Noxtua

Europe's sovereign legal AI with its own European-trained legal LLM

PrivateNode

AI specialists for UK professional services — employment law, tax, immigration, and more with zero data retention

Noxtua

Excellent

25/25

PrivateNode

Strong

18/25

Score Breakdown

DimensionNoxtuaPrivateNode

Data Residency

Where is your data stored and processed?

Noxtua: Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

PrivateNode: All infrastructure hosted on Hetzner servers in Germany (EU). Zero US cloud dependency — no AWS, Azure, or GCP. Data stays within the EU at all times.

5/5

Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

5/5

All infrastructure hosted on Hetzner servers in Germany (EU). Zero US cloud dependency — no AWS, Azure, or GCP. Data stays within the EU at all times.

Legal Jurisdiction

Which laws govern the company and your data?

Noxtua: Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

PrivateNode: UK limited company (Twakka Ltd, England & Wales). UK GDPR-equivalent jurisdiction with EU adequacy decision. Not subject to US CLOUD Act. Outside EEA but UK adequacy provides smooth data transfer basis.

5/5

Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

3/5

UK limited company (Twakka Ltd, England & Wales). UK GDPR-equivalent jurisdiction with EU adequacy decision. Not subject to US CLOUD Act. Outside EEA but UK adequacy provides smooth data transfer basis.

Data Retention & Training

Is your data used for model training?

Noxtua: Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

PrivateNode: Explicit zero data retention policy. Conversations are not stored after session ends. No user data used for model training. Single-tenant architecture provides full isolation.

5/5

Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

5/5

Explicit zero data retention policy. Conversations are not stored after session ends. No user data used for model training. Single-tenant architecture provides full isolation.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Noxtua: Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

PrivateNode: No SOC 2 or ISO 27001 certifications publicly confirmed. Hosting provider (Hetzner) holds ISO 27001 certification. Early-stage company; formal certifications would strengthen trust posture.

5/5

Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

1/5

No SOC 2 or ISO 27001 certifications publicly confirmed. Hosting provider (Hetzner) holds ISO 27001 certification. Early-stage company; formal certifications would strengthen trust posture.

Regulatory Fit

Suitability for regulated industries and professional services

Noxtua: Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

PrivateNode: Strong fit for UK regulated professional services. Domain-specific specialists trained on authoritative legislation sources. Zero data retention addresses key GDPR concerns. Suitable for SRA-regulated solicitors and FCA-regulated advisers.

5/5

Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

4/5

Strong fit for UK regulated professional services. Domain-specific specialists trained on authoritative legislation sources. Zero data retention addresses key GDPR concerns. Suitable for SRA-regulated solicitors and FCA-regulated advisers.

Total Score

25/25

18/25

Best For

Noxtua

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (ISO 42001, ISO 27001, ISO 27017); regulated industries (BfDI, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment; enterprises requiring SSO integration.

PrivateNode

Best for regulated industries (ICO, SRA); privacy-conscious teams who need strong data retention controls.

Detailed Comparison

Noxtua vs PrivateNode: Trust & Compliance Comparison

Noxtua (Noxtua, DE) scores 25/25 overall with a Gold (Excellent) trust badge. Europe's sovereign legal AI with its own European-trained legal LLM. PrivateNode (PrivateNode, GB) scores 18/25 with a Silver (Strong) trust badge. AI specialists for UK professional services — employment law, tax, immigration, and more with zero data retention.

Dimension-by-Dimension Breakdown

#### Data Residency

Both score equally at 5/5.

●Noxtua (5/5): Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

●PrivateNode (5/5): All infrastructure hosted on Hetzner servers in Germany (EU). Zero US cloud dependency — no AWS, Azure, or GCP. Data stays within the EU at all times.

#### Legal Jurisdiction

Noxtua leads with 5/5 vs 3/5.

●Noxtua (5/5): Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

●PrivateNode (3/5): UK limited company (Twakka Ltd, England & Wales). UK GDPR-equivalent jurisdiction with EU adequacy decision. Not subject to US CLOUD Act. Outside EEA but UK adequacy provides smooth data transfer basis.

#### Data Retention & Training

Both score equally at 5/5.

●Noxtua (5/5): Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

●PrivateNode (5/5): Explicit zero data retention policy. Conversations are not stored after session ends. No user data used for model training. Single-tenant architecture provides full isolation.

#### Certifications

Noxtua leads with 5/5 vs 1/5.

●Noxtua (5/5): Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

●PrivateNode (1/5): No SOC 2 or ISO 27001 certifications publicly confirmed. Hosting provider (Hetzner) holds ISO 27001 certification. Early-stage company; formal certifications would strengthen trust posture.

#### Regulatory Fit

Noxtua leads with 5/5 vs 4/5.

●Noxtua (5/5): Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

●PrivateNode (4/5): Strong fit for UK regulated professional services. Domain-specific specialists trained on authoritative legislation sources. Zero data retention addresses key GDPR concerns. Suitable for SRA-regulated solicitors and FCA-regulated advisers.

Certifications at a Glance

Certification	Noxtua	PrivateNode
BSI C5	Yes	No
ISO 27001	Yes	No
ISO 27017	Yes	No
ISO 27018	Yes	No
ISO 42001	Yes	No
ISO 9001	Yes	No
TISAX	Yes	No

Overall Verdict

Noxtua has a clear trust advantage, scoring 25/25 compared to PrivateNode's 18/25. Noxtua particularly excels in legal jurisdiction, certifications, regulatory fit.

Frequently Asked Questions

Which is better for EU compliance, Noxtua or PrivateNode?

Noxtua has a TrustKit score of 25/25 while PrivateNode scores 18/25. Noxtua currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Noxtua and PrivateNode compare on data residency?

Noxtua scores 5/5 for data residency (Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.), while PrivateNode scores 5/5 (All infrastructure hosted on Hetzner servers in Germany (EU). Zero US cloud dependency — no AWS, Azure, or GCP. Data stays within the EU at all times.).

Are Noxtua and PrivateNode GDPR compliant?

Both tools are assessed across five compliance dimensions. Noxtua has a regulatory fit score of 5/5 and PrivateNode scores 4/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool