4 comments

[ 4.3 ms ] story [ 20.6 ms ] thread
But now I need a DPA with ComplyTech and send all my data there first ...

Nice ad folks.

Fair point, and it's one we get asked about. Two things worth clarifying: First, yes, you'd need a DPA with us just like you would with any processor. We have a standard Article 28 UK GDPR-compliant DPA ready to go.

Second, the difference is what happens to the data. When you send a support ticket to an LLM provider, they process it, may retain it for up to 30 days for abuse monitoring, and the personal data in that ticket is now available in their infrastructure for the duration. ComplyTech processes in memory and returns the result. Nothing is stored, logged, or retained after the response. Zero data retention is an architectural guarantee, not just a policy.

So you go from one third-party processor that retains your customers' personal data, to one that processes it in memory and discards it immediately, plus an LLM provider that now only receives sanitised text.