How We Process Your Data
This page explains exactly which data Sally AI processes, why we process it, where it is stored, and how long we keep it. Sally AI acts strictly as a Data Processor under Art. 28 GDPR, processing data only on your documented instruction and never for our own business interests. Read this for vendor assessments, RoPA entries, or to understand end-to-end what happens to customer data inside Sally.
What We Process
Prompts and comments entered directly in the product.
IP addresses, timestamps, system/meeting IDs, and log events.
If meeting features are enabled: audio/video and transcripts as defined in the DPA.
What We Never Do
Why We Process It
Providing the agreed service based on your documented instructions, fully GDPR-compliant under a signed DPA.
Troubleshooting and abuse prevention, carried out within the scope of our technical and organisational measures (TOMs).
More on Data Handling
How personal data is masked before every LLM call, plus the Bring Your Own LLM option.
Read more →Where data is stored: Germany at Hetzner, EU-only subprocessors, no third-country transfers.
Read more →Retention model during the contract, temporary data handling, and 30-day deletion guarantee after contract end.
Read more →