Enterprise security,
SaaS simplicity.
Your data is encrypted in transit and at rest. Conversations are isolated per tenant. Full GDPR compliance, no third-party AI training. Your information stays yours.
Isolated Environment
No data shared across accounts
AES-256 Encryption
Data encrypted at rest
Zero Training Use
Your content never trains AI models
GDPR Compliant
Consent, deletion, audit log
Without AnyDialog
Most platforms share infrastructure between customers. Your documents could theoretically be accessed. Data may be used to improve their models.
With AnyDialog
Every AnyDialog account runs in complete isolation. Your content is never shared and never used to train AI models.
Real scenario
Example scenario
Industry: financial services, ~300 people
The challenge Thomas, CTO at a healthcare company, needed AI-powered patient support but could not risk sensitive medical data being shared across customers or used for AI training.
The solution With AnyDialog, every account runs in an isolated environment. Patient data stays private, encrypted at rest with AES-256, and is never used to train third-party models.
Our security approach
Defense in depth. Your data, protected.
Encryption everywhere
Data encrypted in transit (TLS 1.3) and at rest (AES-256). No plaintext storage.
Complete tenant isolation
Your data is logically and physically separated from other customers — no cross-contamination.
Compliance built-in
GDPR compliance is baked in, not an afterthought. Data deletion, consent tracking, and privacy controls are built into the platform.
Security features
Encryption at rest & transit
AES-256 at rest, TLS 1.3 in transit. FIPS-compliant where required.
Tenant isolation
Logical and physical separation of data per organization — no cross-tenant access.
No third-party training
Your conversations never leave our platform. Not used to train anyone else's models.
GDPR compliant
Data deletion, consent tracking, and privacy controls built-in from day one.
Privacy by design
Built with privacy-first principles. No data sharing, no third-party training, no exceptions.
Regular penetration testing
Third-party security audits, 90-day update cycles, instant security patches.
All channels secure
Security applies across all channels — every conversation is protected regardless of where it happens.
GDPR-compliant by default
Application servers and persistent data live inside the European Union. The data-handling model is built on GDPR from day one, not bolted on after. Right of access, right to erasure, processing register, DPA on request — all operational.
In practice this means
EU application servers
The app runs on European infrastructure. No primary data transfer to third countries.
EU persistent data
Documents, conversations, knowledge base, user accounts — all stored in European datacenters.
DPA and SCC ready
Signable Data Processing Agreement and Standard Contractual Clauses for non-EU sub-processors. We hand you the templates at activation.
Right to erasure
The end user requests deletion, you execute from dashboard. Associated conversations and knowledge base entries are deleted in a verifiable way.
Declared sub-processors
AnyDialog uses two AI providers for inference. They are declared as sub-processors in the DPA, with legal bases for extra-EU data transfer.
| Sub-processor | Ruolo | Trasferimento | Dati condivisi |
|---|---|---|---|
| OpenAI | LLM and embedding models | US transfer under EU-US Data Privacy Framework + Standard Contractual Clauses | Text fragments of the single question, not the full documents |
| Anthropic | LLM models (Claude) | US transfer under Standard Contractual Clauses | Text fragments of the single question, not the full documents |
Neither OpenAI nor Anthropic uses your data to retrain their models. Explicitly disabled in our enterprise contracts.
Where your data lives
We split two flows: persistence and inference. They are separated and tracked.
Persistence
Documents, conversations, knowledge base, accounts → EU servers. They stay there.
AI inference
When the agent generates an answer, it sends the relevant fragments to the AI provider (US) and gets the response. The provider does not retain them beyond the single request.
Audit log
Every AI call is logged locally with timestamp, model used, cost. Traceable inside your dashboard.
RAG architecture: only the relevant fragments
AnyDialog does not send the entire knowledge base to AI providers on every question. Here is how it works: the knowledge base is indexed into vectors, stored on EU servers. When a question arrives, we locally search for the top 3-5 relevant fragments. Only those fragments travel to the AI provider together with the question. The model answers based on that context only. If the document doesn't contain the answer, the agent says so.
What it means in practice
- ✓ A confidential document does not leave our infrastructure "in the clear": only the fragment relevant to the single question travels
- ✓ Volume of data transferred is a fraction of the total. Less attack surface.
- ✓ The model answers from that context only. No hallucinations, no scope drift.
- ✓ Questions not covered by your documents = fallback answers, not invented ones
Legal documentation
The documents that govern processing of your data are public and linkable.
When you need this
Channels you can use
Security you can trust.
Enterprise encryption, GDPR compliance, isolated environments. Deploy with confidence.