SecureAI is built for the automotive aftermarket industry, where parts catalogs, customer records, and proprietary pricing data require strict protection. This article explains what data SecureAI collects, how it flows through the system, what protections apply at each stage, and what controls you and your administrators have over retention and deletion.
If you need the technical depth — encryption algorithms, network architecture, vulnerability management — see SecureAI Security Architecture. This article focuses on the practical questions: what happens to your data, who can access it, and how long it is kept.
What Data Does SecureAI Handle?
When you use SecureAI, four categories of data are involved:
| Data Category | Examples | Where It Is Stored | Who Can Access It |
|---|---|---|---|
| Conversation data | Questions you ask, AI responses, conversation titles | Cloud SQL (PostgreSQL) | You (your own conversations), Admins (all conversations in your organization) |
| Uploaded documents | PDFs, images, spreadsheets uploaded to knowledge bases | Cloud Storage | Users with access to the knowledge base, Admins |
| User account data | Name, email, role, authentication credentials | Cloud SQL (PostgreSQL) | You (your own profile), Admins (all users in your organization) |
| Usage metadata | Timestamps, session identifiers, feature usage, model selection | Cloud SQL (PostgreSQL) | Admins (via audit logs and analytics) |
Each category is subject to the protections described in the sections below.
How Your Data Flows Through SecureAI
Understanding the data flow helps you make informed compliance decisions:
┌──────────────────────────────────────────────────────────────┐
│ You (Browser or API Client) │
│ ── TLS 1.2+ encrypted ────────────────────────────────── │
├──────────────────────────────────────────────────────────────┤
│ SecureAI Frontend │
│ Receives your input, displays responses │
│ ── Internal encrypted connection ──────────────────────── │
├──────────────────────────────────────────────────────────────┤
│ SecureAI API Server │
│ Authenticates you, enforces permissions, routes requests │
│ ── Two paths ──────────────────────────────────────────── │
├───────────────────────────┬──────────────────────────────────┤
│ Storage (GCP) │ AI Model Provider │
│ Saves conversations, │ Processes your prompt, │
│ documents, user data │ returns a response, │
│ (encrypted at rest) │ retains NOTHING │
└───────────────────────────┴──────────────────────────────────┘
Key point: Your data touches two external systems — GCP (for storage) and the AI model provider (for response generation). The model provider does not store your data. GCP stores it encrypted.
Data at Rest
All stored data is encrypted using AES-256 on Google Cloud Platform:
| Data Type | Storage Service | Encryption | Key Management |
|---|---|---|---|
| Conversation history | Cloud SQL (PostgreSQL) | AES-256 server-side | GCP-managed keys (default) or CMEK |
| Uploaded documents | Cloud Storage | AES-256 server-side | GCP-managed keys (default) or CMEK |
| User account data | Cloud SQL (PostgreSQL) | AES-256 server-side | GCP-managed keys (default) or CMEK |
| Audit logs | Cloud SQL (PostgreSQL) | AES-256 server-side | GCP-managed keys (default) or CMEK |
| Database backups | Cloud Storage | AES-256 server-side | Same key policy as source data |
What "encrypted at rest" means in practice: Even if someone gained physical access to the storage hardware, they could not read your data without the encryption keys. The keys are stored separately in GCP's Key Management Service.
Customer-Managed Encryption Keys (CMEK): Organizations with stricter requirements can control their own encryption keys. Your organization manages the key lifecycle — creation, rotation, and revocation — through GCP KMS. Revoking a CMEK renders all data encrypted with that key permanently unreadable. CMEK is available for enterprise service agreements. See SecureAI Security Architecture for configuration details.
Data in Transit
All network communication is encrypted:
| Connection | Encryption | Details |
|---|---|---|
| Your browser → SecureAI | TLS 1.2+ | HTTP automatically redirected to HTTPS. HSTS headers enforced. |
| SecureAI internal services | Mutual TLS (mTLS) | API server, frontend, and database communicate over encrypted channels with mutual authentication. |
| SecureAI → AI model providers | TLS 1.2+ | Prompts and responses encrypted in transit. No data cached between requests. |
| SecureAI → Cloud Storage | TLS 1.2+ | Document uploads and downloads encrypted in transit. |
What this means for you: Your data is encrypted from the moment it leaves your browser until it reaches its destination, and at every hop in between.
What Happens When You Talk to an AI Model
This is the question most organizations ask first. Here is exactly what happens:
What Is Sent to the Model Provider
- Your prompt — the question or instruction you typed.
- Conversation context — prior messages in the current conversation, up to the model's context window limit.
- Retrieved document content — if you are using a knowledge base, relevant chunks from your uploaded documents are included as context.
- System instructions — configuration set by your administrator (e.g., "You are a helpful automotive aftermarket assistant").
What Is NOT Sent to the Model Provider
- Your login credentials or authentication tokens.
- Other users' conversations or other organizations' data.
- Audit logs or administrative configuration.
- Your full document library — only the chunks relevant to your specific question.
Model Provider Data Protection
| Protection | What It Means |
|---|---|
| No training on your data | Model providers cannot use your prompts or responses to train, fine-tune, or improve their models. This is contractually enforced. |
| No data retention | Model providers must delete your data after generating a response. Nothing is stored beyond the API request lifecycle. |
| Prompt isolation | Each request is independent. Your prompts are never mixed with other users' or organizations' data. |
| Provider selection is yours | Your administrator chooses which model providers are available. Options include OpenAI, Anthropic, Azure OpenAI, and local models (Ollama, vLLM). |
Local model option: When configured with Ollama or vLLM, your prompts never leave your own infrastructure. No external model provider is involved. See Adding Custom Model Providers for setup instructions.
Data Isolation Between Organizations
SecureAI enforces strict tenant isolation — your organization's data is completely separated from every other organization's data:
- Application-level isolation: Every database query includes your organization ID. There is no mechanism to query across organizations.
- Storage-level isolation: Uploaded documents are organized by organization ID in Cloud Storage. One organization cannot access another's files.
- User-level isolation: Users belong to exactly one organization. An administrator in Organization A cannot see, manage, or affect anything in Organization B.
- Knowledge base isolation: Knowledge bases and their document collections are scoped to your organization. Search results never include content from other tenants.
What this means for you: If you upload a proprietary parts catalog, no other SecureAI customer can see it, search it, or receive AI responses based on it.
Data Retention and Deletion
Your organization controls how long data is kept. Administrators configure retention policies through the admin panel.
Retention Periods
| Data Type | Default Retention | Configurable? | How to Change |
|---|---|---|---|
| Conversation history | Per service agreement (typically 30, 90, or 365 days) | Yes | Admin panel → Settings → Data Retention |
| Uploaded documents | Until deleted by an administrator or retention policy expiration | Yes | Admin panel → Knowledge Base management |
| User account data | Until the account is deactivated and deletion is requested | Yes | Admin panel → User Management |
| Audit logs | Per service agreement (typically longer than conversation retention) | Configurable at onboarding | Contact account representative |
What Happens When Data Is Deleted
- Conversation deletion: The conversation, all its messages, and any associated metadata are permanently removed from the database. This is not recoverable.
- Document deletion: The document is removed from Cloud Storage and its embeddings (vector representations) are deleted. The document cannot be retrieved after deletion.
- User deactivation: When a user account is deactivated, their data remains accessible to administrators for audit purposes. An administrator can request full deletion to permanently remove all of the user's data.
- Organization closure: When a service agreement ends, all data associated with that organization — conversations, documents, user accounts, audit logs — is permanently deleted within the timeframe specified in the agreement (typically 30 days after termination).
Who Can Delete Data
| Action | Who Can Do It |
|---|---|
| Delete your own conversations | You (from your profile or conversation list) |
| Delete any user's conversations | Administrators |
| Delete uploaded documents | Administrators |
| Deactivate user accounts | Administrators |
| Request full data deletion for a user | Administrators |
| Request organization data deletion | Organization owner (per service agreement) |
See Configuring Data Retention Policies for detailed setup instructions.
Access Controls
Multiple layers protect who can see and do what:
Role-Based Access Control (RBAC)
| Role | Can Access | Cannot Access |
|---|---|---|
| User | Own conversations, shared workspaces, knowledge bases they have been granted access to | Other users' conversations, admin settings, audit logs, user management |
| Admin | All conversations in the organization, user management, audit logs, system settings, knowledge base management | Other organizations' data |
Authentication
SecureAI supports multiple authentication methods, and your organization chooses which to use:
- Local accounts: Email and password with optional multi-factor authentication (MFA).
- SAML SSO: Federated authentication through your identity provider (Okta, Azure AD, Auth0). See How to Configure SAML SSO.
- OIDC SSO: OpenID Connect-based authentication. See How to Configure OIDC SSO.
- API tokens: Bearer tokens for programmatic access, scoped to specific permissions, revocable by administrators.
Session Management
- Sessions expire after a configurable inactivity period.
- Administrators can force-logout any user immediately.
- All session events are recorded in audit logs.
Audit Logging
Every security-relevant action is logged:
What Is Logged
| Event Category | Examples |
|---|---|
| Authentication | User logins, logouts, failed login attempts, SSO events |
| User management | Account creation, deactivation, role changes |
| Data access | Document uploads, document deletions, conversation exports |
| Configuration | SSO configuration changes, retention policy changes, API token creation and revocation |
| Administrative | Admin data access, bulk operations, system setting changes |
Accessing Audit Logs
- Admin panel: Administrators can view and search audit logs through the SecureAI admin interface.
- Export: Logs can be exported in standard formats for integration with your SIEM or compliance tools.
- Retention: Audit logs are retained independently of conversation data. The retention period is defined in your service agreement and is typically longer than conversation retention.
See How to Audit User Activity for step-by-step instructions.
Compliance Support
SecureAI's data handling practices support common compliance frameworks:
| Framework | How SecureAI Supports It |
|---|---|
| SOC 2 Type II | Infrastructure controls via GCP, application-level controls documented in audit reports. Contact your account representative for the current report. |
| GDPR | Data processing agreements (DPAs) available, data subject access and deletion rights supported, EU data residency option (europe-west1). |
| HIPAA | Business Associate Agreements available, encryption controls meet HIPAA requirements, access audit logging supports compliance audits. |
| CCPA | Data deletion capabilities, data portability through export features, DPAs available on request. |
For detailed compliance information, see Compliance Certifications — SOC 2, GDPR, HIPAA.
Data Residency
| Region | GCP Location | Availability |
|---|---|---|
| United States (default) | us-central1 (Iowa) | All organizations |
| European Union | europe-west1 (Belgium) | Available on request |
| Additional regions | Contact account representative | Enterprise agreements |
All data — conversations, documents, user accounts, audit logs, and backups — resides in the selected region. Changing regions requires a planned migration coordinated with your account representative.
What SecureAI Does NOT Do
For clarity:
- Does not sell, share, or monetize your data. Your data is used only to provide the service.
- Does not train AI models on your data. Your conversations and documents are never used for model training, fine-tuning, or improvement.
- Does not allow cross-tenant access. No other organization can see your data.
- Does not store data on your devices. All data resides server-side in GCP. Nothing is persisted in your browser or on your computer.
- Does not retain data beyond your configured retention period. When the retention period expires, data is permanently deleted.
- Does not send your full document library to model providers. Only relevant chunks for the specific question are sent, and they are not retained by the provider.
Frequently Asked Questions
Can other organizations see my data?
No. Each organization's data is fully isolated at the application, database, and storage levels. There is no cross-tenant access at any layer.
What happens to my data if my account is deactivated?
Your conversation history and uploaded documents remain accessible to your organization's administrators for audit purposes. An administrator can request full deletion of your data, which permanently removes it.
Does SecureAI comply with GDPR?
SecureAI supports GDPR compliance through data processing agreements, data subject access rights (export), data deletion capabilities, and EU data residency options. Contact your account representative for the current DPA.
Can I export my conversation history?
Yes. Administrators can export conversation data through the admin panel or the API. Individual users can export their own conversations from their profile settings, subject to your organization's policy.
Where is my data physically stored?
By default, in GCP's us-central1 region (Iowa, United States). EU data residency (europe-west1, Belgium) is available on request. Additional regions are available for enterprise agreements.
Is my data encrypted?
Yes. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Organizations requiring additional key control can use Customer-Managed Encryption Keys (CMEK) through GCP KMS.
What if I use a local model instead of a cloud provider?
When configured with Ollama or vLLM, your prompts are processed entirely on infrastructure you control. No data is sent to any external model provider. See Adding Custom Model Providers.
Can my administrator see my conversations?
Yes. Administrators can view all conversations within the organization for compliance and audit purposes. This access is logged in the audit trail.
Related Articles
- SecureAI Security Architecture
- Compliance Certifications — SOC 2, GDPR, HIPAA
- Configuring Data Retention Policies
- Adding Custom Model Providers
- How to Audit User Activity
- How to Configure SAML SSO
- How to Configure OIDC SSO
- Setting Up IP Allowlisting for Enterprise Access
- Getting Started with SecureAI
Questions
For data handling questions, to request a Data Processing Agreement, or to discuss data residency options, contact your account representative.