EU-hosted data

Keep Training
Data in Europe.

Built by a team in Finland and hosted 100% in the EU. Your training data, participant records, invoices, certificates, and audit logs stay under European rules.

Book a Demo EU hosting arrow_forward

Hosting

100% EU

CLOUD Act

Immune

API Access

Open

Security & Compliance

Compliance Posture

Secure
verified_user

GDPR

Architectural
shield

CLOUD Act

Immune
policy

NIS2 / DORA

Compliant
dns

Data Residency

EU-Only
api

REST / GraphQL API

ONLINE

The new tool stalls in legal review

You pick a platform, then it sits for weeks while compliance asks where the data lives and who can reach it. With a US-hosted vendor, the answer is rarely a clean yes.

gavel

“We need a clear answer on where training data is stored and who can access it.”

Customers and auditors increasingly ask where training data is stored and who can access it.

What compliance teams face

Vendors with CLOUD Act exposure.

GDPR handled as paperwork, not daily practice.

NIS2, DORA, EU Data Act deadlines approaching.

cloud_off

CLOUD Act Exposure

US-headquartered vendors fall under the CLOUD Act regardless of where data is stored. Your data may be accessible to US authorities.

security

GDPR as a Checkbox

Most platforms treat GDPR as a setting, not as how the system is built. A data-residency "option" is not the same as data that stays in the EU.

integration_instructions

Closed Ecosystems

Limited API access creates vendor lock-in. Data export is restricted and integrations require expensive custom work.

update

Regulation Is Tightening

NIS2, DORA, and the EU Data Act raise the bar for how data is handled and moved. A platform that is not ready for them now will leave you with gaps.

A CompetenceFlow team member standing against a wood-panelled wall in the Oulu office in Finland

European compliance built in, not bolted on

Hosting, APIs, audit trails, access control. Every layer is European by default.

lock

Step 01

EU-Native Hosting

100% EU-hosted. Data never leaves European jurisdiction. Immune to the U.S. CLOUD Act.

api

Step 02

Open REST/GraphQL APIs

Full API access to your stack. Connect to any LMS, CRM, or accounting system. Data always exportable.

history

Step 03

Immutable Audit Trails

Every action recorded in an immutable audit trail. Full provenance for regulatory review.

admin_panel_settings

Step 04

RBAC with Regional e-ID

Granular permissions at organisation, department, and role level. SSO + BankID + FTN + regional e-ID.

EU regulations: what's coming

CompetenceFlow keeps these requirements connected to the training records themselves.

Regulation
Timeline
Key Requirements
CompetenceFlow Response

NIS2 Directive

Effective 2024
Supply-chain security, incident reporting, risk management for essential/important entities
Immutable audit trails, incident logging, RBAC enforcement

DORA

Effective 2025
ICT risk management, digital operational resilience, third-party risk oversight
EU-native hosting, full data portability, transparent SLA

EU Data Act

2025–2027
Data portability, interoperability, fair access, switching rights
Open APIs, standard data export, no vendor lock-in

Compliance by region

Region-specific compliance, identity, and integrations, all covered.

N

Nordics

Identity

Swedish BankID, Norwegian BankID, Finnish Trust Network (FTN)

Finance Integration

Visma (Netvisor, Tripletex, e-conomic) • Fortnox

Credential Registers

Taitorekisteri (Finland) • SSG Skillnation • ID06

D

DACH

Compliance

GoBD-compliant audit trails • BSI C5 ready • AZAV workflow support

Finance Integration

DATEV • SKR03/04 • ZUGFeRD e-invoicing

Audit Trail

Journal entries you cannot rewrite • Full provenance chain

F

France

Cloud Standard

SecNumCloud alignment • EU-hosted infrastructure

Quality Framework

Qualiopi audit-ready workflows • Evidence trail generation

E-Invoicing

Factur-X • Peppol • Machine-readable formats

lock_open Transparency & Portability

Transparent SaaS. Your data is always yours.

No hidden costs. No vendor lock-in. Full data export at any time. Annual contracts with a standard exit clause.

See Pricing arrow_forward

Open APIs. No lock-in.

Full access to your data. Connect to any system in your stack.

api

CompetenceFlow API

v2 • REST • GraphQL

REST GraphQL JSON-native Webhooks OAuth 2.0
GET /api/v2/sessions
POST /api/v2/credentials/export
GQL /graphql · full query access

JSON-native • OAuth 2.0 • Webhook support • Full data export in JSON/CSV

Data Export

Full, anytime

No-Code Builder

Drag-and-drop connectors

Vendor Lock-in

Zero

Core features

Where European control shows up in the workflow

EU hosting and auditability are not separate from the product. They protect the records that matter: course bookings, participant data, trainer qualifications, invoices, certificates, and renewal messages.

event_available

Course management

Build course dates, set capacity, assign rooms, and keep participant lists up to date.

See feature arrow_forward
shopping_cart

Online booking

Let customers book one seat or a whole group, then collect participant details later.

See feature arrow_forward
groups

Trainer management

Give trainers their courses, participant lists, attendance, materials, and feedback.

See feature arrow_forward
receipt_long

Invoicing & finance

Turn bookings and attendance into invoices, with checks before month-end.

See feature arrow_forward
campaign

Renewals & messaging

Send joining instructions, reminders, certificate expiry messages, and renewal links.

See feature arrow_forward

Common Questions

Answers to the concerns we hear most from training providers evaluating a platform change.

A platform your compliance
team can approve.

Built by a team in Finland. Hosted in Europe. Compliant with European regulation. See it in action.

Book a Demo EU hosting & data residency