This is the human-readable summary. The signed PDF is the legally binding version — request it from [email protected].
1. Roles
You are the Data Controller. AIflowiz is the Data Processor. We act only on your documented instructions.
2. Categories of data we process
- Whatever lives in the systems you connect to the workflow
- Logs and traces required to operate the AI in production
- Eval datasets you explicitly approve
3. Data residency
EU clients: data stays in eu-central-1 / Frankfurt. US clients: us-east-1 by default. On-prem / air-gapped deployments available for regulated industries.
4. Subprocessors
Default stack: OpenAI (with zero-retention API), Anthropic, Cloudflare, Vercel, Supabase. We give 14 days' notice before adding a new subprocessor; you can object.
5. Security
- SSO + MFA on every internal tool
- SOC2-aligned controls (formal audit Q4 2026)
- Encrypted at rest (AES-256) and in transit (TLS 1.3)
6. Breach notification
You'll hear from us within 24 hours of confirmed breach detection — by email and phone.