Is my company data safe with AI?
The most common fear before adopting AI is that company and customer data ends up with an outside vendor, gets used to train models, or breaches the GDPR. With CiaoBob your data stays yours: no shared training, encryption in transit and at rest, EU data residency on request, and least-privilege access with audit logging.
01 Is my data used to train AI models?
No. We apply a zero-training policy on client data: the information you entrust to us is never used to train models, neither yours nor third parties’. Your data stays yours and isolated to your project, with encryption and access measures defined for your architecture.
02 Where is the data stored and how is it protected?
Data travels encrypted in transit (typically TLS 1.3). At rest, where the project architecture provides for it, it is encrypted (for example AES-256). On request, data residency is in the European Union. Access follows the principle of least privilege — only who must, only what is needed — and, where provided, is tracked by audit logs. The concrete measures are defined during analysis, based on your constraints.
| Layer | How we protect the data |
|---|---|
| In transit | Encryption in transit, typically TLS 1.3 |
| At rest | Encryption at rest (e.g. AES-256) where the architecture provides for it |
| Access | Least privilege; audit logs where provided |
| Residency | Data in the European Union on request |
03 Is using AI GDPR compliant?
Yes. We design for the GDPR from the start, not as an afterthought: EU data residency on request, encryption in transit and at rest, least-privilege access and explainable AI. Compliance is part of the project architecture, so you can use artificial intelligence without giving up control of your data.
04 When should you NOT send data to an external LLM?
When data is extremely sensitive or bound by contracts that forbid external services. In those cases we run a model in an isolated or on-premise environment, keeping everything in-house. It is an architecture choice to make up front: deciding what can leave and what cannot is part of the analysis.
Does the data I give CiaoBob train ChatGPT or other models?
No. Zero-training policy: your data trains no model, neither ours nor third parties’. It stays isolated to your project, encrypted in transit and at rest, with tracked least-privilege access.
Are CiaoBob’s AI solutions GDPR compliant?
Yes. GDPR by design: EU data residency on request, encryption in transit and at rest, least-privilege access and explainable AI. The specific measures depend on the project architecture, defined with you in the initial analysis.
Can I keep the most sensitive data without sending it to an external service?
Yes. For the most sensitive data we use a model in an isolated or on-premise environment, keeping everything in-house. What can leave and what cannot is decided in the initial project analysis.