How to build internal AI tools without compliance blocking the project(comply-tech.co.uk)
comply-tech.co.uk
How to build internal AI tools without compliance blocking the project
https://comply-tech.co.uk/blog/internal-ai-tool-compliance.html
4 comments
But now I need a DPA with ComplyTech and send all my data there first ...
Nice ad folks.
Nice ad folks.
Second, the difference is what happens to the data. When you send a support ticket to an LLM provider, they process it, may retain it for up to 30 days for abuse monitoring, and the personal data in that ticket is now available in their infrastructure for the duration. ComplyTech processes in memory and returns the result. Nothing is stored, logged, or retained after the response. Zero data retention is an architectural guarantee, not just a policy.
So you go from one third-party processor that retains your customers' personal data, to one that processes it in memory and discards it immediately, plus an LLM provider that now only receives sanitised text.