Data retention policy
We retain Customer Data only as long as needed to provide Anrie, meet contractual obligations, and comply with law. Account/workspace/connection data (Slack workspace + user identity, the Slack bot token, connected ad-account references and settings) is retained for the life of the installation. To give the Anrie agent context, Slack conversation history for channels the bot participates in is stored (per-customer history files plus a BigQuery communications ledger) as customer content. Temporary uploads/caches expire automatically (≈7–90 days). On uninstall, account closure, or a validated deletion request, we delete Customer Data — including stored Slack history and the ledger — from production within ~30 days; encrypted backups age out within ~14 days (7-day PITR + 14 retained daily backups). We do not use Customer Data for advertising and do not train our own or third-party foundation models on it.
Data archiving and removal policy
We maintain documented retention/disposal procedures for production systems, logs, and backups. Customer-initiated deletions trigger removal/anonymization of associated Customer Data and de-provisioning of credentials (including OAuth-token revocation). Backups are encrypted, used only for business continuity, and purged at the end of their retention period. The deletion procedure covers PostgreSQL, Cloud Storage, the Slack-history volume, and the BigQuery communications ledger.
Data storage policy
Customer Data is stored in encrypted Google Cloud managed services in the EU: Cloud SQL (PostgreSQL), BigQuery (analytics/communications ledger), Cloud Storage (assets/outputs), and Filestore (agent workspace + Slack history). Encrypted in transit (TLS 1.2+/1.3; DB connections require TLS) and at rest (AES-256, Google-managed keys). Access restricted via a private VPC with private DB IPs, least-privilege IAM, secrets in GCP Secret Manager, and Cloudflare Access on admin surfaces.
Data center location(s)
Belgium
Data hosting details
Cloud-hosted, multi-tenant SaaS on Google Cloud Platform (private GKE cluster in a private VPC; no public node IPs; egress via Cloud NAT). Public web + Slack-ingress traffic is fronted by Cloudflare (TLS, CDN, WAF/DDoS). Databases are reachable only over private IP from authenticated services.
Data hosting company
Google Cloud Platform (GCP); Cloudflare (DNS/edge/TLS/WAF).
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
yes
LLM model(s) used
Anthropic Claude (e.g. claude-opus-4-8 / claude-sonnet-4-6) powers the core agent, served via Google Vertex AI. On the creative-generation path: OpenAI (GPT-5.x), Google Gemini, xAI Grok, Fal.ai, ElevenLabs, Hedra, and HeyGen.
LLM retention settings
LLM processing runs on enterprise, multi-tenant model endpoints (Vertex AI / Anthropic); customer prompts and outputs are logically segregated by authentication scopes, project, and customer identifiers.
LLM data tenancy policy
Prompts/outputs are stored only as long as needed for product functionality (conversation context, previous drafts) under our general data-retention policy. Our LLM providers are under contractual no-training / zero-(or limited-)retention terms.
LLM data residency policy
Agent LLM reasoning is served via Google Vertex AI in a multi-region (global) configuration, so prompts/context may be processed outside the EU under our Google Cloud agreement (SCCs where applicable). Data at rest is stored in the EU (europe-west1).