Skip to main content

How We Process Customer Data

What we process

  • Text inputs in the product (e.g., prompts, comments)
  • Technical metadata (e.g., IP address, timestamps, system/meeting IDs, log events)
  • Optional – if meeting features are used: Audio/video and transcripts as defined in the DPA

Why (purposes)

  • Contract performance and service reliability, under a GDPR-compliant DPA
    (processing on the customer’s documented instructions)
  • Support & security (e.g., troubleshooting, abuse prevention) within our TOMs

Where (storage location)

  • EU-only data centers, primarily Germany; alternatively other EU regions (e.g., Ireland/Netherlands)
  • No transfers to non-EU countries
  • On-premises option: We can store data in the customer's own database (MS SQL) on-premises — giving you full control over where your data resides

Retention & deletion

  • During the contract term: retained only as necessary for the agreed purposes and per customer instructions
  • Temporary raw processing data (e.g., audio pipeline artifacts) is automatically deleted after processing, unless the customer chooses to store recordings
  • After contract termination: deletion or return within 30 days, with written confirmation (per DPA)

Data masking for AI processing

Before any data is sent to a large language model (LLM) for analysis or summarization, all personally identifiable information is masked. Names, email addresses, and other sensitive data are replaced with anonymized placeholders before the content reaches the AI. The original data is restored within our own secure infrastructure after processing. This ensures that no personal data ever enters the LLM.

Additionally, we support using customer-provided LLMs — if your organization operates its own language models, Sally AI can be configured to use them exclusively, so that no data leaves your own infrastructure for AI processing.

No use for our own purposes

  • No AI model training with customer data
  • No processing for our own business purposes (as set out in the DPA)
  • No personal data in LLM processing — all data is masked beforehand