Skip to content

Data processing and privacy

This page explains how SUPERWISE Chat handles personal data on your behalf: who is legally responsible for what, who else touches the data, what rights the people in your organization have, and where data is processed. It’s written for the person who owns the privacy or procurement file — usually an IT, compliance, or legal lead — and it’s meant to answer the questions that actually come up in a vendor review, in plain language rather than legalese.

A few items on this page are template fields: contract-specific values (like the exact subprocessor list current at signing, or the data centre regions in your agreement) that live in the signed documents, not on a public web page. We’ve marked each one clearly so you know to confirm it against your DPA rather than assume it.

Who is responsible for what: controller and processor

Section titled “Who is responsible for what: controller and processor”

GDPR splits responsibility for personal data into two roles, and the distinction matters because it decides who owes which obligations.

  • You are the data controller. Your organization decides which personal data is entered into Chat, for what purpose, and who in your organization may use it. The data belongs to you, and the lawful basis for processing it is yours to establish.
  • SUPERWISE is the data processor. We process that data only to provide the service and only on your documented instructions. We don’t decide the purposes of the processing, we don’t use your conversation content to train models for other customers, and we don’t repurpose your data.

In practice this means the people whose data is processed — your employees and any individuals they mention in conversations — are your data subjects. When one of them exercises a right (asks for a copy of their data, asks for it to be deleted), the request comes to you as the controller, and our job as processor is to give you the tools and assistance to honour it. The sections below describe both halves: what you can do directly, and how we help.

For customers who process personal data — and especially EU and UK customers — we offer a Data Processing Addendum that makes the controller/processor relationship contractual. A DPA typically sets out:

ProvisionWhat it covers
RolesYou as controller, SUPERWISE as processor
Scope and instructionsWe process only to provide the service, on your instructions
SubprocessorsThe third parties we use, and your right to be notified of changes
Security measuresThe technical and organizational controls we maintain
Data-subject rightsOur commitment to assist you in responding to requests
Breach notificationOur commitment to notify you, and the timeline
Return and deletionWhat happens to your data when the contract ends
AuditYour rights to verify our compliance

What data Chat processes, and on what basis

Section titled “What data Chat processes, and on what basis”

Chat is transparent by design about why it processes data. Every distinct processing activity is published in the product with a stated lawful basis, and your users can see this catalog directly — including before they sign in. The activities fall into two groups: essential ones the service can’t run without, and optional ones your users (or you, as administrator) can switch off.

ActivityWhy it happensLawful basisCan it be turned off?
Processing a message to answer itThis is the core service — generating a response to what the user askedContractNo — essential
AI safety evaluationReviewing messages for safety on the way in and outLegal obligationNo — essential
Conversation memoryRemembering useful details across conversationsConsentYes — optional
Knowledge document indexingMaking your uploaded documents searchableConsentYes — optional
Usage analytics and telemetryUnderstanding usage to operate and improve the serviceLegitimate interestYes — optional

The two essential activities — answering the message and the safety review — can’t be switched off, because without them there is no service to provide. Everything else is consent-based or opt-out, and your users control it from their own settings. As an administrator, you also set the tenant-wide defaults for the optional activities, so your organization can start everyone from a posture that fits your policy.

GDPR and CCPA/CPRA give individuals rights over their personal data. Because you are the controller, you own the response to a request — but Chat is built so that you can actually carry it out, not just promise it.

Right (GDPR / CCPA)How Chat supports it
Access / right to knowA user’s data in Chat is their conversations, memory, uploaded knowledge, and account record — all scoped to their identity and your tenant, so it can be located and exported
Rectification / correctionAccount and profile details flow from your identity provider; conversation and memory content is editable and deletable by the user
Erasure / deletionConversations and memory can be deleted; account removal removes the associated content. See DSAR and deletion for the procedure
Restriction / opt-outThe optional, consent-based activities (memory, document indexing, analytics) can be withdrawn at any time, per user and per tenant
PortabilityA user’s content is exportable in a portable form so it can be moved or handed over
ObjectionOptional processing can be objected to by withdrawing consent; essential processing is required to provide the service

Two design choices make these rights dependable:

  • Consent is revocable and recorded. When a user grants or withdraws consent for an optional activity, the change takes effect and is kept in a consent history trail, so you can show when a person opted in or out. Essential activities can’t be revoked while the service is in use — the product returns a clear refusal rather than silently ignoring the request, so there’s no ambiguity.
  • Everything is tenant-scoped. A request only ever reaches one organization’s data. A data-subject request in your tenant can’t surface, alter, or delete another customer’s data, because the boundary between tenants is enforced on every read and write. See Tenant isolation for how that holds.

For the step-by-step of fulfilling an access or deletion request, see DSAR and deletion.

To run the service, Chat relies on a small set of third parties — subprocessors in GDPR terms. Each one handles a specific, limited function:

  • Your identity provider — authenticates your users. We validate the sign-in tokens it issues; we don’t store your users’ passwords.
  • A managed database and cache — where your encrypted content and operational state are stored.
  • A large-language-model provider — generates AI responses to your messages.
  • The SUPERWISE safety platform — evaluates messages against the safety policies you’ve configured.

Your DPA names the current subprocessors, the function each performs, and the safeguards governing each relationship, and it gives you the right to be notified of changes so you can object before a new subprocessor begins handling your data.

Where personal data is processed geographically matters under GDPR, and it’s one of the first things an EU or UK reviewer will ask.

What we can say generally: where a transfer of personal data outside your region is involved, it is covered by an appropriate safeguard recognised under GDPR (such as Standard Contractual Clauses), and the specific mechanism and regions are committed to in your DPA rather than left implicit.

If a personal-data breach affecting your data occurs, our commitment is to notify you as controller without undue delay, with the information you need to meet your own notification obligations to regulators and to affected individuals.

Retention and deletion at the end of the contract

Section titled “Retention and deletion at the end of the contract”

You control how long your conversations live during the relationship, and your DPA governs what happens to your data when the relationship ends.

  • During the contract: conversations are kept as long as you keep them and can be deleted on request; tenant administrators can set inactivity-based deletion windows. Some operational records (such as request logs and execution records) are purged automatically on a rolling window so they don’t accumulate indefinitely.
  • At the end of the contract: your DPA sets out the return and deletion of your data on termination, including the timeframe and any limited records we are legally required to retain in anonymized or aggregated form.

For how retention and audit records are handled day to day, see the Security statement; for the precise current state of any retention window, ask your SUPERWISE representative for the accurate answer in writing.

  • GDPR (EU/UK). Chat is built around GDPR principles — disclosed processing activities with a stated lawful basis, revocable consent for optional uses, and data-subject-rights tooling — and the DPA puts the controller/processor terms in writing.
  • CCPA/CPRA (California). The same access and deletion tooling that supports GDPR supports California privacy rights (right to know, right to delete, and opt-out of the optional uses). We don’t sell your data.
  • HIPAA (healthcare). Chat is not positioned as a HIPAA-compliant service today, and protected health information should not be entered into it. If a HIPAA path matters to you, raise it with your SUPERWISE representative.