Data Protection at Sally AI – Your Trust is Our Priority

Our Approach to Data Protection

Safeguarding personal data is a core priority for Sally AI.
We process data strictly for the agreed contractual purposes and in line with the GDPR principles:

Lawfulness
Purpose limitation
Data minimization
Transparency

Sally AI complies with the EU General Data Protection Regulation (GDPR) and provides a Data Processing Agreement (DPA) under Article 28 GDPR.
Our technical and organizational measures (TOMs) are documented, regularly reviewed, and continuously updated.

We Act as a Data Processor

Our customers are the data controllers under the GDPR.
Sally AI acts solely as a data processor, processing personal data only on documented instructions from the customer.
Legal responsibility for data protection remains with the customer at all times.

Data Protection = Security + Transparency

We view data protection as both a legal duty and a core part of our security and quality standards.
To ensure protection and accountability, we apply:

Encryption at rest and in transit
Access controls (role-based) and multi-factor authentication
Transparent communication about the nature, purpose, and scope of processing

Our Approach to Data Protection​

GDPR Compliance as a SaaS Provider​

We Act as a Data Processor​

Data Protection = Security + Transparency​

Our Approach to Data Protection

GDPR Compliance as a SaaS Provider

We Act as a Data Processor

Data Protection = Security + Transparency