AI Data Protection Information

Prev Next

Enterprise AI Security & Governance Disclosure

1. System Overview

FoxBase operates an AI-powered chatbot designed as a document-based informational assistant.

Intended Use

  • Customer support

  • Sales support

  • Internal knowledge assistance

The system:

  • Processes text input

  • Generates text responses

  • Retrieves information from provided documentation (PDF-based knowledge base)

  • Does not execute transactions

  • Does not access customer backend systems

  • Does not perform automated decision-making

  • Does not conduct profiling

User-uploaded attachments are not supported.

2. AI Model Architecture

Model Type

  • Large Language Models (LLM)

  • Natural Language Processing (NLP)

Supported Models (Customer Configurable)

  • Haiku (default)

  • GPT-4.1 / GPT-4.1 Mini

  • Sonnet

  • Gemini

  • Nova Micro / Lite / Pro

FoxBase does not develop or train proprietary foundation models.

Model Capabilities

  • Text-to-text generation

  • Contextual document retrieval

  • Semantic understanding of technical documentation

The system does not support:

  • Image generation

  • Audio processing

  • Multimodal outputs

  • Autonomous actions

3. Model Training & Data Usage

  • No model training is performed by FoxBase.

  • No fine-tuning of foundation models with customer data.

  • No prompt-tuning using stored conversations.

  • No ingestion of customer data into model training pipelines.

Conversation data is not reused to alter model weights.

4. Data Processing & PII Handling

Personal Data Requirement

The chatbot does not require personal data for operation.

Possible PII Processing

Personal data may be processed only if voluntarily entered by a user in text input.

The system:

  • Does not actively collect personal data

  • Does not profile individuals

  • Does not evaluate individuals

  • Does not perform automated decisions with legal or significant effect

Logging & Observability

FoxBase uses observability tooling (e.g., Langfuse) for:

  • System monitoring

  • Debugging

  • Performance analysis

  • Retrieval optimization

Stored elements may include:

  • User text inputs

  • Model outputs

  • Technical metadata

Data is not used for model training.

No automated masking or redaction layer is currently implemented.

5. Infrastructure & Data Centers

Core Hosting

  • AWS infrastructure

  • Region: Frankfurt (EU)

Model Invocation

Model routing depends on selected model configuration.

Core infrastructure is EU-hosted.
Model processing location may vary depending on provider configuration.

FoxBase does not operate proprietary model infrastructure.

6. Subprocessors

Potential subprocessors include:

  • AWS (hosting infrastructure)

  • Langfuse (observability and logging)

  • Model providers (depending on selected model configuration)

Data processing occurs under contractual agreements.
Model providers process input data solely for response generation.

No data is sold, shared for marketing, or used for independent analytics purposes.

7. Security Controls

FoxBase operates under an ISO/IEC 27001 certified Information Security Management System (ISMS), renewed annually.

Security controls include:

  • Role-based access control (RBAC) via internal user management system

  • Access limitation to observability data

  • System logging and traceability

  • Organisational incident management procedures

Incident Response Contact:
support@foxbase.de

Data Protection Contact (GDPR/DSAR):
support@foxbase.de

Encryption details (at rest / in transit) follow AWS standard security configurations.
Formal encryption specifications can be provided upon request.

8. Content Safety & Filtering

FoxBase does not implement additional custom content filtering layers.

Content moderation and safety controls are provided at the model-provider level, which typically include safeguards against:

  • Sexual content

  • Hate speech

  • Violence

  • Self-harm

  • Copyright violations

FoxBase does not disable provider-level safeguards.

9. Compliance & Regulatory Positioning

GDPR

  • Data minimisation approach

  • No required personal data

  • No profiling

  • No model training with user data

  • Observability limited to system improvement

EU AI Act

The chatbot qualifies as a general-purpose AI system used for informational assistance.

Based on current scope:

  • Not classified as a high-risk AI system

  • Subject to transparency obligations

  • No prohibited AI practices involved

ISO Standards

  • ISO/IEC 27001 certified

10. Change Management

If system scope changes (e.g., transactional integration, automated decision-making), FoxBase conducts a reassessment of:

  • Data protection impact

  • AI risk classification

  • Regulatory obligations

11. More Information

Further security or data protection-related information is available upon request at support@foxbase.de.