Founder offer · −50 % the first year, then −20 % the second year · −25 % more on annual.
Security & trust · Trust Center

Your AI know-how stays with you: controlled, traceable and exportable.

Marylink separates spacesSpaceA workspace by domain or topic where a team publishes, shares and governs its practices., manages rights, tracks versions, and can evolve from European SaaS to a dedicated instance to match your requirements.

To decide · the essentials

8 guarantees, readable in one look.

What protects your know-how, said plainly. The technical detail for your IT & security teams follows, below.

🇪🇺Hosted in the European UnionServers in Germany, partitioned per customer.
No third-party trainingYour data trains no model and is never resold.
Encryption in transitTLS 1.3 in transit. Encrypted backups at rest.
Living traceabilityEvery action logged and versioned, auditable.
Reversible, no lock-inNative PDF export, open graph export (ZIP) and MCPMCPModel Context Protocol: the open standard that connects an AI assistant (Claude, etc.) directly to your Marylink space. access. You leave with your asset.
Strict partitioningPer-customer isolation. Your data is never mixed.
For your IT / security teams · Trust Center

Current status and trajectory, straight.

What's in place today, and what's planned. We don't claim any certification we haven't earned.

AreaStatusDetail
HostingIn place

European Union (Germany), isolated per client.

EncryptionIn place

TLS 1.3 in transit; encrypted backups at rest.

Third-party model trainingNever

Your data is never used to train third-party models, and never resold.

Rights & accessIn place

By space, role, group and validation step.

TraceabilityIn place

Every action logged and versioned, auditable.

ReversibilityIn place

Native PDF export, open graph export (ZIP) and MCP access. No proprietary lock-in.

GDPR & AI ActBy design

Built for the traceability and control required by GDPR and the AI Act.

SOC 2 / ISO 27001Trajectory

On the trajectory. Documented, not yet claimed.

📄 Download the security dossier (PDF)

Access control & traceability

Who sees what, who can act, and what changed.

Permissions are set per space and per validation step. Every notable change is surfaced and logged.

Rights per space and per step. Who can submit, edit, review, and who can only view.
Living traceability. Every notable change to a practice is detected, scored and logged.
Sub-processors & hosting

Who processes your data, and where.

Our main sub-processors, their role and location. Transfer safeguards are set out in the DPA, provided with the contract. This list may evolve.

Sub-processorRoleLocation
HetznerInfrastructure hosting (servers, encrypted backups)🇪🇺 Germany (EU)
AI model providersInference on the request context only, never third-party training🇪🇺 European region
StripeSubscription payment & billing🇪🇺 EU entity (Stripe Payments Europe)
BrevoTransactional emails & notifications🇪🇺 France (EU)

Availability & monitoring

Continuous monitoring (HTTP, TLS, certificates) with alerts, encrypted backups and a tested restore drill. High availability target; service status and detailed SLA shared in a review.

IT / security answers

The questions that block a review, straight.

No certification we don't have. Precise answers, and the rest on your case.

Where is the data, and how is it protected?

European infrastructure (servers in Germany), operated by Marylink; no data outside the EU in normal operation. TLS 1.3 in transit, backups encrypted at rest (restic), strict application-level isolation per client.

Which AI models, and does my data leave?

Models bound by contract, operated in-region (Europe) depending on the plan. Only the context needed for a request is sent to the provider, under their enterprise terms, and never to train third-party models.

Authentication, SSO and rights?

Named accounts, strong passwords, granular rights by space, role, group and validation step. SSO/SAML and provisioning are scoped for enterprise — let's cover it in a security review.

Export, reversibility and deletion?

Native PDF export and MCP access to your practices from your own systems and agents; a structured graph export (open ZIP: JSON, anonymized CSV and Markdown, GDPR art. 20 compliant) is available. On request: full export, then deletion of data and backups on the schedule agreed in the contract. No lock-in: you leave with your asset.

In case of an incident?

A documented incident-management procedure, with client notification within the agreed timeframe. Detailed in a security review, with the DPA and sub-processor list provided with the contract.

📄 Get the security dossierScope a dedicated instance →

“Marylink separates your know-how from the AI model. Change AI without losing the asset.
The MCP standard connects your practices to your assistants. The asset stays with you, governed and exportable (native PDF).
Reversibility, concretely

Your practices stay yours, exportable in one click.

app.marylink.net
The action menu of a Marylink publication: adopt, organize, clone, export to PDF or Word, use in a tool or workflow
Every publication: clone it, export to PDF or Word, or run it in your tools or agents via MCP. No proprietary lock-in.
For a large account · dedicated architecture

From European SaaS to a dedicated instance, as your stakes grow.

Most teams start on the European SaaS, shared and kept up to date. Organizations with strong requirements — public sector, healthcare, finance, sensitive mid-market — move to a dedicated instance, an isolated database, then the cloud of their choice or on-premise. The right level isn't imposed: it's framed with your CIO and your CISO.

Dedicated instance Isolated database Dedicated / on-premise deployment Stack framed with your CIO

Always the same product foundation, deployed for you — not a solution recoded for each client. You keep a product that gets updated; you gain the isolation, control of your know-how and branding you need. A 30-day pilot; a dedicated infrastructure if the stakes turn strategic.

Let’s talk security, no filter.

Execs, IT leaders, counsel: talk directly with a founder about your trust and compliance requirements.

🇪🇺 Europe · GDPR Without changing your tools Born from research