Skip to main content

Frequently Asked Questions

Quick, in-depth answers to the questions our customers, data protection officers, and security teams ask most often. Can't find your question? Reach out at privacy@sally.io, or browse the full documentation in the Download Center.

Table of contents

GDPR & data protection basics

Is Sally AI a GDPR-compliant transcription tool?

Yes. Sally AI is a fully GDPR-compliant AI meeting assistant for transcription, summarization, and automated note-taking, purpose-built for organizations with strict European data protection requirements. In short:

  • Hosted in Germany at Hetzner, with no personal data leaving the EU
  • Independently ISO 27001, ISO 14001, and ISO 9001 certified
  • Personal data is masked before any AI model processes it
  • Never used for AI training, guaranteed contractually and technically
  • GDPR-compliant DPA under Art. 28 with every customer

Whether you are looking for a GDPR-compliant transcription tool, an AI meeting assistant, or an automated note-taker that meets European data protection standards without compromise, Sally AI is built exactly for that.

How does Sally AI achieve GDPR compliance?

Sally AI is GDPR-compliant by design. As a data processor under Art. 28 GDPR, we sign a DPA with every customer, process data only on documented instructions, support all data subject rights, and document our technical and organizational measures (TOMs) with regular internal and external audits.

Is Sally AI a data controller or a data processor?

Sally AI acts as a data processor (GDPR Art. 4(8)). The customer is the data controller (GDPR Art. 4(7)) and defines the purposes and means of processing. The role split is explained in detail on Our Security & Compliance page.

Is there a Data Processing Agreement (DPA) available?

Yes. A GDPR-compliant DPA under Article 28 GDPR is signed with every customer. You can review the contents and request or download it on the DPA page.

Data types & processing flow

What data does Sally process in a meeting?

Depending on the configuration, Sally processes meeting audio, meeting metadata (participants, time, title), and the transcripts and summaries generated from them. Whether audio and/or video are additionally stored depends on your configuration. See How We Process Your Data for the full breakdown, the guide on video and audio recordings to configure storage, and the guide on automatic deletion to control retention.

Which data goes to which system at each processing step?

In the standard SaaS configuration, transcription first takes place within our own processing chain. For summarization, text is then passed to Azure OpenAI in the EU, after personal identifiers have been masked. Storage and all further processing take place exclusively within EU infrastructure. The masking flow is described on Data Masking for AI.

What exactly is sent to Azure OpenAI or the AI service in use?

Only text is transmitted, never the original meeting audio or video. Before each transfer, personal identifiers are replaced with placeholders. The original data is restored only afterwards, within Sally's own infrastructure.

Is my meeting recorded or only transcribed?

That depends on the configuration you choose. Sally processes meeting content for transcription and summarization; whether audio and/or video are stored beyond that is configuration-dependent and controlled by your admins. You configure it in the guide on video and audio recordings, and you can set how long recordings are kept via automatic deletion.

Masking & pseudonymization

Is personal data masked before AI processing?

Yes. Before processing by the language model, personal identifiers in the text are replaced with placeholders and restored afterwards. Full details are on Data Masking for AI.

Is this anonymization or pseudonymization?

It is pseudonymization (data masking with placeholders), not full anonymization in the legal sense. Full anonymization cannot be guaranteed across the board, because content can also be indirectly identifying.

Which data is masked specifically?

Primarily personal identifiers such as names, email addresses, and comparable direct identifiers. Whether additional content is masked depends on the specific content and on technical detectability.

Are business or client secrets masked automatically?

Not automatically in every case. Masking targets personal identifiers; content that is confidential for professional or business reasons may still appear in the text if it is not recognized as a personal identifier. For confidentiality obligations under German Section 203 StGB, see the Special data categories & professional secrecy section below.

Data retention & deletion

Is there a standard retention period?

No. The retention period for transcripts and summaries is configured by the controller in Sally. Aliru does not store data beyond the period defined by the customer. See Retention & Deletion.

How long are audio, video, transcript, summary, and metadata stored?

Temporary raw data (e.g., audio pipeline artifacts) is deleted automatically after processing, unless explicit storage is configured. For transcripts, summaries, and any stored audio/video, the customer-configured retention period applies. You enable or disable storage in the guide on video and audio recordings, and the period itself is configured under automatic deletion.

What happens when I actively delete data from Sally?

Active deletion requests are executed immediately and permanently. The content is then no longer available in Sally and cannot be recovered.

Are deleted data also removed from backups?

Yes. A deletion is typically propagated to all backup systems during the following night. By the next day at the latest, the deleted content is also fully removed from backups.

Can different data types be deleted separately?

Yes, a separate deletion logic can generally be applied, in particular for transcripts, summaries, and any stored audio and video. The exact implementation depends on configuration and customer setup. You can set deletion rules in the guide on Automatic Deletion.

How is a deletion documented and verified?

Deletions are made traceable through audit and system logs. Automated deletions are verified system-side; manual or instructed deletions are verified through downstream review against the configured retention and deletion mechanisms.

Do I get a confirmation after a deletion?

An automatic email confirmation after each individual deletion is not provided by default. On request, the execution of a deletion can be traced and confirmed.

Hosting, data location & architecture

Where is data processed and stored?

Processing and storage take place exclusively within the EU, primarily in Germany at Hetzner. There is no transfer of personal data outside the EU. More detail on Hosting & Subprocessors.

What is the difference between EU hosting and on-premises?

  • EU hosting: processing and storage within EU data centers.
  • On-premises: data is stored and processed locally in the customer's own infrastructure.

Can Sally run fully on-premises?

Sally supports storage in a customer-owned MS SQL database within your own infrastructure; the content never leaves your environment. For architecture, prerequisites, and the setup process, please contact our sales team.

Can I use my own LLM instead of Azure OpenAI?

Yes. Sally can be configured to use customer-provided LLMs exclusively, for example if your organization operates its own language models. Which models are supported is clarified individually.

Identity, authentication & access

Which SSO protocols does Sally support?

SSO is implemented via OIDC (OpenID Connect). In addition, SCIM is offered for user management and provisioning. See the guides on SSO login and SCIM integration.

Does Sally support multi-factor authentication (MFA)?

Yes. MFA is mandatory for administrative and privileged access, and is available for user accounts as well. The exact scope depends on role and configuration. See the guide on multi-factor authentication.

What password and access protections are in place?

System-side password requirements apply: minimum length (8 characters), complexity rules (at least 3 of 4 criteria), lockout after failed logins, and automatic logout. A purely time-based, periodic password change is not enforced as a general standard, in line with current best practice.

How is administrator access secured?

Administrative access is protected by VPN, MFA, role-based permissions, centrally managed endpoints (Microsoft Intune), Conditional Access, and logging and monitoring. A dedicated jump/bastion host and a separate administration network are being implemented by September 2026 (in line with BSI C5:2026).

Are administrative activities logged?

Yes. Administrative access, permission changes, and security-relevant configuration changes are logged traceably in Microsoft Entra ID, Microsoft 365 audit logs, and platform-specific event logs.

Patch & change management

Are there documented patch and change management processes?

Yes. For production changes and security updates, documented change and patch processes exist, with four-eyes approval, testing before production rollout, traceability, and defined priorities. Critical security updates are applied without delay.

Speaker recognition & biometrics

How do speaker recognition and speaker assignment work?

There is no voice profiling and no biometric identification. Assignment is based on the displayed participant names in the meeting. For conference-room or shared microphones, speakers can be assigned afterwards in the frontend, purely as a usability feature, not as biometric identification.

Special data categories & professional secrecy

Can I use Sally to process health data or other special categories under Art. 9 GDPR?

Sally is technically and contractually suitable for processing special categories of data under Art. 9 GDPR (EU hosting, AES-256, data masking before LLM processing, DPA, no AI training). Depending on the protection level required, a more tailored setup may be advisable instead of the standard SaaS configuration. Ensuring the legal basis, a DPIA, and information obligations remains the responsibility of the controller.

Can Sally AI be used by holders of professional secrets under German Section 203 StGB?

Yes. The Sally DPA contains a dedicated clause (Section 16) on the duty of confidentiality under Section 203 StGB, activated by the customer's confirmation in text form. It expressly obliges Aliru and all staff to protect professional secrets.

Can political opinions or sensitive stakeholder statements be processed via Sally?

Yes, provided a suitable legal basis exists (typically the explicit consent of all participants under Art. 9(2)(a) GDPR) and a DPA is in place. For meetings with particularly sensitive content, we recommend the opt-in consent feature with prior email notification to all participants.

Consent, opt-out & participants

Sally offers two models: an opt-out command in the meeting chat, or a prior opt-in consent via an email privacy notice before the meeting. With opt-in enabled, Sally only joins once the participants who require consent have given it. See the guides on the meeting privacy notice and the email privacy notice.

How does opt-out work?

Participants can object to processing at any time by typing opt out in the meeting chat. All meeting data captured by Sally so far (audio, video, transcript, metadata) is then deleted immediately and Sally leaves the meeting. The action is logged system-side.

What if I accidentally let Sally join a meeting?

If Sally joins a meeting where no recording is wanted, anyone can trigger immediate termination and deletion of the captured data with the opt out chat command.

Consent must be purpose-specific. If the purpose or the nature of the meeting changes substantially, fresh consent is required. Assessing purpose limitation is the responsibility of the controller. See also For Meeting Participants.

AI usage

Are my contents used to train AI models?

No. Customer data is never used to train or improve AI models. This is guaranteed both contractually (DPA, Section 12) and technically. How AI processing is protected is explained on Data Masking for AI and the EU AI Act page.

Subprocessors & audits

Which subprocessors does Sally use?

The main subprocessors are Hetzner, Microsoft Azure, AWS, DeepL, Stripe, Strato, and Azure OpenAI, all with EU-based infrastructure. The full list with processing purpose and hosting location is in Annex 3 of the DPA and in the subprocessor list as well as in the Download Center.

Can I object to the use of certain subprocessors?

Yes. Under the DPA (Section 6), every new subprocessor is announced in advance, and the customer can raise objections. In case of justified objections, we work out a solution together.

Can customers request audits or evidence?

Yes. Under the DPA (Section 4), the customer has an audit and inspection right after prior notice (14 days). Aliru supports the audit with all required information and evidence. Standard evidence (DPA, TOMs, DPIA, subprocessor list, AI compliance statement, ISO certificate) is available in the Download Center.

Certifications & security evidence

What certifications and audit reports are currently available?

Sally AI is independently certified to ISO 9001:2015, ISO 14001:2015, and ISO 27001:2022 (issued by DICIS), run together as one integrated management system. Our security controls are also aligned with SOC 2 principles, and we are DORA compliant. You can verify and download the ISO certificate on the ISO Certifications page, and find all compliance documents in the Download Center.

What security measures does Sally implement?

Our technical and organizational measures (TOMs) include AES-256 encryption at rest and TLS/SSL in transit, role-based access control, multi-factor authentication, comprehensive audit logging, continuous monitoring, DDoS protection, and hosting in ISO 27001-certified data centers. The full list is on Our Security & Compliance and in the TOMs document.

How will I be notified in case of a data breach?

We notify customers within 24 hours of becoming aware of a personal data breach, including the nature, scope, affected data, and measures taken. See Incident Response & Pentests.

Industry-specific

Is Sally suitable for the financial sector (DORA)?

Yes. For customers subject to Regulation (EU) 2022/2554 (DORA), we offer a DORA addendum to the main contract, including a service-level annex (availability, response and resolution times, maintenance windows, incident reporting).

Can banks, insurers, or other regulated industries use Sally?

Yes. We combine the DORA addendum, contractually guaranteed SLAs, audit rights under the DPA (Section 4), and 24-hour incident reporting. We provide a list of suitable documents on request.

Workplace use & employees

Do I need a works agreement to use Sally?

For companies with a works council, a works agreement is customary, as Sally involves processing personal data of employees in the meeting context. Aliru provides a sample works agreement as a Word document (in German) that you can edit and adapt freely. It covers all relevant points: purpose, data types, opt-out, retention periods, and rights.

How does Sally relate to employee performance and behavior monitoring?

Sally is explicitly not intended for performance or behavior monitoring and is excluded from such use in the sample works agreement. There is no analysis of faces, behavior, or individual performance.

Contact & documentation

Who is the contact for data protection?

Data Protection Officer: Norton Engele — 📧 privacy@sally.io

What documentation is available?

The following are available in our Download Center:

  • Data Processing Agreement (DPA / AVV)
  • Technical and Organizational Measures (TOMs)
  • Record of Processing Activities (RoPA)
  • List of Subprocessors
  • Data Protection Impact Assessment (DPIA)
  • AI Compliance Statement (EU AI Act)
  • ISO Certificate (9001, 14001, 27001)
  • GDPR Compliance Report