Live200 robots in operation across Europe as of May 2026.Live44 OEM partners and counting. Three new this month.Live11 European countries operational. Germany, Austria, Switzerland, France, Italy, Spain, Netherlands, Denmark, Sweden, Poland, United Kingdom.LiveFirst humanoid on Floor 2, Hamburg senior living. Week 12 of operation.PublishedCost-reduction case with a care group. Double-digit cost offset, year one.Live200 robots in operation across Europe as of May 2026.Live44 OEM partners and counting. Three new this month.Live11 European countries operational. Germany, Austria, Switzerland, France, Italy, Spain, Netherlands, Denmark, Sweden, Poland, United Kingdom.LiveFirst humanoid on Floor 2, Hamburg senior living. Week 12 of operation.PublishedCost-reduction case with a care group. Double-digit cost offset, year one.
werob.

Trust Center

Trust, demonstrable

Last updated 26 May 2026

Overview

werob is a brand of CITO GmbH, headquartered in Hamburg. We deploy service robots from multiple manufacturers into senior care, hospitality, security and facility services, and run them through the werob operations cockpit. Those robots carry our customers' video, sensor and process data. Data is held within the EU, audit logs are traceable, and AI output carries source references. In this mandate, security and data protection are not an add-on. They are a precondition.

Request →

Compliance

Frameworks we work to: in production, in progress, or in ongoing certification.

GDPR

Implemented

BDSG (German Data Protection Act)

Implemented

EU 2023/1230 (Machinery Regulation)

In progress · applies 20 Jan 2027

ISO 13482 (personal care robots)

Aligned

IEC 62443 (industrial cybersecurity)

Aligned

ISO/IEC 27001 (information security)

Implementation in progress

Security

Data residency in the EU

Customer data is processed within the European Union. Multi-region operation for data sovereignty and resilience. Transfers outside the EEA only on the basis of appropriate safeguards under Art. 44 et seq. GDPR.

End-to-end encryption

TLS (1.2 or higher) in transit, AES-256 at rest, automatic redaction of personal data (PII) in video and sensor data.

Immutable audit trail

Every action is recorded in a traceable log. Security-relevant logs are retained for at least one year.

Least-privilege access

Role-based access control (RBAC) from day one, MFA required for administrative accounts, SSO/SAML available, regular review of permissions.

Resilient infrastructure

Regular backups with defined recovery objectives. Disaster-recovery procedures are documented and tested.

Responsible use of AI

No model training on customer data. Tenant isolation: prompts and documents are never shared between customers. AI output stays traceable.

More detail on the Security page.

Documents

What we provide to customers on request. Write to info@werob.de.

Data processing agreement (Art. 28 GDPR)

A ready-to-use DPA template including standard contractual clauses and the current list of subprocessors.

Request →

Security overview

Architecture, encryption, permissions, incident response and business continuity in one document.

Request →

Records of processing activities (Art. 30)

A template in the form your data protection officer presents to the supervisory authority.

Request →

Subprocessors

The current list of subprocessors we engage is available to customers on request. Processing takes place within the EU. Customers are notified at least 30 days before any change.

Request →

Technical and organisational measures

We align our technical and organisational measures with Art. 32 GDPR and ISO/IEC 27001: confidentiality, integrity, availability and resilience of processing. An excerpt:

Organisational

  • Information security policies
  • Roles and responsibilities
  • Supplier and subprocessor management
  • Records of processing activities

Technological

  • Secure authentication (MFA)
  • Use of cryptography
  • Technical vulnerability management
  • Secure software development
  • Logging and monitoring

Physical

  • Access controls at our infrastructure providers
  • Physical security monitoring
  • Protection against environmental threats

Personnel

  • Confidentiality and non-disclosure undertakings
  • Security awareness and training
  • Defined joiner and leaver processes

FAQ

Where is my data stored?
Within the European Union. Any transfer outside the EEA takes place only on the basis of appropriate safeguards under Art. 44 et seq. GDPR.
How is the data encrypted?
In transit with TLS (1.2 or higher), at rest with AES-256.
What about your AI features?
We do not train models on customer data. Prompts and documents are never shared between tenants, and AI output stays traceable.
Do you sign a data processing agreement?
Yes. A DPA template under Art. 28 GDPR including standard contractual clauses is available on request.
Are you ISO 27001 certified?
We align our information security management with ISO/IEC 27001; implementation is in progress. We share the current status on request.
Do you support our own audit?
Yes. We provide the documents listed under “Documents” on request and support due diligence by your officers.
How do I report a vulnerability?
By e-mail to info@werob.de with the subject “Security”. More on the Security page.
Continue: Security · Status · Privacy · Imprint