Security & Privacy

The Example Organisation takes data protection, privacy, and security seriously. Our AI assistants are designed with privacy at the core, not as an afterthought.

UK hosting and data sovereignty

🇬🇧

UK-based infrastructure

All AI assistants and data are hosted within the United Kingdom, ensuring compliance with UK data protection standards and GDPR.

🔒

Data sovereignty

Your data stays in the UK. We do not transfer personal data outside the United Kingdom without explicit consent and appropriate safeguards.

GDPR compliant

Full compliance with UK GDPR requirements, including data minimisation, purpose limitation, and individual rights.

Chat storage and data minimisation

🚫

No storage by default

Conversations with AI assistants are not stored or recorded by default. Once a conversation ends, the content is not retained unless explicitly chosen.

📧

Opt-in email or download only

Users can choose to email themselves a conversation summary or download a transcript. This is always optional and user-initiated.

🔍

Data minimisation

We collect only the minimum data necessary to provide the service. No tracking, no profiling, no unnecessary data collection.

⏱️

Temporary processing only

Assistant interactions are processed in real-time and discarded immediately unless the user actively chooses to save them.

Clear assistant boundaries

Each AI assistant operates within defined limits. They know what they can and cannot do, and they make these boundaries clear to users.

What our assistants CAN do:

  • Answer questions based on approved organisational content
  • Explain policies and processes in plain language
  • Provide consistent, accurate information
  • Direct people to appropriate human support
  • Support accessibility through clear communication

What our assistants CANNOT do:

  • Make decisions on behalf of staff or the organisation
  • Provide legal, medical, or professional advice
  • Handle personal case details or sensitive disclosures
  • Override human judgement or professional expertise
  • Store or share conversations without explicit consent
  • Create new policies or interpret regulations

Information security measures

🔐

Encryption in transit and at rest

🛡️

Regular security audits and updates

👤

Access controls and authentication

📊

Monitoring and incident response

Your rights

Right to be informed

You have the right to know how we process data and why.

Right of access

You can request access to any personal data we hold about you.

Right to rectification

You can request corrections to inaccurate or incomplete data.

Right to erasure

You can request deletion of your personal data in certain circumstances.

Right to restrict processing

You can request limitation on how we process your data.

Right to object

You can object to certain types of processing of your data.

Questions about privacy or security?

If you have concerns about how we handle data, or wish to exercise any of your rights, please contact our Data Protection Officer.

Contact Us