How Artifakt handles your data

When you upload a PDF, Artifakt extracts the text using Mistral OCR (France), stores the document and any attachments on an encrypted disk in AWS Frankfurt (eu-central-1), retrieves relevant clauses from the MDR / harmonised-standards corpus via TopK (AWS Frankfurt), and asks Anthropic Claude (Sonnet 4.6 / Haiku 4.5) running inside Amazon Bedrock also in Frankfurt to draft each section. The draft is rendered in your browser over TLS 1.3, every section is labelled AI DRAFT — verify before submission, and the full input + output of every model call is saved to an audit log you can replay. No customer content leaves the European Union.

The first time you press “Generate draft” on an uploaded file:

1. Upload — your browser POSTs the file over TLS 1.3 to api.artifakt.cc. The file is written to an encrypted volume on our application server (Frankfurt). It is never written to a public bucket or CDN.
2. OCR (text extraction) — the file is sent to Mistral AI’s OCR API (France) which returns the extracted text. Mistral processes the document transiently for the API call and does not retain it; we keep only the extracted text in our database, not the original bytes on their side.
3. Retrieval — the extracted text is split into sections; for each section we query TopK (AWS Frankfurt) for the most-relevant regulatory clauses (MDR articles, harmonised-standard excerpts, MDCG guidance). TopK indexes the regulatory corpus only — your uploaded content is never written to the corpus index.
4. Drafting — the section prompt, retrieved clauses, and your manufacturer / device profile are sent to Anthropic Claude (Sonnet 4.6 for drafting, Haiku 4.5 for light tasks) running inside Amazon Bedrock, eu-central-1, using an EU-only cross-region inference profile. Inputs and outputs of every Bedrock call are written to our trace log.
5. Display — the generated draft is streamed back to your browser over TLS 1.3. Every section header carries the AI DRAFT marker. Blocking and non-blocking gaps are highlighted inline; nothing is auto-submitted anywhere.
6. Save — when you click save, the markdown of the draft is persisted in our Postgres database (same Frankfurt volume as the upload). The original file remains accessible to you via the runs list; both honour the retention policy below.

PubMed literature search, if you trigger it, sends only your typed keywords to NCBI (USA) and pulls back public abstracts. IFU content, device-profile data and draft text never leave the EU.

Passwords are not stored by Artifakt directly — they are held inside AWS Cognito (eu-central-1). Multi-factor authentication is enforced for every account.

We treat the AI as a drafting aid, not as a regulated decision-maker. The controls below are designed to keep an RA specialist firmly in the loop.

• AI DRAFT marker on every section. Every block of generated text is labelled “AI DRAFT — verify before submission”. The marker is part of the document model, not just the UI; it is preserved on export.
• Explicit gap flagging. If a clause requires information you have not provided, the assistant emits a structured gap — blocking (Notified Body would reject the submission as-is) or non-blocking (advisory). Counts and a completion percentage are displayed on the run.
• Full audit trail. Every LLM call is recorded with its model version, the prompt sent, the retrieved clauses, and the response received. The trace is replayable from the run page so you can reconstruct exactly how a section was produced. (180-day retention.)
• Customer inputs are NOT used to train models. Bedrock’s contract with AWS prohibits model providers from using Bedrock-API inputs or outputs for training. Mistral OCR receives only the document being extracted and discards it after the response.
• EU-only inference profile. The Bedrock inference profile is the EU cross-region variant — calls are served from eu-central-1 (Frankfurt) and eu-west-1 (Ireland) only; the request never crosses the Atlantic.
• No external citations are auto-inserted. The assistant cites only items from our vetted regulatory corpus (MDR articles, harmonised standards, MDCG guidance) plus any PubMed abstracts you explicitly select. It does not pull from the open web.
• No auto-submission anywhere. Artifakt has no integration that submits documents to a Notified Body or EUDAMED on your behalf. Export is a manual download.
• MFA available. AWS Cognito supports authenticator-app-based second-factor sign-in for every account. During the pilot, enabling MFA is optional and self-service from each user’s account settings; mandatory MFA enrolment is scheduled before general availability.

What Artifakt IS: a drafting tool that accelerates the production of EU MDR technical-documentation sections by retrieving the right regulatory clauses and composing a first-pass draft for your review.

What Artifakt is NOT:

• Not a medical device. Artifakt does not diagnose, treat, or inform individual patient care; it does not fall in the scope of MDR Article 2(1).
• Not a Notified-Body conformity assessment. We do not assess your device’s conformity. A Notified Body must still do that.
• Not a replacement for your QMS. Your quality-management system, person responsible for regulatory compliance (PRRC, MDR Article 15), and human regulatory review remain unconditionally required.
• Not a publisher. Generated drafts are private to your organisation. Nothing is auto-published, auto-submitted, or shared with other customers.

The manufacturer signing up to Artifakt remains the legally-responsible party for any document submitted to a Notified Body.

Inside your organisation:

• Every database query is scoped to the authenticated user, so users in one organisation cannot read another’s runs, attachments, or trace events.
• Role-based access control (Owner, Regulatory admin, Reviewer, Contributor) gates the ability to draft, approve, and manage workspace settings inside your organisation.

Inside ARTIFAKT (the operator):

• Production server access is restricted to a named operator on an SSH key with no password fallback; sudo is logged.
• We do not read your draft content as part of routine operation. If you raise a support request and explicitly opt in we may inspect specific records to reproduce the issue.
• No third-party analytics, fingerprinting, or session-replay tools are loaded in the application.

The full list (with addresses and DPA links) lives on /privacy. In short:

• AWS EMEA (Luxembourg, EU) — Bedrock LLM inference, Cognito for sign-in + MFA, Lightsail for hosting, S3 for backups. All in eu-central-1 (Frankfurt).
• Mistral AI (France) — PDF text extraction.
• TopK (EU on AWS Frankfurt) — vector search over the regulatory corpus.
• DeepL SE (Germany) — translation (e.g. EN → CS).
• Resend, Inc. (Dublin, eu-west-1) — transactional email (password resets only). Ireland is the only EU region Resend currently offers.
• NCBI / NIH (USA) — public-literature search, keywords only; no customer content is sent.

You can delete an individual run from the runs list — the row and any associated attachment files are removed immediately.

You can delete the entire account from Settings → Account. The deletion cascades through every table and removes attachment files from disk. Encrypted nightly backups continue to hold a copy until their normal 30-day rotation expires, at which point the data is irretrievable.

For a controller-initiated bulk deletion (e.g. the manufacturer ending the pilot), write to privacy@artifakt.cc and we will execute and confirm in writing within 30 days.

If something on this page is unclear, write to hello@artifakt.cc for product questions or privacy@artifakt.cc for data-protection questions. Replies within 30 days, per GDPR Article 12.