GDPR data processing overview
A short, plain-language overview of how we process data and why we do not store raw content. For a technical pipeline description, see Privacy & data architecture.
What we do not process or store
- Conversation text, prompts, or model replies
- Personal data contained in user inputs
- Any content that could identify individuals or reconstruct conversations
Our design goal is to make it structurally impossible to leak user or conversation content: we never store it.
What we process (and why it’s low risk)
We only use:
- Hashes of inputs/outputs (one-way; cannot be reversed to recover content).
- Behavioral and structural signals — e.g. which tools were called, latency, error flags — which are not personal data by design.
So from a GDPR perspective, we do not “process” personal data in the content itself; we process at most pseudonymised/hashed and non-content data. A simple flow: User input → hashed at source → Only signals + hashes used for fingerprinting → No raw content stored or transmitted. A visual diagram is available in our PDF one-pager (link TBD).