Privacy & Data Security at Sally AI
Welcome to the Privacy and Security Documentation of Sally AI.
Data protection is not just a legal obligation — it’s a core part of our product and company philosophy. As a SaaS provider, we value transparency, security, and strict compliance with global data protection laws — especially the EU General Data Protection Regulation (GDPR).
This documentation is designed for our customers, their privacy officers, IT departments, and compliance teams. Here, you’ll learn how we handle personal data, what security measures we implement, and how we support you in meeting your own legal obligations.
🧭 What You'll Find Here
Below is an overview of all privacy-related sections. Each page focuses on a specific aspect and can be accessed individually.
📘 Privacy at Sally
Our principles and privacy philosophy
Learn about how Sally AI views privacy, why it’s central to our operations, and what values guide us — including a first look at our role as a data processor.
🔗 Go to page » Privacy at Sally
🗂️ Data Processing
What data we collect, why, and how
A clear explanation of the types of data we process (e.g., text inputs, IP addresses), the purpose of processing, and our data retention practices.
🔗 Go to page » Data Processing
🔐 Security & TOMs
Technical and organizational safeguards
We describe the Technical and Organizational Measures (TOMs) we implement to protect your data — including encryption, access control, monitoring, and more.
🔗 Go to page » Security & TOMs
👥 Roles & Responsibilities
Who is responsible for what
Sally AI acts as a data processor, and you as the customer are the data controller. This page explains this relationship and how we support your compliance obligations.
🔗 Go to page » Roles & Responsibilities
🌍 Subprocessors & Transfers
Third-party services & international data flows
We use carefully selected subprocessors (e.g., AWS). This page lists them and explains how we ensure lawful data transfers, including the use of Standard Contractual Clauses (SCCs).
🔗 Go to page » Subprocessors & Transfers
⚖️ Your Rights
Data subject rights & how we support you
We support our customers in fulfilling their users’ rights — like access, correction, deletion — and explain how our platform helps meet those obligations.
🚨 Data Breaches
Incident response & notification procedures
This page explains what happens in the event of a data breach — including detection, response, notifications, and preventive measures.
📄 Data Processing Agreement (DPA)
Legal basis for working with Sally AI
Everything you need to know about our Data Processing Agreement (DPA) in accordance with Article 28 GDPR — including how to request or sign the contract.
🔗 Go to page » Data Processing Agreement
❓ FAQs & Glossary
Common questions & privacy terms explained
Get answers to frequently asked questions — like where data is stored, whether on-premise deployment is possible, and more. Includes a helpful glossary of terms like GDPR, TOMs, SCCs, etc.
🔗 Go to page » FAQs & Glossary
🔄 Current Status & Contact
This documentation is updated regularly. If you have additional questions or need assistance, feel free to contact our Data Protection Officer:
📧 privacy@sally.io
📄 Download PDF documents
Last updated: July 2025