Data Security & Privacy
Last updated: February 2025
Your data is your competitive advantage. We treat it accordingly. This page explains exactly how CouncilIA handles, protects, and isolates your corporate data β especially when using Custom Expert Personas.
1. Zero-Training Guarantee
π« Your data is NEVER used to train AI models.
Not ours. Not OpenAI's. Not any third-party's. Ever.
- All AI API calls are made with training opt-out enabled (e.g., OpenAI's
"store": falseflag). - Uploaded documents are used exclusively for generating debate context within your session.
- AI providers receive only the minimum context necessary for each round β never your full document library.
- We do not aggregate, anonymize, or repurpose your corporate data for any other customer or internal use.
2. GDPR Compliance
CouncilIA is operated by CouncilIA Lda., an EU-based company subject to the General Data Protection Regulation (GDPR).
| Requirement | How We Comply |
|---|---|
| Lawful Basis | Contract performance (Art. 6(1)(b)) + Legitimate interest |
| Data Minimization | Only essential data collected; documents chunked and embedded, originals not permanently stored |
| Right to Erasure | Full account + all embeddings + all documents deleted within 30 days of request |
| Right to Portability | Export all session data, reports, and transcripts in JSON/PDF format |
| Data Processing Agreement | Available for Corporate plan customers upon request |
| Data Breach Notification | 72-hour notification to supervisory authority + affected users |
Data Protection Contact: privacy@council-ia.com
3. Tenant Isolation
Every customer's data is logically isolated at the database level:
- Row-Level Security (RLS): PostgreSQL RLS policies enforce that users can only access their own data. This is enforced at the database engine level β not application code.
- Tenant ID binding: Every row in every table (sessions, embeddings, documents, personas) is bound to a
tenant_id. - Custom Expert isolation: Embeddings for your Custom Expert Persona are stored with your
persona_idandtenant_id. Other tenants cannot query, access, or even know about your documents. - No cross-contamination: AI debate context is assembled per-session and never shared between users or tenants.
4. Encryption
- In Transit: All data is transmitted over TLS 1.3 (HTTPS). API calls to AI providers use TLS-encrypted connections.
- At Rest: Database storage encrypted via Supabase (AES-256). Cache layer (Upstash Redis) encrypted at rest.
- Payments: Processed by Stripe (PCI-DSS Level 1 compliant). We never see, store, or process card numbers.
- Authentication: OAuth 2.0 via Google. Passwords are never stored in our system.
5. Data Routing & Sovereignty
CouncilIA uses multiple AI providers to power different council personas. We give you control over where your data goes:
- Database: Supabase PostgreSQL hosted in EU (Frankfurt, Germany).
- EU Sensitivity Mode: When enabled, prompts are routed exclusively to EU/US-based AI providers (Mistral France, OpenAI US, Google US). Non-EU providers are excluded.
- Standard Mode: Prompts may be routed to providers in US, EU, and Asia for best model performance.
- Custom Expert documents: Embeddings are stored exclusively in your EU-hosted database. They are never sent to AI providers β only the relevant text chunks are sent as context during a session.
6. Custom Expert Persona β Specific Safeguards
When you upload documents to train a Custom Expert Persona, additional protections apply:
Upload: Documents are chunked into segments and converted to mathematical vectors (embeddings). The original file content is processed in memory and not stored as raw files.
Storage: Only embeddings (numerical vectors) and text chunks are stored in your tenant-isolated database. The embedding itself cannot be reverse-engineered back to the original document.
Usage: During a debate, only the 5 most relevant text chunks are retrieved and sent as context. The AI never receives your full document library.
Deletion: When you delete a Custom Expert Persona, all associated embeddings and document records are permanently deleted via database cascade. This is irreversible and complete.
7. Data Retention & Deletion
- Active account: Session transcripts, reports, and Custom Expert data are retained for as long as your account is active.
- Account deletion: All data (sessions, embeddings, personas, documents, payment metadata) is permanently deleted within 30 days.
- Custom Expert deletion: Immediate deletion of all embeddings and document records (cascade delete).
- Session expiry: Free tier sessions are auto-deleted after 90 days of inactivity.
- We retain no backups of deleted data beyond the 30-day processing window.
8. Sub-Processors
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, Auth | EU (Frankfurt) |
| Vercel | Hosting, Edge Functions | Global CDN |
| Stripe | Payments | US/EU |
| Upstash | Redis Cache, QStash | EU |
| OpenAI | AI Model (GPT-4o) | US |
| Mistral | AI Model + Embeddings | EU (France) |
| AI Model (Gemini) | US | |
| OpenRouter | AI Model Routing | US |
9. Security Practices
- Access control: Internal access to production data requires multi-factor authentication and is logged.
- API security: All API endpoints are authenticated via Supabase JWT tokens with short expiry times.
- Rate limiting: API endpoints are rate-limited to prevent abuse and DDoS.
- Dependency monitoring: Automated vulnerability scanning for all npm dependencies.
- Infrastructure: Serverless architecture (Vercel + Supabase) β no long-running servers to compromise.
10. Contact & Incident Response
For security concerns, data requests, or to report a vulnerability:
- Security: security@council-ia.com
- Privacy / GDPR: privacy@council-ia.com
- DPA requests (Corporate): legal@council-ia.com
We acknowledge security reports within 24 hours and aim to resolve critical issues within 72 hours.