Compliance & Governance
Operating globally under US jurisdiction while maintaining EU data sovereignty standards. Our compliance framework ensures legal certainty, data protection, and operational excellence across all jurisdictions.
This page outlines our commitment to regulatory compliance, security certifications, ethical business practices, and transparent governance structures.
01. Compliance Overview
FW Delta LLC operates under a comprehensive compliance framework that balances global operational agility with strict adherence to regional data protection and regulatory requirements.
US Legal Entity
Registered in Wyoming, USA. Governed by US commercial law, Wyoming LLC Act, and federal regulations. Provides flexibility, IP protection, and international scalability.
EU Data Residency
All client data processed on EU-based infrastructure (Germany, Finland). GDPR-compliant by design. No US cloud providers for personal data storage.
Hybrid Compliance Model
This structure allows us to combine the operational advantages of US incorporation (flexible contracts, lower overhead, international banking) with the data protection standards our European clients expect and require.
02. Corporate Governance Structure
FW Delta LLC maintains a lean, efficient governance structure appropriate for a location-independent professional services firm.
Management Structure
Managing Member: Fabian Weiss – Responsible for strategic direction, operations, and compliance oversight
Compliance Officer: Fabian Weiss – Ensures adherence to GDPR, export controls, and ethical standards
Data Protection Officer: Fabian Weiss – Point of contact for data subject rights and supervisory authorities
Operational Model
- Remote-First: No physical offices. Global talent recruitment based on merit.
- Agile Decision-Making: Flat hierarchy enables rapid response to market changes.
- Client-Centric: Direct communication between decision-makers and clients.
03. Data Sovereignty & Infrastructure
100% EU Data Residency
We maintain a strict separation between legal entity jurisdiction and data processing location. All client data remains within the European Union at all times, processed on infrastructure located in Germany and Finland.
Technical Implementation:
Primary Infrastructure
Provider: Hetzner Online GmbH (Germany)
Locations: Falkenstein, Germany; Nuremberg, Germany; Helsinki, Finland
Certifications: ISO/IEC 27001:2022 certified Infrastructure, GDPR-compliant DPA
We utilize bare-metal dedicated servers and private networking. No shared cloud infrastructure. Full control over data processing environment.
Security Architecture
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Encrypted daily backups with geographic redundancy
- Dedicated firewall with strict ingress/egress rules
- 24/7 intrusion detection and monitoring
04. GDPR Compliance Framework
Despite being a US-registered entity, we voluntarily comply with the EU General Data Protection Regulation for all personal data processing activities.
Data Processing Principles
- Lawfulness, fairness, transparency
- Purpose limitation
- Data minimization
- Accuracy and up-to-date
- Storage limitation
- Integrity and confidentiality
Data Subject Rights
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right to withdraw consent
EU Representative
In accordance with Art. 27 GDPR, we have appointed an EU representative to serve as a point of contact for EU data subjects and supervisory authorities.
Representative details are available upon request. Contact: fw@fwdelta.com
05. Security Standards & Certifications
We implement comprehensive technical and organizational measures in accordance with Art. 32 GDPR and industry best practices.
ISO/IEC 27001:2022
Infrastructure ProviderInformation Security Management System via Hetzner Online GmbH
GDPR Compliant
VerifiedFull compliance with EU General Data Protection Regulation
Standard Contractual Clauses
ImplementedEU Commission-approved SCCs for international data transfers
PCI DSS Level 1
Payment ProcessorPayment card data handled exclusively by certified third parties
06. Tax & Fiscal Compliance
FW Delta LLC is a US tax resident and maintains full transparency with tax authorities in all operating jurisdictions.
US Tax Compliance
As a Wyoming LLC, we are subject to US federal taxation. We file annual tax returns with the IRS and maintain compliant accounting records in accordance with US GAAP principles.
- IRS Form 1065 (Partnership Return) filed annually
- Registered Agent in Wyoming for legal correspondence
- Annual Report filed with Wyoming Secretary of State
International B2B Invoicing (Reverse Charge)
For B2B clients in the European Union, we apply the Reverse Charge Mechanism in accordance with Art. 196 EU VAT Directive.
How it works: Services are invoiced net (without VAT). The tax liability shifts to the recipient (your company). You report and pay VAT in your country.
Requirements: Valid VAT ID required for all EU B2B clients. We verify VAT IDs via VIES system.
Benefits: No VAT pre-financing needed. Simplified cross-border transactions. Improved cash flow.
Note: Swiss clients (non-EU) receive invoices according to Swiss VAT regulations. For B2C transactions, applicable consumer VAT may apply.
Transfer Pricing & Documentation
We maintain appropriate transfer pricing documentation and operate at arm's length in accordance with OECD guidelines, though as a single-entity LLC with no subsidiaries, complex transfer pricing scenarios do not typically arise.
07. Export Control & Trade Compliance
As a US entity providing technology services, we comply with US Export Administration Regulations (EAR) and OFAC sanctions programs.
Sanctions Screening
We do not conduct business with individuals or entities on the OFAC Specially Designated Nationals (SDN) List or other restricted party lists. All new client relationships undergo sanctions screening.
Export Classification
Software and technology we develop are classified under ECCN 5D992 (not subject to EAR) or EAR99 (low-level controls).
No controlled cryptography or military applications.
Dual-Use Technology
Projects involving potential dual-use applications undergo internal review before acceptance.
We do not develop weapons systems or surveillance technology for authoritarian regimes.
08. AML & KYC Procedures
We implement Know Your Customer (KYC) and Anti-Money Laundering (AML) procedures appropriate to our risk profile as a professional services provider.
Client Due Diligence
- Identity verification for all new business relationships
- Beneficial ownership identification for corporate clients
- Sanctions and PEP (Politically Exposed Persons) screening
- Ongoing monitoring for high-risk relationships
Suspicious Activity Reporting
While we are not a financial institution, we maintain internal procedures to identify and report suspicious transactions or activities to appropriate authorities if encountered. We do not process cash payments or cryptocurrency for services.
09. Code of Ethics & Business Conduct
We uphold the highest standards of ethical conduct in all business operations.
Anti-Bribery & Corruption
Strict adherence to the US Foreign Corrupt Practices Act (FCPA) and UK Bribery Act principles. Zero tolerance for bribery, kickbacks, or improper payments.
Diversity & Inclusion
Remote-first model enables global talent acquisition based on merit. No discrimination based on nationality, religion, gender, or background.
Environmental Responsibility
No physical offices reduce carbon footprint. EU infrastructure powered by renewable energy sources through Hetzner's green data centers.
Conflicts of Interest
Full disclosure of potential conflicts. We do not accept engagements that compromise our independence or client confidentiality.
10. Subprocessor Management
We maintain a limited list of carefully vetted subprocessors. All subprocessors are bound by GDPR-compliant Data Processing Agreements.
Hetzner Online GmbH
Infrastructure & Hosting
Server hosting, data storage, backup services
Safeguards: ISO/IEC 27001:2022 certified Infrastructure, GDPR DPA
Google Ireland Limited
Analytics (Optional)
Website analytics (only with user consent)
Safeguards: EU-US DPF, SCCs
Meta Platforms Ireland
Marketing (Optional)
Conversion tracking (only with user consent)
Safeguards: SCCs, Data Processing Terms
Change Notification: We will notify clients of any new subprocessors or changes to existing ones with at least 30 days' notice, allowing you to object if you have legitimate concerns.
11. Security Incident Response
We maintain documented procedures for identifying, responding to, and reporting security incidents and personal data breaches.
Incident Response Timeline
Detection and initial assessment. Containment measures activated.
Investigation and impact analysis. Affected systems isolated.
Client notification (if affected). Supervisory authority notification (if required by GDPR). Remediation implementation.
Breach Notification Obligations
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours (as required by Art. 33 GDPR) and affected data subjects without undue delay if high risk to rights and freedoms exists (Art. 34 GDPR).
12. Audits & Compliance Verification
We support transparency through regular audits and compliance assessments.
Internal Audits
- Quarterly security reviews and vulnerability assessments
- Annual GDPR compliance assessments
- Continuous monitoring of access logs and security events
Client Audit Rights
Enterprise clients have the right to conduct audits of our data processing activities upon reasonable notice.
We provide audit reports, compliance documentation, and evidence of security controls upon request.
13. Compliance Contact & Reporting
For compliance inquiries, concerns, or to report potential violations:
Whistleblower Protection
We encourage reporting of compliance concerns or ethical violations. Reports can be made confidentially and will be investigated promptly.
We prohibit retaliation against individuals who report concerns in good faith. All reports are treated with confidentiality to the extent possible.
Compliance Framework Summary
GDPR (EU)
Personal data of EU/EEA residents
Swiss FADP
Personal data of Swiss residents
CCPA (California)
California residents (if applicable)
US Export Control (EAR/ITAR)
Technology export restrictions
FW Delta LLC maintains a comprehensive, multi-jurisdictional compliance framework that ensures operational agility while meeting the highest standards of data protection, security, and ethical business conduct.
Compliance Questions?
Our Compliance Officer is available to discuss our governance framework, certifications, or specific compliance requirements.
Contact Compliance Officer