Data retention policy
Your company acts as a Data Controller (the "Controller"). ● Your company subcontracts certain Services, which imply the processing of personal data, to Paser, acting as a Data Processor (the "Processor"). ● Processor shall comply with all applicable Data Protection Laws (including GDPR) in the Processing of Company Personal Data; ● Customer shall, in its use of the Subscription Services, Process Personal Data in accordance with the requirements of the Terms of Service and all Data Protection Laws and Regulations. For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data.
Data archiving and removal policy
Upon termination or expiration of the Subscription Agreement or at any time at Customer’s written request, Paser shall: return to Customer or destroy all Personal Data, except as otherwise permitted by applicable Data Protection Laws and Regulations.
Data storage policy
Paser and its Subcontractors will only access, use, store, and transfer Customer Data to deliver the Services and to fulfill Paser’s obligations in the Agreement. Any Paser personnel who have access to Customer Data will be bound by appropriate confidentiality obligations. ● Paser will use industry-standard technical and organizational security measures to transfer, store, and Process Customer Data that, at a minimum, will comply with the Security Measures. Paser may update the Security Measures from time to time. ● The Services are developed with multiple layers of redundancy to guard against data loss and ensure availability. ● Customer agrees that Paser and its Subcontractors may transfer Customer Data to and access, use, and store Customer Data in locations other than Customer's country. ● To the extent Customer Data is subject to EU Data Protection Laws and is processed by Paser on Customer's behalf, Customer and Paser agree to the Data Processing Agreement.
Data center location(s)
Germany
Data hosting details
Cloud hosted
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
yes
LLM model(s) used
OpenAI GPT-5, OpenAI GPT-5-Nano
LLM retention settings
Effy retains LLM outputs only as needed to render the resulting feature (e.g. an accepted kudos becomes an Effy Note). OpenAI's default: inputs/outputs may be retained up to 30 days for abuse monitoring, then deleted. Not used to train models.
LLM data tenancy policy
OpenAI Platform API — multi-tenant, shared-endpoint service. No dedicated single-tenant deployment or Provisioned Throughput Units. Requests are isolated per-call; no shared model context across requests.
LLM data residency policy
Effy customer data at rest resides in Germany (AWS Frankfurt). OpenAI API requests are processed in OpenAI's US infrastructure; Effy has no EU data-residency amendment or non-US regional-project with OpenAI.