Question 1

How long is my conversation data and context memory retained?

Accepted Answer

Retention periods are specified in your Data Processing Agreement (request at contact+dpa@mail.duale.ai). By default, context memory is retained for active service use and permanently deleted upon account termination or deletion request. Data is never retained for training or analytics.

Question 2

What happens if the EU-USA Data Privacy Framework is invalidated by the European Court?

Accepted Answer

All data transfers would immediately rely on Standard Contractual Clauses (CCT) plus supplementary measures per EDPB 01/2020 recommendations. Transfer Impact Assessments (TIA) are pre-documented for all US subprocessors and available upon request. No service interruption occurs; data protection is maintained through contractual safeguards.

Question 3

Can I opt out of specific subprocessors or restrict which AI providers process my data?

Accepted Answer

You can object to future subprocessor additions by contacting contact+legal@mail.duale.ai. For existing services, you can disable specific AI provider routing in your account settings. Core infrastructure (Hetzner hosting, Crisp support) cannot be disabled without service suspension.

Question 4

What compliance documentation can I request for audits or regulatory reporting?

Accepted Answer

You can request: (1) Data Processing Agreement (contact contact+dpa@mail.duale.ai), (2) Transfer Impact Assessments for US subprocessors, (3) Audit logs of data access and processing. Duale AI also provides documentation on EU AI Act Article 4 compliance and risk classification guidance upon request.

Question 5

What are the GDPR compliance responsibilities when using BYOK with external AI providers?

Accepted Answer

Duale AI acts as a data processor for routing and context memory only; the AI provider is a separate processor. You remain the data controller responsible for: (a) verifying your AI provider's GDPR compliance (per EDPB 28/2024), (b) executing a Data Processing Agreement with them if needed, (c) documenting the processor relationship. Duale AI's DPA covers only our processing role.

Question 6

What does Duale AI's 'AI Deployer' status under the EU AI Act mean for my compliance obligations?

Accepted Answer

Duale AI qualifies as a deployer under EU AI Act 2024/1689, creating Duale AI's obligation to provide AI literacy training to staff (Article 4, effective Feb 2, 2025). You remain responsible for classifying your use cases by risk level (minimal, limited, high) and meeting the corresponding obligations. Duale AI provides classification guidance; contact contact+privacy@mail.duale.ai.

Sous-traitant	Fonction	Données traitées	Localisation	Garanties transfert
Hetzner Online GmbH	Hébergement infrastructure	Toutes données plateforme	Allemagne	N/A (UE)
GitHub, Inc.	Hébergement site web	Logs accès (IP, UA)	USA	CCT + DPF
Cloudflare, Inc.	CDN, protection DDoS	Données de navigation, IP	USA / UE	CCT + DPF

Sous-traitant	Fonction	Données traitées	Localisation	Garanties transfert
Auth0 (Okta)	Authentification, SSO	Email, nom, identifiants	USA	CCT + DPF
Cloudflare, Inc.	WAF, protection contre attaques	Logs de connexion, IP	USA / UE	CCT + DPF

Sous-traitant	Fonction	Données traitées	Localisation	Garanties transfert
Duale AI	Routage, mémoire contextuelle	Prompts, résultats, métadonnées	UE	N/A (UE)
Variable	Inférence LLM	Prompts, résultats	Variable	Selon fournisseur choisi

Acronyme	Signification
BYOK	Bring Your Own Key (clé API fournie par le Client)
CCT	Clauses Contractuelles Types (transferts hors UE)
CJUE	Cour de Justice de l’Union Européenne
DPA	Data Processing Agreement (accord de traitement des données)
DPF	Data Privacy Framework (UE-USA, décision d’adéquation 2023)
EDPB	European Data Protection Board (Comité européen de la protection des données)
RGPD	Règlement Général sur la Protection des Données
TIA	Transfer Impact Assessment (évaluation d’impact de transfert)
N/A (UE)	Pas de transfert hors UE

Liste des Sous-traitants

Introduction

Changements

Transferts internationaux

Infrastructure et Hébergement

Authentification et Sécurité

Services IA

Paiement et Facturation

Communication et Support

Analytics et Monitoring

Conformité Règlement IA (EU AI Act)

Glossaire

Contact