Noxtua

Europe's sovereign legal AI with its own European-trained legal LLM

Tucuvi

Autonomous clinical voice AI agents that call patients and run care workflows

Noxtua

Excellent

25/25

Tucuvi

Excellent

23/25

Score Breakdown

DimensionNoxtuaTucuvi

Data Residency

Where is your data stored and processed?

Noxtua: Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

Tucuvi: EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.

5/5

Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

4/5

EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.

Legal Jurisdiction

Which laws govern the company and your data?

Noxtua: Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

Tucuvi: Incorporated as Tucuvi Care S.L. in Madrid with no US parent, placing it fully within EU/EEA jurisdiction.

5/5

Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

5/5

Incorporated as Tucuvi Care S.L. in Madrid with no US parent, placing it fully within EU/EEA jurisdiction.

Data Retention & Training

Is your data used for model training?

Noxtua: Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

Tucuvi: AI agents are trained on a proprietary manually-labelled dataset rather than on live customer data, and the QMS enforces GDPR/HIPAA data protection; however, no explicit public no-training-on-customer-data guarantee or detailed retention/DPA terms are published, so scored 4 rather than 5.

5/5

Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

4/5

AI agents are trained on a proprietary manually-labelled dataset rather than on live customer data, and the QMS enforces GDPR/HIPAA data protection; however, no explicit public no-training-on-customer-data guarantee or detailed retention/DPA terms are published, so scored 4 rather than 5.

Certifications

ISO 27001, SOC 2, Cyber Essentials, etc.

Noxtua: Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

Tucuvi: Strong, sector-specific stack: ISO/IEC 27001 and SOC 2 plus CE-marked Class IIb Software as a Medical Device under an ISO 13485 QMS, with EU AI Act and BS 30440 alignment. SOC 2 type (I vs II) not publicly specified.

5/5

Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

5/5

Strong, sector-specific stack: ISO/IEC 27001 and SOC 2 plus CE-marked Class IIb Software as a Medical Device under an ISO 13485 QMS, with EU AI Act and BS 30440 alignment. SOC 2 type (I vs II) not publicly specified.

Regulatory Fit

Suitability for regulated industries and professional services

Noxtua: Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

Tucuvi: Purpose-built for regulated EU healthcare and certified as a Class IIb medical device, suitable for hospitals and health systems under EMA/AEMPS oversight and GDPR.

5/5

Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

5/5

Purpose-built for regulated EU healthcare and certified as a Class IIb medical device, suitable for hospitals and health systems under EMA/AEMPS oversight and GDPR.

Total Score

25/25

23/25

Best For

Noxtua

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (ISO 42001, ISO 27001, ISO 27017); regulated industries (BfDI, BaFin); privacy-conscious teams who need strong data retention controls; organisations that need self-hosted or on-premise deployment.

Tucuvi

Best for EU-headquartered organisations needing maximum data sovereignty; organisations requiring broad certification coverage (CE-marked SaMD (Class IIb), ISO 13485, ISO/IEC 27001); regulated industries (AEMPS, EMA); privacy-conscious teams who need strong data retention controls.

Detailed Comparison

Noxtua vs Tucuvi: Trust & Compliance Comparison

Noxtua (Noxtua, DE) scores 25/25 overall with a Gold (Excellent) trust badge. Europe's sovereign legal AI with its own European-trained legal LLM. Tucuvi (Tucuvi, ES) scores 23/25 with a Gold (Excellent) trust badge. Autonomous clinical voice AI agents that call patients and run care workflows.

Dimension-by-Dimension Breakdown

#### Data Residency

Noxtua leads with 5/5 vs 4/5.

●Noxtua (5/5): Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.

●Tucuvi (4/5): EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.

#### Legal Jurisdiction

Both score equally at 5/5.

●Noxtua (5/5): Incorporated in Germany as Noxtua SE (formerly Xayn AG), an EU/EEA entity with no US parent. Designed to meet German professional-secrecy law (§ 43e BRAO, § 203 StGB).

●Tucuvi (5/5): Incorporated as Tucuvi Care S.L. in Madrid with no US parent, placing it fully within EU/EEA jurisdiction.

#### Data Retention & Training

Noxtua leads with 5/5 vs 4/5.

●Noxtua (5/5): Explicitly states customer data is never used to train, retrain or improve AI models, with sovereign/on-premise deployment and enterprise DPA-level controls. Specific configurable retention windows are not publicly detailed but the no-training and isolation posture is strong.

●Tucuvi (4/5): AI agents are trained on a proprietary manually-labelled dataset rather than on live customer data, and the QMS enforces GDPR/HIPAA data protection; however, no explicit public no-training-on-customer-data guarantee or detailed retention/DPA terms are published, so scored 4 rather than 5.

#### Certifications

Both score equally at 5/5.

●Noxtua (5/5): Extensive published certification stack: ISO 42001 (first German company), ISO 27001, 27017, 27018, 9001, plus BSI C5 and TISAX. No SOC 2 (US-oriented), but European sector and AI-specific certifications exceed the baseline.

●Tucuvi (5/5): Strong, sector-specific stack: ISO/IEC 27001 and SOC 2 plus CE-marked Class IIb Software as a Medical Device under an ISO 13485 QMS, with EU AI Act and BS 30440 alignment. SOC 2 type (I vs II) not publicly specified.

#### Regulatory Fit

Both score equally at 5/5.

●Noxtua (5/5): Purpose-built for regulated EU legal work, explicitly meeting attorney confidentiality and professional-secrecy requirements, with backing from major law firms and legal publishers. Suitable for the most demanding EU regulated legal and public-sector use.

●Tucuvi (5/5): Purpose-built for regulated EU healthcare and certified as a Class IIb medical device, suitable for hospitals and health systems under EMA/AEMPS oversight and GDPR.

Certifications at a Glance

Certification	Noxtua	Tucuvi
BSI C5	Yes	No
CE-marked SaMD (Class IIb)	No	Yes
GDPR	No	Yes
HIPAA	No	Yes
ISO 13485	No	Yes
ISO 27001	Yes	No
ISO 27017	Yes	No
ISO 27018	Yes	No
ISO 42001	Yes	No
ISO 9001	Yes	No
ISO/IEC 27001	No	Yes
SOC 2	No	Yes
TISAX	Yes	No

Overall Verdict

Noxtua has a clear trust advantage, scoring 25/25 compared to Tucuvi's 23/25. Noxtua particularly excels in data residency, data retention & training.

Frequently Asked Questions

Which is better for EU compliance, Noxtua or Tucuvi?

Noxtua has a TrustKit score of 25/25 while Tucuvi scores 23/25. Noxtua currently rates higher across data residency, legal jurisdiction, data retention, certifications, and regulatory fit.

How do Noxtua and Tucuvi compare on data residency?

Noxtua scores 5/5 for data residency (Processing occurs exclusively on European infrastructure (Open Telekom Cloud by Deutsche Telekom and IONOS) with no connection to US cloud providers, plus an on-premise deployment option. Best-in-class EU data residency.), while Tucuvi scores 4/5 (EU-incorporated (Spain) and GDPR-compliant, so an EU hosting region is the reasonable expectation for EU customers, but specific data-centre locations and residency commitments are not published publicly — conservatively scored 4 pending confirmation via the Trust Center/DPA.).

Are Noxtua and Tucuvi GDPR compliant?

Both tools are assessed across five compliance dimensions. Noxtua has a regulatory fit score of 5/5 and Tucuvi scores 5/5. Check the full comparison above for a detailed breakdown.

Explore Each Tool