Security & data residency

Where your data lives, honestly.

OpenAlice Embed is built EU-first. Here’s exactly what runs where, who the sub-processors are, and what we don’t pretend yet: the same carve-out we put in the DPA.

Chat & your knowledge base: EU-hosted

Text conversations and retrieval over your pages/knowledge base run on European infrastructure with European models (Mistral). Your brand knowledge is tenant-isolated and never trains a shared model.

Voice: EU by default

Speech runs on European infrastructure by default (Mistral, EU). US-hosted voice providers exist strictly as a per-tenant opt-in behind an explicit consent gate. Nothing transits outside the EU unless you switch it on yourself.

Sub-processors

Mistral (EU) for language, embeddings and voice; EU hosting (Hetzner, Germany). The current list and the DPA are available on request and at /dpa.

Roles & GDPR rights

You are the data controller; OpenAlice is your processor under a signed DPA. Visitors can be exported or erased on request, and the widget shows an AI disclosure + consent before any voice capture.

Retention & memory

Conversation retention is configurable per widget: off, session, or persistent with a 7/30/90/365-day window (or forever). Visitor memory is opt-in and scoped to your tenant.

Visitor consent & transparency

Before voice, the widget asks for consent and discloses that Lily is an AI representing the brand, not a human. See our AI disclosure and Privacy policy.

Questions a reviewer needs answered? security@openalicelabs.eu · ← back to the overview