What FlexOrch supports
The table below summarizes the compliance capabilities built into every FlexOrch pipeline.| Regulation | What FlexOrch provides |
|---|---|
| KVKK | Turkish PII type detection (7 types), masking before export, full audit trail |
| GDPR | 46 EU/US PII types detected, Article 30 ROPA record generation, data minimization via masking |
| NIS2 | Audit log export in JSON and CSV for incident documentation |
| eIDAS | Electronic signature format detection — XAdES, PAdES, and CAdES — recorded in execution metadata |
How FlexOrch handles your data
Understanding how your documents and PII are stored and processed is itself a compliance concern. FlexOrch applies the following defaults across all plans:- Retention — Uploaded documents are stored only for the retention period defined by your plan, then permanently deleted.
- Masking — PII is masked before dataset export by default. Raw values never appear in exported training data.
- Audit logging — Every pipeline execution is logged and available for export. No events are silently discarded.
- Third-party sharing — No document content is shared with third-party services unless you configure a BYO LLM key.
Compliance guides
GDPR Article 30
Generate a GDPR-compliant Record of Processing Activities (ROPA) from your pipeline data.
KVKK
Detect and mask Turkish personal data types and export an audit trail for KVKK compliance.
NIS2 Audit Export
Export your audit log in JSON or CSV to support NIS2 incident documentation requirements.
eIDAS
Detect eIDAS-compliant electronic signature formats — XAdES, PAdES, and CAdES — in processed documents.