exhaustvalve

πŸ‡ͺπŸ‡Ί European by design.
GDPR-compliant by default.

Data annotation means handing your data β€” often sensitive data β€” to another company. We built exhaustvalve so that decision never keeps you up at night.

Our compliance commitments

Concrete, verifiable practices β€” not just a badge in the footer.

πŸ—ΊοΈ

100% EU Data Residency

Your data is stored and processed exclusively on infrastructure located in the European Economic Area. No offshore transfers, no third-country sub-processors, no exceptions without your written instruction.

πŸ“œ

GDPR-Compliant Processing

We act as your data processor under Article 28 GDPR: we sign Data Processing Agreements, maintain records of processing activities, and process personal data only on your documented instructions.

πŸ‘₯

Vetted In-House Teams

Annotation is performed by employed, NDA-bound annotators trained in data protection β€” not anonymous crowdworkers. Access is role-based and granted per project on a need-to-know basis.

πŸ•΅οΈ

Anonymization & Pseudonymization

We offer PII detection, anonymization, pseudonymization and data masking as part of dataset preparation β€” so personal data can be minimized before annotation even begins.

πŸ”

Security Controls

Encryption in transit and at rest, role-based access control, audit logging, secure clean-room review environments for highly sensitive projects, and verified deletion at project end.

βš–οΈ

EU AI Act Readiness

The EU AI Act sets data-governance requirements for high-risk AI systems, including documentation of training data provenance and quality. Our traceable quality gates and audit trails help you meet them.

What a GDPR-first engagement looks like

  • 1.
    Data Processing Agreement before any data moves.

    Scope, purpose, retention, sub-processing and deletion terms agreed up front, in writing.

  • 2.
    Data minimization review.

    We assess together whether personal data can be anonymized or pseudonymized before annotation.

  • 3.
    Controlled processing environment.

    Project data lives in an access-controlled EEA environment; annotators cannot export, download or copy source data.

  • 4.
    Auditable delivery.

    Quality gates, reviewer sign-offs and processing records are documented and available for your audits.

  • 5.
    Certified deletion.

    At project end, source data and intermediate artifacts are deleted on schedule, with written confirmation.

Why it matters

If you train models on data processed outside the EEA without adequate safeguards, you carry the regulatory risk β€” including fines of up to 4% of global annual turnover under GDPR. Keeping annotation inside the EU removes the hardest questions about international transfers (Chapter V GDPR) before they're asked.

For healthcare, finance, public sector and any consumer-facing AI, EU-resident processing isn't a nice-to-have. It's the cleanest path through procurement, DPIAs and your DPO's checklist.

Bring your DPO. We like the hard questions.

Request our standard Data Processing Agreement, security overview and sub-processor list β€” or book a call with our compliance team alongside your data protection officer.

Request compliance documentation