Data Protection and GDPR

The Data Processing Agreements (DPAs) we sign individually with each client bind us to strict confidentiality, and this obligation remains in effect even after our relationship concludes.

OpenAI

"By default, we do not use data from ChatGPT Enterprise, ChatGPT Business... or our API platform — including inputs and outputs — to train or improve our models."

Google

"Google will not use customer data to train or fine-tune AI or ML models without the Customer's prior permission or instruction. This applies to all models in Vertex AI."

Anthropic

"...for Anthropic's commercial offerings (Anthropic API, Console, Claude for Work — Team and Enterprise plans, etc.) we will not use your chats or programming sessions to train our models, unless you opt-in..."

xAI

"No, we do not use your company's data, nor the inputs (prompts) or outputs (responses) to train our models."

Data Protection and GDPR

The Privacy-by-Design model we offer for our AI agents facilitates compliance with the General Data Protection Regulation (GDPR) and the guidelines of the Spanish Data Protection Agency (AEPD).

Data Minimization

Only the small text fragments or vector representations necessary for contextual retrieval are stored.

Purpose Limitation

Derived data is used only to respond to authorized user queries.

Accuracy

Synchronization with your document repository keeps the information used by the agent to respond to users up to date.

Right to be forgotten / erasure

When a document is deleted from your MS Sharepoint, Google Docs, or similar repository, the associated derived representations are removed from the retrieval index.

Integrity and Confidentiality

AES-256 encryption is applied to protect data at rest, and TLS 1.2+ to protect data in transit.