We designed MountSite from the ground up for use in regulated European professions. Here is our commitment to protecting your data and your clients' data.
These are not aspirations — they are technical and contractual guarantees.
All customer and account data is stored within EU borders. We never transfer personal data to servers outside the EEA without explicit legal basis.
Our primary infrastructure runs on Hetzner data centres in Nuremberg and Falkenstein, Germany — subject to strict German and EU data protection law.
Email content is sent to our AI provider (Anthropic) with zero-retention API settings enabled. Anthropic does not log, store, or use your email content for any purpose after processing.
We do not sell, rent, or share your personal data or your clients' data with any third party for commercial purposes. Full stop.
We maintain logs of all automated actions taken by MountSite on your behalf. You can request a full audit log of your account activity at any time.
If your organisation requires a signed Data Processing Agreement as per GDPR Article 28, we provide one on request. Contact us to receive a DPA within 5 business days.
Upon receiving a valid deletion request, we will remove all personal data associated with your account within 30 days, except data we are legally required to retain (e.g. billing records).
If your organisation requires a signed DPA to use MountSite (common for medical practices, law firms, and notaries), contact us and we'll have one to you within 5 business days.
Request our Data Processing Agreement arrow_forward