Built for enterprise

Built for enterprise. Designed for Europe.

Fizzylemon is a Dutch company serving enterprise customers across the EU. Privacy, security, and responsible AI are not add-ons - they are part of how the platform was designed from day one. This page explains what we do to protect your data and your learners, in plain language.

Your data stays in Europe

All learner data - session transcripts, coaching results, account information - is stored and processed within the EU. We use Microsoft Azure infrastructure in Dublin (primary) with replicas in Paris and Amsterdam.

The AI coaching analysis that runs after each session uses Azure OpenAI models deployed in Microsoft's EU Data Zone. Processing stays within European borders at every stage of the platform, from the moment a learner logs in to the coaching report they receive at the end.

The live avatar conversation runs on fully EU-hosted infrastructure. No learner data is routed outside the EU.

Privacy and GDPR

Fizzylemon processes personal data as a data processor on behalf of your organisation. You remain in control.

We sign a Data Processing Agreement (DPA) with every enterprise customer, meeting all GDPR/AVG requirements.
Learner session transcripts are visible only to the learner themselves. Administrators see aggregate results and scores - not individual transcripts or coaching narratives.
We do not use your data or your learners' sessions to train AI models. Not ours, not anyone else's.
We will delete or return all customer data within 30 days of contract end.
In the event of a personal data breach, we notify you within 48 hours, in line with Article 33 GDPR.

Responsible AI - what we do and don't do

Fizzylemon is classified as Limited Risk under the EU AI Act (Regulation 2024/1689). This means our primary obligation is transparency, and we take that seriously.

What we do

Tell every learner they are speaking with an AI avatar, not a human.
Label all AI-generated coaching feedback clearly as AI output.
Keep a human in the loop: coaching feedback is advisory and developmental. The platform makes no decisions about hiring, promotion, or performance appraisal.

What we don't do

We do not record video of learners. Learners see a video avatar; no video of the learner is captured or stored.
We do not analyse facial expressions or emotions. The avatar's visual perception layer is switched off. Learners can also run sessions in audio-only mode.
We do not produce decisions with significant consequences for individuals. Coaching scores are developmental guidance, not authoritative assessments.

Security measures

Fizzylemon runs on Microsoft Azure, one of the most certified cloud platforms in the world. Azure infrastructure is ISO 27001 and ISO 27018 certified.

At the platform level:

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Access requires multi-factor authentication for administrators.
The platform is protected by a Web Application Firewall and segregated virtual networks.
Secrets and certificates are managed centrally via Azure Key Vault.
Databases are backed up with a 30-day point-in-time restore window and geo-replicated to a secondary EU region.
Security monitoring is active 24/7 for anomalous access, SQL injection, and brute-force attempts.

Fizzylemon maintains an Information Security Management System (ISMS) aligned with ISO 27001:2022. Our security documentation - policies, risk assessments, and audit records - is available to enterprise customers on request.

Integrations and access control

Fizzylemon integrates with your existing infrastructure without creating new security perimeters.

LMS integration: Full LTI 1.3 support for learning management systems. Authentication flows through your LMS; we do not manage learner credentials.
SSO/OIDC: Learners authenticate through your organisation's identity provider. Passwords are not stored in Fizzylemon.
Role-based access: Learners see only their own data. Administrators see aggregate data for their organisation only.