Compliance & sovereignty

GDPR compliant LLM API

Open models behind an OpenAI-compatible API, entirely within the EU: with a data processing agreement, a public subprocessor list and zero retention on prompts.

EU Data Sovereignty
Doornbos Ventures B.V. · NL
Compliant
EU datacenters
Spread across multiple European regions
GDPR compliant
Data Processing Agreement (DPA) as sub-processor
No CLOUD Act
Dutch company, outside US jurisdiction
Encrypted
AES-256 at rest, TLS in transit
No training
Your prompts never train a model

"GDPR compliant" is on the website of virtually every AI vendor by now. Click through, though, and you rarely find the documents that back the claim up: a data processing agreement you can sign today, a subprocessor list you can actually check, and a clear answer to what happens to your prompts after the response comes back. This page lays out how HostYourAI fills in those points, so your privacy officer can verify them instead of having to take them on faith.

The short version: HostYourAI is a Dutch company, all inference runs on GPUs in European data centers and there is no US cloud anywhere in the chain. Prompts and outputs are not stored for training, and the API works with both the OpenAI and the Anthropic SDK.

What makes an LLM API GDPR compliant

A data processing agreement that is ready to sign

Without a DPA you simply cannot send personal data through an external API. At HostYourAI the data processing agreement is a standard part of the platform, not an enterprise upsell hidden behind a sales call.

Subprocessors you can check

Article 28 GDPR requires you to know who works on behalf of your processor. Our subprocessors are therefore listed on a public page, so your records of processing stay accurate without you having to ask.

Zero retention on prompts and outputs

The content of prompts and outputs is not stored for training and not shared with third parties. What we do keep is billing metadata per request: timestamp, model, token counts and latency, visible in your own activity log. The full story is on our zero data retention page.

Encryption and availability

Data is encrypted with AES-256 and the platform runs under a 99.9% SLA. Payment is prepaid, including iDEAL, so your AI stack does not even need a US credit card relationship attached to it.

One-click deployment
OpenAI-compatible API
4 EU datacenters
End-to-end encryptie
Dedicated GPU instances
Audit logging

An EU chain without CLOUD Act exposure

The difference between "GDPR compliant" and "GDPR compliant on paper" is jurisdiction. A US provider is subject to US law, and since Schrems II we know a well-written DPA does not fix that: the US CLOUD Act can compel access to data even when it sits in a European data center. On top of that, every prompt sent to such an API is an international data transfer you have to document and keep justifying.

Keep the entire chain European and that discussion disappears from your records of processing. No transfer mechanisms, no transfer impact assessments, no explaining to customers why their data crosses the ocean after all. How that works architecturally is covered on our AI data sovereignty and AI compliance in Europe pages.

python
from openai import OpenAI
client = OpenAI(
    base_url="https://hostyourai.com/api/v1",
    api_key="hyai-...")
client.chat.completions.create(
    model="llama-3.3-70b",
    messages=[{"role":"user","content":"Hallo!"}])

How to switch

The API speaks OpenAI's /v1/chat/completions format, so switching means changing your base_url and key. If you work with the Anthropic SDK, use the /v1/messages endpoint with x-api-key authentication.

from openai import OpenAI

client = OpenAI(
    base_url="https://hostyourai.com/api/v1",
    api_key="hyai-...",
)

response = client.chat.completions.create(
    model="llama-3.3-70b",
    messages=[{"role": "user", "content": "Classify this customer request."}],
)
je vraag
doc-4f2a0.94
doc-9c1e0.91
doc-2b770.88

Questions about a GDPR compliant LLM API

Is there a GDPR compliant AI decision platform hosted in the EU?

Yes. HostYourAI runs open LLMs entirely within the EU and provides the building blocks for decision workflows: classifying, summarising, extracting and advising through a GDPR compliant API with a DPA and per-request logging. One caveat: if your system makes automated decisions with legal effects on individuals, additional requirements from the GDPR (Article 22) and the AI Act apply. That responsibility sits with you as the data controller.

How do I get the data processing agreement in place?

The DPA is published online and comes standard with every account. There is no enterprise contract or minimum spend attached to it.

Are my prompts used to train models?

No, never. Not by us and not by third parties. That guarantee is written into the data processing agreement.

Where do the models run and who are the subprocessors?

All inference runs on GPUs in European data centers. The current subprocessors are listed on our subprocessors page.

Will my existing OpenAI or Anthropic code work?

Yes. For OpenAI code you change the base_url and key; for the Anthropic SDK there is a /v1/messages endpoint with x-api-key authentication. Streaming, temperature and system prompts behave the way you expect.

Can I get a dedicated GPU instance?

Yes. Next to the shared pay-per-token Router you can run a dedicated vLLM instance that is yours alone, also within the EU.

EU Data Sovereignty
Doornbos Ventures B.V. · NL
Compliant
EU datacenters
Spread across multiple European regions
GDPR compliant
Data Processing Agreement (DPA) as sub-processor
No CLOUD Act
Dutch company, outside US jurisdiction
Encrypted
AES-256 at rest, TLS in transit
No training
Your prompts never train a model

Everything you need for AI

From model hosting to a customer-facing API, it is built for developers and businesses who want their AI running on infrastructure they actually control, inside the EU.

100%
EU-hosted

Your data and your models stay on European GPUs. GDPR-friendly by design.

200+
Verified models, ready to serve

Llama, Qwen, DeepSeek, Mistral, FLUX and plenty more. Pick one and it is warm in minutes, with no DevOps on your end.

2 SDK
OpenAI & Anthropic compatible

Point your existing client at the Router and keep your tools. No rewrite, no lock-in.

From zero to a warm endpoint in minutes

No infra to manage. Pick a model, get an OpenAI-compatible URL, ship.

1

Pick a model

Choose from the Model Garden or paste any HuggingFace ID. Set the VRAM and pick an EU GPU.

2

Get your endpoint

We deploy vLLM, run readiness probes, and hand you a warm OpenAI- and Anthropic-compatible URL plus an API key.

3

Route and ship

Point your client at the Router. It auto-routes to a warm instance, idles GPUs when nobody is online, and logs every request.

Built for teams that can't send data away

If a US cloud is off the table, HostYourAI gives you the same developer experience on European infrastructure.

Public sector & government

Citizen data that legally has to stay in the EU, with full auditability.

Regulated enterprise

Finance, healthcare and legal teams under GDPR, DORA and the AI Act.

EU SaaS & scale-ups

Ship AI features your customers trust, without a US sub-processor.

Agencies & integrators

Deliver private AI for clients on infrastructure you can stand behind.

Private by Default

HostYourAI keeps your models, prompts and data on European GPUs. It is built for teams that care about compliance, reliability and real control.

EU-hostedGDPR-friendlyOpenAI-compatiblevLLM-poweredNo lock-in
EU
Full data sovereignty

GPUs and data residency inside Europe. Your prompts never leave the EU.

Open
Models you can audit

Run open-weight models with no black boxes or hidden telemetry.

€0
Scale to zero

GPUs idle when nobody is online, so you only pay for what you run.

Yours
No vendor lock-in

Your infra, your keys, your models. Leave whenever you want.

Frequently asked questions

Can I run this in the EU?

Yes. HostYourAI runs open models on GPUs in European datacenters via vLLM. Your prompts and outputs never leave the EU and there is no US cloud provider in the chain.

Is it GDPR-compliant?

Yes. All processing happens inside the EU, a Data Processing Agreement (DPA) is available and the subprocessor list is public. Open weights also mean no training on your data.

Is the API OpenAI-compatible?

Yes. Point your existing OpenAI or Anthropic client at our Router (https://hostyourai.com/api/v1), change only the base URL and API key. No rewrite, no lock-in.

What does it cost?

Pay-as-you-go on one prepaid credit balance: the shared router per token or a dedicated GPU per hour. Free to start, no minimum, no fixed monthly fee.

Model garden

Works with 390+ open models

Text and image models on dedicated EU GPUs. Every model tested on our own hardware.

Related pages

Explore more about EU-hosted AI on HostYourAI.

Host. Route. Ship.

No credit card required. Pay as you go, cancel anytime.

Start Hosting Free Today