EasyBoard is built for the regulated Luxembourg financial sector. Our AI governance framework ensures full compliance with the EU AI Act, GDPR, DORA, and regulator requirements.
Regulation (EU) 2024/1689 - EasyBoard is classified as a limited-risk AI deployer with full transparency obligations met.
EasyBoard is a deployer of AI systems under Article 3(4). Our system assists in drafting board minutes - a narrow procedural task (Art. 6(3)) that improves human work without autonomous decision-making.
Users are clearly informed that AI assists in generating minutes. Every output is presented as a draft for human review, never as a final document.
Every AI-generated minute is reviewed, edited, and validated by the user before finalization. The AI assists - it never replaces human judgment.
Comprehensive documentation, onboarding guides, and user training ensure all stakeholders understand how AI is used in our platform.
EasyBoard does not engage in any practices prohibited under Article 5: no manipulation, no social scoring, no biometric identification, no emotion recognition.
Our AI providers (Anthropic, EdenAI) comply with Chapter V obligations for general-purpose AI models, including technical documentation and transparency requirements.
Full compliance with Regulation (EU) 2016/679 (GDPR) and Luxembourg data protection law.
TLI S.A., a Luxembourg company, acts as data controller. Registered office in Luxembourg. Supervised by the CNPD (Commission Nationale pour la Protection des Donnees).
Processing is based on contract performance (Art. 6(1)(b) GDPR). Consent is obtained where required. Legitimate interest assessments are documented.
Audio files are deleted immediately after transcription. Board minutes are retained according to client-defined policies. Account data is kept for the duration of the contract plus 10 years (accounting obligations).
Full exercise of GDPR rights: access, rectification, erasure, portability, restriction, and objection. Requests processed within 30 days via privacy@easyboard.lu.
All data is processed and stored within the European Union. No transfer to third countries. No exposure to the US CLOUD Act.
Your data is never used to train AI models. Zero-retention policy with our AI providers. Your board minutes remain exclusively yours.
Digital Operational Resilience Act (EU 2022/2554) - Our infrastructure meets the ICT risk management standards required by financial sector entities.
Secure architecture with AES-256 encryption, TLS 1.3 protocols, and regular security assessments aligned with DORA Chapter II requirements.
Documented incident response procedures with notification processes aligned with DORA Article 19 requirements for ICT-related incidents.
Regular infrastructure testing, automated monitoring, and disaster recovery procedures ensure operational continuity and service availability.
Complete documentation of ICT third-party relationships (Anthropic, Firebase, Netlify, EdenAI, Stripe) with risk assessments and contractual safeguards.
Purpose-built for the Luxembourg regulated financial sector.
Board minute templates designed to meet regulator requirements for fund governance, ensuring all mandatory fields and disclosures are included.
Templates aligned with CSSF Circulars 12/552 and 18/698 on governance and internal controls for the Luxembourg financial sector.
Minutes structure compliant with the Luxembourg law of 10 August 1915 on commercial companies, as amended, and applicable corporate governance codes.
Download our compliance documentation. For custom agreements or enterprise requirements, contact our governance team.
Standard GDPR Article 28 DPA covering sub-processing, security measures, and data subject rights.
Detailed description of security measures: encryption, access controls, monitoring, and incident response.
Complete list of sub-processors with location, purpose, and applicable safeguards for each provider.
EU AI Act Article 50 compliant notice detailing how artificial intelligence is used in EasyBoard.
Full privacy policy covering data collection, processing, retention, and your rights under GDPR.
Full GDPR compliance as data controller under Luxembourg supervision (CNPD)
Compliant as a limited-risk AI deployer with transparency obligations met
Infrastructure aligned with ICT risk management requirements for financial sector
Our governance team is available to discuss compliance requirements, provide documentation, or arrange a security review for your organization.