Your data stays yours
You're uploading real business data โ revenue, costs, customer information. We take that seriously. Here's exactly how we handle it.
European Data Centers
All data is stored and processed in AWS eu-central-1 (Frankfurt, Germany). Your business data never leaves the EU. We don't use US-based storage, and we don't have transfer agreements that would route your data outside European jurisdiction.
Data Ownership
You can export your complete dataset at any time in CSV format. You can delete your account and all associated data with a single request โ we'll confirm deletion within 48 hours. We do not train AI or ML models on your data, ever.
Compliance
Milton is built with GDPR compliance as a foundation, not an afterthought. All data at rest is encrypted with AES-256. All data in transit is encrypted with TLS 1.3. We maintain a data processing register and can provide a Data Processing Agreement (DPA) on request.
Access Control
Every piece of data in Milton is scoped to a single company. Row-level security at the database level means it is architecturally impossible for one company's data to be accessible by another. There is no cross-tenant data access โ not even for our support team without explicit permission.
Technical specifics
Our approach in plain English
We don't sell your data. Not to advertisers, not to aggregators, not to anyone. Your business data is private โ that's the product.
We don't use your data to train AI models. The AI in Milton uses OpenAI's API for classification and Q&A. Your data is sent to OpenAI as part of query processing (covered under their data processing terms), but it is not retained or used for model training by either party.
We don't have engineers poking around in your data unless you ask us to. Support access is logged and requires explicit permission.
Security questions or concerns?
We respond to all security inquiries within 24 hours.
security@usemilton.com โ