Question 1

What happens if I downgrade from Teams to Pro?

Accepted Answer

Your existing encrypted documents stay encrypted and remain fully readable. Nothing breaks. New documents you create will simply be saved without field-level encryption. If you upgrade again later, new documents will be encrypted automatically.

Question 2

Does encryption slow down the app?

Accepted Answer

No noticeable difference. Modern encryption (AES-256-GCM) operates at gigabytes-per-second speeds. The added latency is measured in single-digit milliseconds, far less than network round-trip time.

Question 3

Can Crismo's AI features still work with encrypted data?

Accepted Answer

Yes. When your data needs to be processed by AI (e.g., transcript analysis, design session chat), it's decrypted server-side within Crismo's secure infrastructure, processed, and the result is re-encrypted before storage. The AI provider (Anthropic Claude) receives data over an encrypted connection but does not store it.

Question 4

What about real-time collaboration?

Accepted Answer

Collaboration works exactly as before. When multiple team members edit a diagram simultaneously, the updates are encrypted on each person's device, transmitted through Crismo's relay server (which never decrypts them), and decrypted on each collaborator's device. The relay server is blind to the content.

Question 5

What is End-to-End Encryption (Crismo Vault)?

Accepted Answer

This is a future Enterprise feature where encryption keys never leave your devices. Not even Crismo's servers can read your data. This provides the highest level of security but requires disabling server-side AI features (since the server can't process what it can't read). We're evaluating this for customers in highly regulated industries.

Question 6

Where exactly is my data stored?

Accepted Answer

All production user data stays within the European Union. Database (Firestore) runs in the EU multi-region (Frankfurt & Netherlands). File storage uses the EU dual-region (Netherlands & Finland). Application servers run in Belgium (europe-west1). Authentication is managed globally by Google Cloud (Firebase Auth).

Question 7

What compliance standards does this support?

Accepted Answer

These features support requirements for ISO 27001 (information security management), SOC 2 Type II (trust services criteria), GDPR (data protection, EU residency, encryption as a technical measure under Article 32), HIPAA (healthcare data), and financial services regulations (customer-managed keys for data sovereignty).

Feature	Free	Pro	Teams	Enterprise
EU data residency
Encryption at rest (AES-256)
Encryption in transit (TLS)
Security headers
Field-level encryption
Customer-managed keys (CMEK)

Your process data, fully protected

EU data residency

Data encryption

Encrypted at application layer (Teams+)

Standard protection (all plans)

Plan comparison

Transparent encryption

Security FAQ

Start with enterprise-grade security on day one

Service	Location	Region
Database (Firestore)	EU multi-region	Frankfurt & Netherlands (eur3)
File storage	EU dual-region	Netherlands & Finland (EUR4)
Application servers	EU	Belgium (europe-west1)
Authentication	Global	Google Cloud (Firebase Auth)