Day one
What a data-protection officer can sign off on, immediately.
No six-month vendor review. No bespoke enterprise contract before you can start. Six things that are already true on the free plan.
Default providers do not keep your prompts or files once a request completes. No retention window to negotiate.
The Data Processing Agreement applies to every tier. You do not have to upgrade to be covered.
Hosting, analytics, monitoring, and storage all run inside the EU. Dedicated EU-only deployments for the strictest cases.
Customer prompts and uploads are never used to train models. Written into the DPA, not just a settings toggle.
Admin controls and audit trails map to the categories most internal AI policies already use.
The full subprocessor list is public and versioned, so your compliance team reviews real names, not promises.
What Wysor does
Full AI capability, without the data-protection compromise.
Most teams trade privacy for capability: the powerful tool retains everything, the private tool can barely do the work. Wysor refuses the trade. Every leading model, every workflow, GDPR-aligned from the first request.
Zero data retention by default
Prompts and files are not stored after a request completes, not used for training, not human-reviewed. The contractual DPA covers this on every plan, including the free one.
Every leading model, EU-routed
GPT, Claude, Gemini, Perplexity, Mistral, and open-source models in one workspace, with the right model picked per task. No separate vendor contracts, no lock-in, no data-protection review per provider.
EU-only deployments
For work that cannot leave your environment at all, dedicated EU-only processing. Built for organisations that cannot send data to third countries, not retrofitted with a regional add-on.
Smart email, kept private
Threads sorted by priority, replies drafted in your voice across Gmail and Outlook. You decide what sends. The drafting happens without retaining the contents of your inbox.
Documents that never leak
Turn a brief into a contract, memo, or report. Sensitive source material is processed and discarded, never banked for training or review.
Verified research with citations
Search across 86 million legal and medical sources plus the open web, with citations. Overruled cases and retracted studies are flagged automatically, so the output holds up under scrutiny.
Admin controls and audit trails
Role-based access, workspace separation, and audit logging on by default, so a data-protection officer can map usage to policy without a custom build.
Compliance-grade by construction
AES-256 at rest, TLS 1.2+ in transit, a published subprocessor list, and a DPA on every plan. The compliance posture is the product, not a paid tier.
Why compliance teams pick Wysor
Three guarantees most AI vendors cannot put in writing.
Zero retention, in the contract.
Not a setting that can be flipped back, not an enterprise-only promise. Prompts and files are not retained after a request, and the DPA says so on every plan.
EU processing, by default.
A German company operating under German and EU law. Hosting, analytics, monitoring, and storage inside the EU. GDPR was the starting point, not a later patch.
No training on your data. Ever.
Customer prompts and uploads never become training data. The line is written into the agreement, so legal and compliance can rely on it rather than trust it.
Where it matters most
Built for the work where a data leak is a legal event.
GDPR-compliant AI pays off fastest where the data is sensitive and the consequences of mishandling it are real. That covers most regulated and client-facing work.
Legal and compliance
Privileged client material, contracts, and case files stay private. Search 26 million court decisions across 12 countries with verified citations, with nothing retained.
AI for LawyersHealthcare and life sciences
Patient data and clinical notes are processed without retention. Search 60 million medical records from PubMed, FDA, and EMA, with retracted studies flagged automatically.
AI for Doctors and HealthcareFinance and insurance
Statements, disclosures, and customer records handled under a contractual DPA, with audit trails on by default and no data used for training.
AI for FinanceHR and people ops
Employee data, contracts, and interview notes stay inside the workspace. Sensitive prompts are not retained or human-reviewed.
Public sector and education
Citizen and student data processed inside the EU, with role-based access and a published subprocessor list your procurement team can review.
Regulated industries overall
Any team bound by GDPR, professional secrecy, or sector rules gets full AI capability without the data-protection compromise.
AI for Regulated IndustriesSide by side
Wysor vs the usual AI tools, on data protection.
| Data-protection question | Wysor | ChatGPT | Microsoft Copilot |
|---|---|---|---|
| Zero data retention by default | Every plan, free included | Enterprise only | Tenant-bound, retained |
| Contractual DPA on free plan | Yes | No | No |
| EU-only processing | Default, German company | Add-on | Add-on |
| No training on customer data | Contractual, every plan | Settings-dependent | Tenant-dependent |
| Published subprocessor list | Yes, versioned | Partial | Partial |
| Choice of leading models | GPT, Claude, Gemini, more | OpenAI only | Limited |
| Encryption at rest and in transit | AES-256, TLS 1.2+ | Yes | Yes |
| Dedicated EU-only deployment | Available | No | No |
Built in Germany
Run on EU law. Not retrofitted to it.
Wysor is a German company. Hosting, analytics, monitoring, and storage all run inside the EU. We did not bolt GDPR onto a product built somewhere else. We started here.
Rollout
Three steps to deploy AI your DPO can sign off on.
Review the DPA and subprocessor list first.
Both are public, so your data-protection officer can read the real terms before anyone signs in. No sales call required to see what you are agreeing to.
Write a one-page AI usage policy.
What data can go in, which workspaces, who reviews what. Wysor's admin controls and audit logging map cleanly to the categories most policies use, so the policy and the product line up.
Roll out to the team, fully covered.
Because the DPA and zero-retention guarantee apply on every plan, you can start with one team on the free tier and expand without renegotiating the data-protection terms.
FAQ
Common questions about GDPR-compliant AI.
Several things together: a lawful basis and a Data Processing Agreement that names the controller and processor, processing inside the EU or under adequate safeguards, a clear position on retention and training, encryption, audit logging, and a published list of subprocessors. Wysor is built to all of these from the first request, with the DPA and zero-retention guarantee on every plan rather than locked behind an enterprise tier.
No. Default providers do not retain prompts or files after a request completes. The contents are not banked for training and not human-reviewed. This is written into the Data Processing Agreement, which applies to every plan including the free one.
No. Customer prompts and uploads are never used to train models. This is a contractual commitment, not a settings toggle that can quietly default back on.
Inside the EU. Wysor is a German company, and hosting, analytics, monitoring, and storage run inside the EU. For organisations that cannot send data to third countries at all, dedicated EU-only deployments are available.
Yes. The DPA applies to every plan, including the free one. You do not have to upgrade or sign a bespoke enterprise contract to be covered.
Yes. The full subprocessor list is published and versioned, so your compliance team can review the actual names and roles rather than rely on a general assurance.
On data protection, the differences are concrete. Wysor offers zero data retention by default on every plan, a contractual DPA on the free tier, EU-only processing as the default, and a published subprocessor list. With ChatGPT and Copilot, several of these are enterprise-only, tenant-dependent, or add-ons. Wysor also gives you every leading model in one workspace instead of a single vendor.
Yes. It was built for regulated work. Sensitive material is processed without retention, access is audit-logged, and research runs against 86 million verified legal and medical sources with citations. See the regulated-industries page for the sector breakdown.
No, and that is the point. Most tools trade capability for privacy. Wysor gives you every leading model, email, documents, research, and agents, with the data-protection guarantees applied underneath rather than carved out of the feature set.
Wysor is free to start with the full privacy guarantees, including the DPA and zero retention. Paid plans add higher usage, advanced agents, and team controls. The compliance posture does not change by tier. See the pricing page for current plans.
AI you can actually clear with compliance.
Free to start. Zero data retention, a contractual DPA, and EU processing on day one. Every leading model in one workspace.
Questions? [email protected]
Explore further