• How it works
  • Why Locari
  • WhatsApp
  • Pricing
  • FAQ
Log inStart for free
  • How it works
  • Why Locari
  • WhatsApp
  • Pricing
  • FAQ
Start for freeLog in
Security & Compliance

Your data. Your applicants. Secure.

Compliant with Article 22 of the General Data Protection Regulation (GDPR Art. 22). EU storage, EU LLM, end-to-end encrypted.

Start for freeHow we protect data ↓
Eight pillars

How we build security in practice.

Compliance is the legal foundation. Tech is the implementation. The two have to fit together.

Compliance

GDPR Art. 22

No fully automated individual decisions about people. Letting decisions rest solely with you.

2024 DSK three-phase model

Following the three-phase model of the German data protection conference (DSK) from 2024: applicant data is processed in three clearly separated phases. Proof of income only after the viewing, ID copy only before the contract.

EU storage

Database and backups in the EU. A few services (app hosting Vercel, WhatsApp/briefing assistant Anthropic, analytics PostHog) are located in the US, secured via EU standard contractual clauses.

Anti-profiling architecture

No AI scores, no ranking, no personality assessment. Rule-based hard-facts checks against your criteria.

Tech

End-to-end encryption

All applicant communication and every transferred document is encrypted. TLS 1.3 in transit, AES-256 at rest.

EU LLM for applicant data

An EU language model (Mistral, Paris) processes the sensitive applicant data: applicant dialogue, document extraction, classification. No training on your data.

No scoring in the data model

A single criteria helper in the backend checks your hard facts (met / not met). The applicant database has no scoring columns at all — there is no field an automated score could be written to.

Brand continuity

Applicants see you as the landlord, not “Locari” as a third party. No mention of the platform in the applicant process, no data passed on to marketing.

Self-commitment

We commit to the highest standards.

What the law requires, we meet today.

Self-commitment documented, code architecture auditable, data-protection practice open in detail.

GDPRCompliant

Legally required. Active today.

EU storageActive

EU region as the default. Active today.

Data flows

Who has access, and when.

Four paths, each documented. No hidden processors — the full list is in the Trust Center; US services are secured via EU standard contractual clauses.

FromToSafeguard
ApplicantLocari (WhatsApp / email)TLS 1.3 encrypted
LocariLandlord (WhatsApp)TLS 1.3 encrypted
LocariImmoScout24 · KleinanzeigenOAuth authentication
Locari backendEU storage · Mistral LLMEU region · EU language model

No SCHUFA API and no automatic guarantor verification: the applicant brings their own credit report, Locari stores and displays it — without rating it.

How the AI behind it works →

Common security questions

What landlords ask most often.

Where are my data and my applicants’ data stored?

Sensitive applicant data is stored in the EU (EU-certified data centres) and processed by an EU language model (Mistral). A few services — app hosting/CDN (Vercel), the landlord assistant (Anthropic) and analytics (PostHog) — are located in the US and are secured via EU standard contractual clauses (SCC).

Is Locari GDPR-compliant?

Yes. Locari follows GDPR Art. 22 (no fully automated individual decisions about people) and the 2024 DSK three-phase model for applicant data. Letting decisions rest solely with the landlord. The architecture enforces this, not just the terms.

Which LLM does Locari use?

The sensitive applicant data — applicant dialogue, document extraction, classification — is processed by Mistral, hosted in the EU. The landlord assistant (e.g. viewing briefings) additionally uses Claude (Anthropic) via the Vercel AI Gateway; applicant master data (e.g. income, credit indicators) is processed in doing so. No training on applicant data. The full list of services is in the Trust Center.

How is deletion of applicant data handled?

Applicants can request deletion at any time via chat or email — Locari then immediately erases everything, leaving nothing behind: every email, the AI chat history, open tasks. Without such a request, the data of applicants who weren’t chosen is deleted automatically after the letting ends, as soon as it’s no longer needed. The exact period is set out in the privacy policy. Chosen applicants’ data moves into the tenancy context and follows the retention periods that apply there.

What happens when an applicant requests access to their data?

Locari detects an access request under Art. 15 GDPR in every application status — even after rejection or withdrawal. The landlord gets a todo with the statutory one-month deadline; Locari compiles the complete report from the stored data (without AI, word for word from the database), and the landlord confirms delivery with one click. The report is delivered exclusively to the address the applicant communicates from. Deletion is just as simple: a single reply is enough.

Anti-profiling — what does that mean technically?

No ML scores, no personality assessment, no ranking. Locari checks your self-defined hard facts on a rule basis (number of people, income multiple, pets) — the result is met or not met, not a score. More on the anti-profiling architecture.

What sets Locari apart from US providers?

A largely EU stack: EU storage, EU database region, EU operations team and an EU language model (Mistral) for directly processing sensitive applicant data. A few services — such as Vercel and Anthropic for the landlord assistant as well as WhatsApp — are located in the US and are secured via EU standard contractual clauses (SCC). You’ll find the full list of processors in the Trust Center.

Get started

Security isn’t an add-on. It’s the foundation.

At Locari, GDPR, EU storage and anti-profiling are anchored in the code — not hidden in the terms.

Start for freeAnti-profiling in detail

Your personal letting assistant. Locari does the work — you decide.

More info in our Privacy Policy.

Product

  • How it works
  • Artificial intelligence
  • Control via WhatsApp
  • Security
  • Pricing

Company

  • About
  • Why Locari
  • Anti-profiling
  • Changelog
  • Careers
  • Press

Legal

  • Trust Center
  • Privacy Policy
  • Cookie Policy
  • Withdrawal & cancellation
  • Report illegal content
  • Imprint

Contact

  • Get in touch
  • Support & help
  • FAQ
  • Data protection
© Locari. A service by Ametis Digital GmbH.
DEFR