Обработка данных · Конфиденциальность · Субобработчики
Доверие и обработка данных.
Deliberately specific. Written so a CISO, a DPO — and in the case of the Google Workspace scan, a Google CASA reviewer — can confirm exactly what happens and when.
Четыре конкретные гарантии
Обещания, код которых мы можем показать.
Workspace scan · purged in 24h
Everything from a Workspace scan is auto-deleted within 24 hours — enforced by a daily cron, not a promise.
Read-only scopes
We request only the two admin read-only scopes we need. No write access, no mailbox content, no drive files.
No training on your data
LLM providers operate under enterprise agreements that exclude your audit data from model training.
GDPR Art. 15 / 17 ready
Copy, correction and deletion requests are honoured on any audit — for any user, any region, any time.
Сканирование Google Workspace
Эфемерно. Только чтение. Удаляется за 24 ч.
Clicking Scan Google Workspace asks for two admin scopes on an incremental consent screen. We enumerate OAuth apps granted in the domain and match them to our registry. Nothing is sent to analytics, CRM or third-party models.
Aggregated results land inworkspace_scan_sessionswith anexpires_atcolumn enforced by a daily cron at/api/tools/shadow-ai/cron/scan-purge.
Scopes requested
admin.directory.user.security.readonlyLets us enumerate OAuth-granted apps across your Workspace — the raw material for shadow AI discovery.
admin.reports.audit.readonlyLets us read the admin audit log so new AI tools appearing in the domain surface in your audit.
Trigger early deletion any time by emailing [email protected].
Отправки аудита
Ваши ответы, ваши инструменты, ваш inbox.
Survey answers, identified tools and the email you enter at the end are stored in our Postgres instance. Used only to produce your report and, where you opted in, to send you Buzzi.ai insights.
Hosting
Supabase Postgres (AWS · US / EU)
Backups
Encrypted at rest · Retained per vendor defaults
Audit retention
24 months, then auto-deleted
Email retention
Indefinite for unsubscribe — deletable on request
Субобработчики
Все, кто касается ваших данных.
Four vendors. That's the whole list. We publish changes at least 30 days before they apply.
Supabase
Primary Postgres hosting · AWS · US / EU
Stores audit submissions, survey answers and generated outputs. Encrypted at rest.
Postmark / Amazon SES
Transactional email · US
Sends audit reports, save-for-later links and insight emails you opt into.
OpenAI (Enterprise)
LLM inference — summaries, DPIA drafting · US
Enterprise agreement excludes customer data from training. Outputs scoped to your account.
Google (Vertex / Workspace Scan)
LLM inference + OAuth scan · US / EU
Used for Workspace OAuth discovery and Gemini-powered text generation. No training on customer data.
Выходы, созданные LLM
Executive summary, DPIA, опросники вендоров.
When you generate artefacts, we send the audit context to OpenAI or Google under enterprise agreements that exclude training on customer data. Outputs land inaudit_outputsscoped to your account and your account only.
Ваши права
GDPR Статья 15 / 17. Везде.
We honour copy, correction and deletion requests for any audit, regardless of your region. Email[email protected]and we respond within 30 days.
Request a copy
Email [email protected] and we send you everything we hold for your audit in machine-readable form.
Request deletion
Your audit, your outputs and your email are removed on request within 30 days. Confirmations are in writing.
Opt out of insights
Opting in to marketing is explicit. Opting out is one click in any email or by replying "stop".
Реагирование на инциденты
Ответственное раскрытие всегда приветствуется.
If you believe you've found a security issue, please disclose responsibly via[email protected]. We acknowledge within 2 business days and follow standard IR procedure — including regulator and data-subject notification where appropriate.
[email protected]Контакт по конфиденциальности
Свяжитесь с нашим DPO.
Copy / correction / deletion, DPA requests, sub-processor notifications — all go here.
[email protected]Методология
Как мы оцениваем риск.
Trust is the data side. Methodology is the math side — multipliers, bands and formulas, all published.
Открыть методологию