{ "site": { "name": "Fink Labs", "summary": "Fink Labs builds secure AI automation for modern workflows.", "languages": ["en", "de"], "machineReadableResources": [ "/llms.txt", "/site-content.md", "/site-content.json", "/sitemap.xml", "/robots.txt" ] }, "routes": [ { "path": "/", "title": "Fink Labs - Secure AI automation", "description": "Secure AI automation for modern workflows.", "sections": [ { "id": "hero", "heading": "Intelligent automation for modern workflows", "body": [ "Fink Labs builds automation that removes busywork and makes workflows more reliable.", "Security is part of every workflow: access, data handling, and audit trails are defined before anything runs." ] }, { "id": "process", "heading": "Process", "items": [ { "title": "Understand the process", "description": "We clarify which tasks repeat, which data is needed, and where mistakes usually happen." }, { "title": "Build the workflow", "description": "The rules become a workflow that connects to the systems your team already uses." }, { "title": "Put it to work", "description": "We test, hand over, and adjust the workflow until it runs reliably in daily work." } ] }, { "id": "live-task-flow", "heading": "Customer tasks handled automatically", "body": [ "Requests come in, the right workflow starts, and the task moves forward without manual handoffs." ], "examples": [ "Invoice copy request", "CRM contact address update", "Shipping status follow-up", "Payment reminder", "Contract handover note", "Onboarding checklist", "Support priority validation" ] }, { "id": "technical-capabilities", "heading": "Technical capabilities", "items": [ { "title": "Accelerated implementation", "description": "Automate administrative and operational tasks quickly." }, { "title": "Enterprise level", "description": "Use tested architectures for mission-critical business environments." }, { "title": "Cost reduction", "description": "Scale capacity without increasing headcount." }, { "title": "Smart adapters", "description": "Middleware connects with modern APIs and legacy databases." } ] }, { "id": "security-controls", "heading": "Security controls", "body": [ "When automation touches business data, security has to be accounted for from the start. Access, storage, and audit trails are clearly defined." ], "items": [ { "title": "Encrypted data paths", "description": "Transport and stored application data are protected through encrypted infrastructure." }, { "title": "Role-based access", "description": "Authenticated roles and admin-only routes limit who can reach sensitive actions." }, { "title": "Audit logging", "description": "Sensitive admin and workflow actions are recorded for traceability." }, { "title": "Compliance alignment", "description": "Controls are designed around GDPR, SOC 2, HIPAA, ISO 27001 and revDSG requirements." } ] } ] }, { "path": "/security", "title": "Fink Labs Security Center", "description": "Security architecture, data residency posture, processor controls, audit logging, encryption, and compliance alignment.", "sections": [ { "id": "infrastructure", "heading": "Built for European data boundaries", "body": [ "Production deployments are designed around Swiss and EU infrastructure, access boundaries, encrypted storage, and documented processor controls." ], "principles": [ { "title": "EU/CH data residency", "description": "Customer workloads can be scoped to Swiss and European infrastructure regions with documented processor and residency controls." }, { "title": "Encryption in transit and at rest", "description": "Application data is protected with encrypted transport and encrypted storage infrastructure." }, { "title": "Role-based access control", "description": "Sensitive routes require authenticated roles, and admin actions are recorded for auditability." } ] }, { "id": "compliance-position", "heading": "Infrastructure compliance position", "items": [ { "title": "SOC 2 Type II infrastructure", "description": "Production backend workloads are hosted on cloud infrastructure audited under SOC 2 Type II controls." }, { "title": "HIPAA / ISO 27001 control alignment", "description": "Security controls are designed to support customer requirements commonly mapped to HIPAA and ISO 27001 frameworks." }, { "title": "GDPR / revDSG data protection", "description": "Data handling and residency are structured for Swiss and European privacy requirements." } ], "certificationNote": "Fink Labs is not currently SOC 2 certified. Treat SOC 2 references as infrastructure and control alignment unless a certification is explicitly stated." }, { "id": "subprocessors", "heading": "Subprocessors", "items": [ { "name": "Amazon Web Services (AWS)", "purpose": "Backend hosting and core infrastructure operations.", "dateAdded": "2026-02-21" }, { "name": "Amazon Bedrock via AWS", "purpose": "AI inference for approved model workloads in Switzerland and EU regions.", "dateAdded": "2026-02-21" } ] }, { "id": "faq", "heading": "Security FAQ", "items": [ { "question": "Where is your backend hosted?", "answer": "The backend is designed to run on hardened Swiss infrastructure, with controlled network access, encrypted storage, and restricted administrative access." }, { "question": "Where can AI data processing take place?", "answer": "Approved AI workloads are designed to stay in Switzerland or the European Union. Zurich and Frankfurt regions are prioritized when available." }, { "question": "Are you SOC 2 compliant?", "answer": "Fink Labs is not currently SOC 2 certified. Backend workloads are hosted on SOC 2 Type II-audited infrastructure, and internal controls are SOC 2-aligned." }, { "question": "Which security standards and regulations do you support?", "answer": "Infrastructure and policies are designed around SOC 2, HIPAA, ISO 27001, revDSG, and GDPR requirements, with documented controls and regular security reviews." }, { "question": "How is customer data protected in transit and at rest?", "answer": "Customer data is protected with encrypted transport, encrypted storage infrastructure, role-based access control, and audit logging for confidentiality, integrity, and traceability." }, { "question": "Do you provide security documentation for procurement and legal review?", "answer": "Documentation such as compliance evidence, a subprocessor overview, and contractual security terms can be provided as part of due diligence and onboarding." } ] } ] }, { "path": "/apply", "title": "Apply - Fink Labs", "description": "Project inquiry form for teams that want to discuss secure workflow automation." } ], "agentGuidance": [ "Use /site-content.json for structured extraction.", "Use /site-content.md or /llms.txt for concise semantic text.", "The visible application is a React single-page app. Browser agents can inspect the rendered UI; curl-only agents should use the machine-readable resources.", "Do not infer certification from compliance alignment. Treat SOC 2, HIPAA, ISO 27001, GDPR and revDSG language as control alignment unless a certification is explicitly stated." ] }