AI Processing Statement

Who we use for LLM inference

Two providers, both engaged under EU Standard Contractual Clauses (SCC 2021/914) where the processing region is outside the EU:

— OpenAI Ireland Ltd. (Dublin, IE; group parent OpenAI, Inc., USA). EU data residency where available, US otherwise. — Anthropic, PBC (San Francisco, USA). US processing region (Anthropic API).

Both providers process LLM prompts that we generate on behalf of the customer. The prompts typically contain compliance text (controls, policies, risk descriptions) — not customer personal data — unless the customer explicitly uploads such data into a feature that calls the model.

Zero-data-retention contracts

Both OpenAI and Anthropic are configured with the zero-data-retention API tier. This means: (a) prompts and completions are not stored on the provider side beyond the immediate request, (b) they are NOT used to train, fine-tune, or evaluate any model, (c) human-review pipelines that the providers run on standard tiers are excluded for our traffic. We rely on the providers' published contractual terms and have these confirmed in our DPA with each provider.

Matproof Sentinel — source code processing

Sentinel is our penetration-testing product. When a customer installs the Matproof-Sentinel GitHub App on their organisation, Sentinel reads repository contents and ships excerpts to Anthropic for analysis as part of agent reasoning. This processing only happens for customers who actively opt in by installing the GitHub App. Findings are written back to the customer's repository as GitHub Issues (their own data store) and stored in the customer's Matproof tenant. Source-code excerpts are not retained by Anthropic (zero-data-retention).

What we deliberately don't do

— No customer data is used to train, fine-tune, or evaluate Matproof's own models. We do not run training pipelines. — No customer data is shared with LLM providers for marketing, benchmarking, or research purposes. — No automated decision-making with legal effect (Art. 22 GDPR) — every AI output is advisory; humans approve before any output is published to auditors or regulators. — No biometric, health, or other special-category data is sent to LLM providers in Matproof's standard flows.

DPIA + EU AI Act readiness

Matproof's AI features are classed under the EU AI Act as 'limited risk' (general-purpose AI assistance for compliance work) rather than high-risk. We maintain an internal Data Protection Impact Assessment (Art. 35 GDPR) covering the LLM use-cases. Customers requiring a copy for their own audit file can request it via privacy@matproof.com — we ship it under NDA.

Logging + monitoring

Every model call is logged with the user ID (pseudonymous), tenant ID, model name, and timestamp. Prompt + completion contents are NOT logged by default. We log enough to honour rate-limiting, billing, and Art. 30 GDPR record-keeping — and not more. Logs are retained for 90 days then purged.

If you'd rather not use AI features

Customers can disable the in-product AI assistant per workspace from Settings → AI. The policy generator and Sentinel are opt-in features that are dormant until you create your first policy / install the GitHub App. Disabling AI features doesn't downgrade the rest of the platform — control mappings, evidence tracking, and audit trails work without LLM inference.