Data processing and privacy
Data processing and privacy
Section titled “Data processing and privacy”This page explains how SUPERWISE Chat handles personal data on your behalf: who is legally responsible for what, who else touches the data, what rights the people in your organization have, and where data is processed. It’s written for the person who owns the privacy or procurement file — usually an IT, compliance, or legal lead — and it’s meant to answer the questions that actually come up in a vendor review, in plain language rather than legalese.
A few items on this page are template fields: contract-specific values (like the exact subprocessor list current at signing, or the data centre regions in your agreement) that live in the signed documents, not on a public web page. We’ve marked each one clearly so you know to confirm it against your DPA rather than assume it.
Who is responsible for what: controller and processor
Section titled “Who is responsible for what: controller and processor”GDPR splits responsibility for personal data into two roles, and the distinction matters because it decides who owes which obligations.
- You are the data controller. Your organization decides which personal data is entered into Chat, for what purpose, and who in your organization may use it. The data belongs to you, and the lawful basis for processing it is yours to establish.
- SUPERWISE is the data processor. We process that data only to provide the service and only on your documented instructions. We don’t decide the purposes of the processing, we don’t use your conversation content to train models for other customers, and we don’t repurpose your data.
In practice this means the people whose data is processed — your employees and any individuals they mention in conversations — are your data subjects. When one of them exercises a right (asks for a copy of their data, asks for it to be deleted), the request comes to you as the controller, and our job as processor is to give you the tools and assistance to honour it. The sections below describe both halves: what you can do directly, and how we help.
The Data Processing Addendum (DPA)
Section titled “The Data Processing Addendum (DPA)”For customers who process personal data — and especially EU and UK customers — we offer a Data Processing Addendum that makes the controller/processor relationship contractual. A DPA typically sets out:
| Provision | What it covers |
|---|---|
| Roles | You as controller, SUPERWISE as processor |
| Scope and instructions | We process only to provide the service, on your instructions |
| Subprocessors | The third parties we use, and your right to be notified of changes |
| Security measures | The technical and organizational controls we maintain |
| Data-subject rights | Our commitment to assist you in responding to requests |
| Breach notification | Our commitment to notify you, and the timeline |
| Return and deletion | What happens to your data when the contract ends |
| Audit | Your rights to verify our compliance |
What data Chat processes, and on what basis
Section titled “What data Chat processes, and on what basis”Chat is transparent by design about why it processes data. Every distinct processing activity is published in the product with a stated lawful basis, and your users can see this catalog directly — including before they sign in. The activities fall into two groups: essential ones the service can’t run without, and optional ones your users (or you, as administrator) can switch off.
| Activity | Why it happens | Lawful basis | Can it be turned off? |
|---|---|---|---|
| Processing a message to answer it | This is the core service — generating a response to what the user asked | Contract | No — essential |
| AI safety evaluation | Reviewing messages for safety on the way in and out | Legal obligation | No — essential |
| Conversation memory | Remembering useful details across conversations | Consent | Yes — optional |
| Knowledge document indexing | Making your uploaded documents searchable | Consent | Yes — optional |
| Usage analytics and telemetry | Understanding usage to operate and improve the service | Legitimate interest | Yes — optional |
The two essential activities — answering the message and the safety review — can’t be switched off, because without them there is no service to provide. Everything else is consent-based or opt-out, and your users control it from their own settings. As an administrator, you also set the tenant-wide defaults for the optional activities, so your organization can start everyone from a posture that fits your policy.
Data-subject rights
Section titled “Data-subject rights”GDPR and CCPA/CPRA give individuals rights over their personal data. Because you are the controller, you own the response to a request — but Chat is built so that you can actually carry it out, not just promise it.
| Right (GDPR / CCPA) | How Chat supports it |
|---|---|
| Access / right to know | A user’s data in Chat is their conversations, memory, uploaded knowledge, and account record — all scoped to their identity and your tenant, so it can be located and exported |
| Rectification / correction | Account and profile details flow from your identity provider; conversation and memory content is editable and deletable by the user |
| Erasure / deletion | Conversations and memory can be deleted; account removal removes the associated content. See DSAR and deletion for the procedure |
| Restriction / opt-out | The optional, consent-based activities (memory, document indexing, analytics) can be withdrawn at any time, per user and per tenant |
| Portability | A user’s content is exportable in a portable form so it can be moved or handed over |
| Objection | Optional processing can be objected to by withdrawing consent; essential processing is required to provide the service |
Two design choices make these rights dependable:
- Consent is revocable and recorded. When a user grants or withdraws consent for an optional activity, the change takes effect and is kept in a consent history trail, so you can show when a person opted in or out. Essential activities can’t be revoked while the service is in use — the product returns a clear refusal rather than silently ignoring the request, so there’s no ambiguity.
- Everything is tenant-scoped. A request only ever reaches one organization’s data. A data-subject request in your tenant can’t surface, alter, or delete another customer’s data, because the boundary between tenants is enforced on every read and write. See Tenant isolation for how that holds.
For the step-by-step of fulfilling an access or deletion request, see DSAR and deletion.
Subprocessors
Section titled “Subprocessors”To run the service, Chat relies on a small set of third parties — subprocessors in GDPR terms. Each one handles a specific, limited function:
- Your identity provider — authenticates your users. We validate the sign-in tokens it issues; we don’t store your users’ passwords.
- A managed database and cache — where your encrypted content and operational state are stored.
- A large-language-model provider — generates AI responses to your messages.
- The SUPERWISE safety platform — evaluates messages against the safety policies you’ve configured.
Your DPA names the current subprocessors, the function each performs, and the safeguards governing each relationship, and it gives you the right to be notified of changes so you can object before a new subprocessor begins handling your data.
International data transfers
Section titled “International data transfers”Where personal data is processed geographically matters under GDPR, and it’s one of the first things an EU or UK reviewer will ask.
What we can say generally: where a transfer of personal data outside your region is involved, it is covered by an appropriate safeguard recognised under GDPR (such as Standard Contractual Clauses), and the specific mechanism and regions are committed to in your DPA rather than left implicit.
Breach notification
Section titled “Breach notification”If a personal-data breach affecting your data occurs, our commitment is to notify you as controller without undue delay, with the information you need to meet your own notification obligations to regulators and to affected individuals.
Retention and deletion at the end of the contract
Section titled “Retention and deletion at the end of the contract”You control how long your conversations live during the relationship, and your DPA governs what happens to your data when the relationship ends.
- During the contract: conversations are kept as long as you keep them and can be deleted on request; tenant administrators can set inactivity-based deletion windows. Some operational records (such as request logs and execution records) are purged automatically on a rolling window so they don’t accumulate indefinitely.
- At the end of the contract: your DPA sets out the return and deletion of your data on termination, including the timeframe and any limited records we are legally required to retain in anonymized or aggregated form.
For how retention and audit records are handled day to day, see the Security statement; for the precise current state of any retention window, ask your SUPERWISE representative for the accurate answer in writing.
Regional and sector notes
Section titled “Regional and sector notes”- GDPR (EU/UK). Chat is built around GDPR principles — disclosed processing activities with a stated lawful basis, revocable consent for optional uses, and data-subject-rights tooling — and the DPA puts the controller/processor terms in writing.
- CCPA/CPRA (California). The same access and deletion tooling that supports GDPR supports California privacy rights (right to know, right to delete, and opt-out of the optional uses). We don’t sell your data.
- HIPAA (healthcare). Chat is not positioned as a HIPAA-compliant service today, and protected health information should not be entered into it. If a HIPAA path matters to you, raise it with your SUPERWISE representative.
Related pages
Section titled “Related pages”- Security statement — the security posture summary for your InfoSec team.
- DSAR and deletion — handling access and deletion requests step by step.
- Tenant isolation — how one organization’s data stays separate from every other’s.
- Data flow and logging — what is recorded as your data moves through Chat.
- Governance and policy — the safety and oversight controls you configure.