Trust Center

Clara is classified as a high-risk AI system under Annex III, point 4(a) of the EU AI Act (Regulation 2024/1689), because it is used to “filter job applications and evaluate candidates.”

This classification is not a downside — it means we must meet the strictest requirements of the EU regulation. In return, customers get solid compliance proof rather than vague phrases.

GDPR (Regulation 2016/679):

✓ Art. 13 privacy notice — at tenant and platform level

✓ Art. 22 automated decision-making — final recruiter decision binding, HITL enforced

✓ Art. 32 technical and organisational measures (TOM)

✓ Data Processing Agreement (DPA) per tenant

✓ Data Protection Impact Assessment (DPIA) completed

EU AI Act (Regulation 2024/1689):

✓ Art. 9 risk management — see DPIA

✓ Art. 10 data governance — sub-processor list with processing regions

✓ Art. 13 transparency for deployers — this page + DPA Annex A

✓ Art. 14 human oversight (HITL) — AI advises, human decides

✓ Art. 15 accuracy / robustness — anti-discrimination rules in the evaluation prompt

○ Art. 12 logging / record-keeping — audit trail in implementation

○ Annex IV technical documentation — generator in progress

AGG (German Equal Treatment Act):

✓ §1 evaluation rules anti-discrimination-aware throughout

○ External audit review in progress

On reasoned request we provide the following documents:

– Data Processing Agreement (DPA template) with Annex A (tenant-specific sub-processor configuration)

– Data Protection Impact Assessment (DPIA) — risk matrix R1–R12 with mitigations

– Technical and organisational measures (TOM) — Art. 32 GDPR + Section V voice stage

– Sub-processor list with processing regions

– Service Level Agreement (SLA) — 99.5 % uptime, P1–P3 response times

– Data retention and deletion concept

– Incident response plan

– Conformity assessment per Annex IV EU AI Act (in preparation)

Please send your request to datenschutz@arveum.com — we respond within 5 working days.

Processed in the EU:

– Anthropic (LLM) via AWS Bedrock — EU Frankfurt

– Deepgram (speech-to-text) — EU Frankfurt

– Beyond Presence GmbH (video avatar, optional) — DE/EU (Munich)

– Hetzner Online GmbH (infrastructure, audio recordings) — DE Nuremberg

TTS speech synthesis depends on tenant configuration:

– Microsoft Azure Speech — EU Frankfurt (for EU data-residency tenants)

– ElevenLabs — USA with DPF adequacy

– Cartesia Sonic — USA with zero data retention

The TTS provider active for a specific tenant is documented in the DPA Annex A of the respective tenant.

This Trust Center page complements the following privacy notices:

– arveum-intelligence.com/privacy — marketing website (lead data from contact form)

– <tenant>.hr.arveum.ai/datenschutz — candidate privacy notice per Art. 13 GDPR per tenant

– voice.arveum.ai/datenschutz — voice platform backend (platform standard)

General data protection: datenschutz@arveum.com

Platform compliance / EU AI Act: Albrecht Senden · Arveum Intelligence GmbH (in formation) · datenschutz@arveum.com

Sales / Demo + audit requests: philipp@arveum.com