Security and compliance built for regulated finance

Archilu is offered as a SaaS service operated from Luxembourg, with data hosted within controlled environments in the European Union. For organisations that require it, Archilu can also be deployed on-premise, so the platform and its data remain entirely within infrastructure you control.

In either model, the goal is the same: your enterprise architecture data — capabilities, applications, risks and roadmaps — stays under your control and within the European legal framework.

MIP-IT SARL processes personal data in line with Regulation (EU) 2016/679 (GDPR). We collect only the data that is strictly necessary, apply technical and organisational measures intended to prevent unauthorised access, alteration, loss or disclosure, and limit access to authorised personnel.

You can exercise your access, rectification, deletion, restriction, objection and portability rights at any time. For the full detail of how we process personal data, see our privacy policy.

Archilu serves regulated finance, where operational resilience and clear architecture documentation are expected. The platform is designed with that context in mind, including the kinds of architecture artefacts commonly relevant to operational-resilience frameworks such as DORA and to supervision by authorities such as the CSSF.

Archilu is an enterprise architecture and documentation tool. It is not legal, regulatory or compliance advice, and it does not represent the full text of any regulation. The obligations that apply depend on your specific entity, sector and scope, which you should confirm with qualified legal and compliance advice.

Archilu is built to give business, IT, risk and compliance teams a single, shared view of the information system and its transformation. Governance of architecture content — who can see and change what — is part of how the platform is designed to support regulated organisations.

We do not claim specific certifications (such as ISO 27001 or SOC 2) or formal compliance attestations unless they have been formally validated. We would rather be transparent than overstate our posture.

Pursuing recognised certifications to further reduce the compliance barrier for regulated institutions is part of our intended roadmap. We do not commit to specific dates or scopes here, and we will only describe a certification as held once it has actually been obtained.

For security, data-protection or compliance questions about Archilu, contact MIP-IT SARL, the company that operates Archilu (ARCHILU.COM) from Luxembourg.