Data handling
Finding data is stored in the EU. Role-based access, audit log and tokenized API access.
Product
Security & trust
Puida Oy builds for regulated customers — security is built in, not bolted on.
GDPR
We operate under your instructions as controller. A DPA is available on request.
ISO 27001 (target)
Security controls are documented toward certification. A 2026 roadmap is shared with pilots.
What we store
Static screenshots, selectors, HTTP paths. No payment-card or personal data by default.
Accessibility
Toiste itself is tested against EN 301 549. Our accessibility statement is published.
Alignment
Built on regulation, not around it
EN 301 549
Tests mapped directly to the European harmonized standard.
WCAG 2.2 AA
Criteria documented at journey and component level.
Digital Services Act (FI)
Scope, obligations, and exemptions reflected.
Traficom
Designed for Finland's supervising authority.
GDPR
EU data processing and role-based access.
ISO 27001 (target)
Security controls documented toward certification.
Ready to turn accessibility into an evidence trail?
The pilot audit covers one service, 2–3 critical journeys, a backlog, a statement draft, and 30 days of monitoring.
- EN 301 549
- Traficom
- 14 pv SLA
- Evidence pack