Contents x
    AI Data Protection Information
      • PDF
      Contents

      AI Data Protection Information

        • PDF
        Article summary

        Enterprise AI Security & Governance Disclosure

        1. System Overview

        FoxBase operates an AI-powered chatbot designed as a document-based informational assistant.

        Intended Use

        • Customer support

        • Sales support

        • Internal knowledge assistance

        The system:

        • Processes text input

        • Generates text responses

        • Retrieves information from provided documentation (PDF-based knowledge base)

        • Does not execute transactions

        • Does not access customer backend systems

        • Does not perform automated decision-making

        • Does not conduct profiling

        User-uploaded attachments are not supported.

        2. AI Model Architecture

        Model Type

        • Large Language Models (LLM)

        • Natural Language Processing (NLP)

        • Machine Learning / Deep Learning

        Supported Models (Customer Configurable)

        • Haiku (default)

        • GPT-4.1 / GPT-4.1 Mini

        • Sonnet

        • Gemini

        • Nova Micro / Lite / Pro

        FoxBase does not develop or train proprietary foundation models.

        Model Capabilities

        • Text-to-text generation

        • Contextual document retrieval

        • Semantic understanding of technical documentation

        The system does not support:

        • Image generation

        • Audio processing

        • Multimodal outputs

        • Autonomous actions

        3. Model Training & Data Usage

        • No model training is performed by FoxBase.

        • No fine-tuning of foundation models with customer data.

        • No prompt-tuning using stored conversations.

        • No ingestion of customer data into model training pipelines.

        Conversation data is not reused to alter model weights.

        4. Data Processing & PII Handling

        Personal Data Requirement

        The chatbot does not require personal data for operation.

        Possible PII Processing

        Personal data may be processed only if voluntarily entered by a user in text input.

        The system:

        • Does not actively collect personal data

        • Does not profile individuals

        • Does not evaluate individuals

        • Does not perform automated decisions with legal or significant effect

        Logging & Observability

        FoxBase uses observability tooling (e.g., Langfuse) for:

        • System monitoring

        • Debugging

        • Performance analysis

        • Retrieval optimization

        Stored elements may include:

        • User text inputs

        • Model outputs

        • Technical metadata

        Data is not used for model training.

        No automated masking or redaction layer is currently implemented.

        5. Infrastructure & Data Centers

        Core Hosting

        • AWS infrastructure

        • Region: Frankfurt (EU)

        Model Invocation

        Model routing depends on selected model configuration.

        Core infrastructure is EU-hosted.
        Model processing location may vary depending on provider configuration.

        FoxBase does not operate proprietary model infrastructure.

        6. Subprocessors

        Potential subprocessors include:

        • AWS (hosting infrastructure)

        • Langfuse (observability and logging)

        • Model providers (depending on selected model configuration)

        Data processing occurs under contractual agreements.
        Model providers process input data solely for response generation.

        No data is sold, shared for marketing, or used for independent analytics purposes.

        7. Security Controls

        FoxBase operates under an ISO/IEC 27001 certified Information Security Management System (ISMS), renewed annually.

        Security controls include:

        • Role-based access control (RBAC) via internal user management system

        • Access limitation to observability data

        • System logging and traceability

        • Organisational incident management procedures

        Incident Response Contact:
        support@foxbase.de

        Data Protection Contact (GDPR/DSAR):
        support@foxbase.de

        Encryption details (at rest / in transit) follow AWS standard security configurations.
        Formal encryption specifications can be provided upon request.

        8. Content Safety & Filtering

        FoxBase does not implement additional custom content filtering layers.

        Content moderation and safety controls are provided at the model-provider level, which typically include safeguards against:

        • Sexual content

        • Hate speech

        • Violence

        • Self-harm

        • Copyright violations

        FoxBase does not disable provider-level safeguards.

        9. Compliance & Regulatory Positioning

        GDPR

        • Data minimisation approach

        • No required personal data

        • No profiling

        • No model training with user data

        • Observability limited to system improvement

        EU AI Act

        The chatbot qualifies as a general-purpose AI system used for informational assistance.

        Based on current scope:

        • Not classified as a high-risk AI system

        • Subject to transparency obligations

        • No prohibited AI practices involved

        ISO Standards

        • ISO/IEC 27001 certified

        10. Change Management

        If system scope changes (e.g., transactional integration, automated decision-making), FoxBase conducts a reassessment of:

        • Data protection impact

        • AI risk classification

        • Regulatory obligations

        11. More Information

        Further security or data protection-related information is available upon request at support@foxbase.de.

        Was this article helpful?
        What's Next