Signio is built for confidential commercial real estate work. Every firm is isolated at the database layer, data is encrypted and held in the EU, and answers are drawn only from your own documents with their sources shown. Your data is never used to train AI models, and deleting a document removes it permanently.
Controls
Last updated July 2026Each firm is a separate tenant. No firm can read, search, or reach another firm's documents, notes, or conversations.
How we do it ›
Uploaded documents are stored in a private container belonging to a single firm, reachable only by that firm's signed-in users.
How we do it ›
Isolation is tested directly against the running system, in both directions.
How we do it ›
Access requires your organisation's own Microsoft account. Personal accounts are rejected.
How we do it ›
Every request is verified against your firm's identity before any data is read or written.
How we do it ›
The account Signio uses to reach your data cannot cross firm boundaries or escalate its own permissions.
How we do it ›
Signio staff access customer content only where needed to operate, support, or secure the service, or where legally required.
How we do it ›
All traffic between you and Signio is encrypted.
How we do it ›
Stored documents and data are encrypted at rest on Microsoft Azure.
How we do it ›
Data is stored in Sweden. All processing, including the AI that generates your answers, stays within the European Union.
How we do it ›
Signio holds no passwords, keys, or connection strings in its code.
How we do it ›
Signio can search only your own firm's documents. It has no route to another firm's material.
How we do it ›
Signio answers from your documents and shows the sources behind every response. Where it does not have the answer, it says so rather than guessing.
How we do it ›
Your documents are not used to train or improve any AI model, and are never used to answer another firm's questions.
How we do it ›
Key actions, including changes and deletions to documents, are recorded.
How we do it ›
Deleting a document removes the file immediately, with no retained copy.
How we do it ›
Sub-processors
The service providers involved in running Signio. We publish them so you always know who touches your data. All are Microsoft Azure services, in the EU.
FAQ
What encryption do you use? ⌄
Data is encrypted in transit using modern TLS, and at rest on Microsoft Azure with AES-256.
Who can access our data? ⌄
Your data is reachable only by your firm's own signed-in users. Every firm is kept separate from every other, and we've tested that separation directly. Our own team accesses your content only when it's needed to operate, support, or secure the service, or where we're legally required.
Does the AI learn from or train on our data? ⌄
No. Your documents are used only to answer your own questions — never to answer another firm's — and they're not used to train or fine-tune any AI model: we don't fine-tune on your data, and our AI provider commits the same in its terms.
Where is our data stored? ⌄
On Microsoft Azure. Your data is stored in Sweden, and all processing — including the AI — stays within the European Union.
What happens to our data if we stop using Signio? ⌄
You can delete any document at any time, and that deletion is permanent. A full self-serve account export or deletion on exit isn't automated yet — for now, we handle off-boarding with you directly, so you get what you need before anything is removed.
Is Signio independently certified? ⌄
No. Signio holds no independent security certifications today. Certification is a goal, and the controls described here are built and documented with it in mind, but we have not set a date. Everything on this page is in place and running now — we're happy to walk you or your IT team through any of it in detail.
