AI that fits the compliance program you already run.
Most AI tools create a second, less-governed copy of your operational data inside a vendor perimeter. Invisibles takes the opposite approach. The software deploys into your own AWS or Azure account, under your IAM, inside your security boundary. Your regional choices, retention rules, access controls, and audit posture can continue to apply. You remain the controller or data fiduciary; Invisibles operates as processor. This is not a certification checklist — it is a practical map from common regulatory obligations to the product and deployment controls that support them.
EU General Data Protection Regulation.
Controller, processor, Article 28 obligations, international transfers after Schrems II, DSARs, Article 22 automated decision-making, and how the audit trail supports DPIA work under Article 35.
Risk-tiered AI governance, in your environment.
Deployer obligations under Article 26, transparency and human-oversight under Articles 13 and 14, the GPAI model-provider distinction, and why record-keeping matters before a use case becomes high-risk.
Digital Personal Data Protection Act, 2023.
Data Fiduciary versus Processor, consent-based processing, Data Principal rights, Significant Data Fiduciary expectations, cross-border transfer nuance, and India-region hosting in Mumbai or Hyderabad.
Privacy Act, APPs, and data sovereignty.
APP 8 cross-border disclosure, APP 11 reasonable security, Consumer Data Right context, Notifiable Data Breaches readiness, and deploying in AWS Sydney or Azure Australia East.
This page is for informational purposes only and is not legal advice. A Data Processing Addendum is available on request; email security@invisibles.app. Customers should review their specific obligations with their own privacy, legal, and compliance counsel.
Need to walk a privacy review through the architecture?
Book 30 minutes with our team. Bring your privacy counsel, security team, or procurement. We answer specific questions against your obligations under GDPR, the EU AI Act, DPDP, the Privacy Act, and sector-specific rules.