AI Processing Statement

Who we use for LLM inference

Two providers, both engaged under EU Standard Contractual Clauses (SCC 2021/914) where the processing region is outside the EU:

— OpenAI Ireland Ltd. (Dublin, IE; group parent OpenAI, Inc., USA). EU data residency where available, US otherwise. — Anthropic, PBC (San Francisco, USA). US processing region (Anthropic API).

Both providers process LLM prompts that we generate on behalf of the customer. The prompts typically contain compliance text (controls, policies, risk descriptions) — not customer personal data — unless the customer explicitly uploads such data into a feature that calls the model.

Training and data retention

Under both providers' API terms, your prompts and completions are NOT used to train, fine-tune, or evaluate any model. On retention: by default the providers may store API request data briefly (typically up to 30 days) for abuse monitoring before deleting it — it is not used for training during that window. We are moving both providers onto their zero-data-retention tier to remove even that short-term storage; until that is in place across all endpoints, the standard short-retention terms apply.

Confidential AI — an optional EU-enclave tier

Regulated customers can enable Confidential AI. When active, the AI features above run inside a hardware-attested EU confidential-computing enclave (AMD SEV-SNP), operated through Edgeless Systems (Privatemode) instead of OpenAI/Anthropic. Prompts are end-to-end encrypted into the enclave — no infrastructure operator, including us, can read them, and nothing is sent to a US provider. Vector-search indexing currently remains on the standard EU-SCC provider. Full description: /confidential-ai.

Matproof Sentinel — source code processing

Sentinel is our penetration-testing product. When a customer installs the Matproof-Sentinel GitHub App on their organisation, Sentinel reads repository contents and ships excerpts to Anthropic for analysis as part of agent reasoning. This processing only happens for customers who actively opt in by installing the GitHub App. Findings are written back to the customer's repository as GitHub Issues (their own data store) and stored in the customer's Matproof tenant. Source-code excerpts sent to Anthropic are not used to train any model; we are moving this traffic onto a zero-data-retention configuration to remove the providers' short-term storage window as well.

What we deliberately don't do

— No customer data is used to train, fine-tune, or evaluate Matproof's own models. We do not run training pipelines. — No customer data is shared with LLM providers for marketing, benchmarking, or research purposes. — No automated decision-making with legal effect (Art. 22 GDPR) — every AI output is advisory; humans approve before any output is published to auditors or regulators. — No biometric, health, or other special-category data is sent to LLM providers in Matproof's standard flows.

DPIA + EU AI Act readiness

Matproof's AI features are classed under the EU AI Act as 'limited risk' (general-purpose AI assistance for compliance work) rather than high-risk. We maintain an internal Data Protection Impact Assessment (Art. 35 GDPR) covering the LLM use-cases. Customers requiring a copy for their own audit file can request it via [email protected] — we ship it under NDA.

Logging + monitoring

Every model call is logged with the user ID (pseudonymous), tenant ID, model name, and timestamp. Prompt + completion contents are NOT logged by default. We log enough to honour rate-limiting, billing, and Art. 30 GDPR record-keeping — and not more. Logs are retained for 90 days then purged.

If you'd rather not use AI features

Customers can disable the in-product AI assistant per workspace from Settings → AI. The policy generator and Sentinel are opt-in features that are dormant until you create your first policy / install the GitHub App. Disabling AI features doesn't downgrade the rest of the platform — control mappings, evidence tracking, and audit trails work without LLM inference.