FlowShare ensures full compliance with the EU Data Protection Regulation (GDPR) and the AI Act, safeguarding data through secure, GDPR-compliant processing and by hosting in EU data centers.
To address concerns about the use of OpenAI's AI model, we would like to emphasize the following key points related to the data we transmit and how it is processed.
Legal Framework
From a legal standpoint, it is crucial to distinguish between two categories of data: Personal Data and non-personal Data. Personal Data encompasses information that allows the identification of an individual, such as data of birth, name, sex, IP address, and company name.
We are legally obliged to make the processing of personal data transparent. We would like to point out that all relevant information on the handling of personal data is contained in our current data processing agreement (GTC & DPA). Our commitment to data protection is reflected in our strict adherence to the guidelines set out in these documents.
Data Handling Protocol
We want to assure you that we do not transmit personal data to OpenAI unless explicitly entered into the textbox by the user. This ensures that sensitive information is not inadvertently shared or processed without proper authorization.
The following applies to the AI assistant FlowShare Assist and AI-Text Generation:
The data is converted into vectors (number collons) with the help of Azure OpenAI and stored in a vector database hosted in the EU. Everything runs via the Azure OpenAI service, which is hosted in the EU and all data is processed in compliance with the GDPR.
Secure Processing of Your Company Information with Azure OpenAI Service:
Your prompts (inputs) and completions (outputs), your embeddings, and your
training data:
are NOT available to other customers,
are NOT available to OpenAI,
are NOT used to improve OpenAI models,
are NOT used to improve any Microsoft or 3rd party products or services,
are NOT used for automatically improving Azure OpenAI models for your use in your
resource (The models are stateless, unless you explicitly fine-tune models with your
training data).
Your fine-tuned Azure OpenAI models are available exclusively for your use.
Further information on data privacy and infrastructure security of our subcontractors can be found here:
Azure OpenAI data privacy:
Azure infrastructure security:
Pinecone security measures:
DigitalOcean infrastructure security:
We are currently working on the implementation of PII and NER.
Personally Identifiable Information (PII)
PII recognition is a function offered by Azure AI Language.
The PII recognition function can identify, categorize and redact sensitive information
in structureless texts. Examples include phone numbers, email addresses and forms
of identification.
Named Entity Recognition (NER)
NER is a function offered by Azure AI Language.
The NER function can identify and categorize entities in structureless texts.
Examples include persons, places, organizations and quantities.
Regarding the AI-Auto Translation via DeepL:
DeepL is a German company and processes data in Germany. It is therefore also
subject to the EU Data Protection Regulation. More information on their general terms and conditions and their data security can be found here:
https://www.deepl.com/en/pro-license
https://www.deepl.com/en/pro-data-security
Option to Disable External Data Transmission for AI Services
All the aforementioned functions and data processing activities involving AI service providers, which transmit data to external servers - this includes Automatic AI text generation, FlowShare Portal, FlowShare Assist, and the AutoTranslate Add-on - can be disabled for all users, if desired. Only the essential information required for license verification is then transmitted externally. All exports will then take place locally, unless a platform integration is explicitly set up.