively via the Vertes AI API (europe-west3). In accordance with our enterprise agreement, your data is never used to train Google's foundation models.
• Data Residency: All data processing, including vecotr embeddings and chat processing, occurs strictly within the European Economic Area (EEA), specifically in Germany.

We implement strict technical and organisational measures to protect your data against unauthorized access, loss, or manipulation. All data transfers are secured using state-of-the-art encryption protocols.

We store your data only for as long as necessary to fulfill the purposes outlined in this policy or as required by statutory retention periods. Once the purpose no longer applies or the legal retention period expires, the data is routinely deleted.

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Request access to your stored personal data (Art. 15 GDPR).
• Request the correction of inaccurate data (Art. 16 GDPR).
• Request the deletion of your data (Art. 17 GDPR).
• Request the restriction of the processing of your data (Art. 18 GDPR).
• Request data portability (Art. 20 GDPR).
• Object to the processing of your data (Art. 21 GDPR).

To exercise these rights, please contact us at support@basemotion.ai.

Status: March 31, 2026

Our agentic architecture is based on:

• Orchestration: self-hosted Mastra Framework for deterministic workflows and agents.
• Model Infrastructure: Google Gemini Models, provided via the Vertex AI Platform in the europe-west3 (Frankfurt) region. The data is NOT used for foundation model training.
• Data Storage: Encrypted deployment via Supabase (EU-Hosting).

We maintain the highest standards in protecting your company data:

• No training: Your entered data and business secrets are not used for training the global foundation models of Google or other third parties.
• Isolated environment: The processing takes place in a dedicated Enterprise instance within the Google Cloud (GCP).
• Encryption: All data transfers are encrypted according to the current state of the art (AES-256).

According to Article 50 of the EU AI Act we point out the following points:

• Labeling: All reports and analyses generated by the AI are marked as “AI-generated”.
• Human control (Human-in-the-Loop): Strategic decisions should always be based on a human validation of the AI results.
• Error risk: Despite the highest precision, AI models may generate inaccurate information in individual cases (“hallucinations”). Please verify critical figures always against your primary sources.

Detailed information about our security measures, access controls and the reliability of our systems can be found in our separately stored TOM document (as of 2026).