Privacy &
Transparency.
Your AI teammates have memory.
We make sure it belongs exclusively to you and is GDPR-compliant.
Our key commitments
Zero public training
Your data is never used to train the public foundation models of LLM providers.
Isolated memory
Every customer gets a sealed data silo. One tenant's vector store is never another's.
GDPR compliant
Right to erasure, portability and clear notices. We apply European standards across the board.
Navigation
DPO contact (GDPR)
privacy@humain-01.comPreamble
At HUMAIN, data protection isn't a legal checkbox — it's the technical foundation of our product.
HUMAIN operates a platform of AI teammates that run business tasks (coordination, marketing, sales, support, HR, legal, accounting) by connecting to your tools via API. To do their job, those teammates read your documents, your emails and your conversations — sensitive data whose confidentiality directly drives your trust in the service. This policy spells out exactly how we handle that information, who has access to it, where it is hosted, and how you can take back control at any time.
We strictly comply with the EU GDPR and the UK GDPR. HUMAIN acts as a processor under Article 28 GDPR, and our customers remain the controllers for the data they entrust to their AI teammates.
Definitions
AI teammate
An AI program configured to accomplish specific business goals by accessing your tools through APIs.
Vector memory
A persistent storage system (RAG) that turns documents and conversations into context vectors, isolated per customer.
Data we collect
When you use SQUAD, we collect the following categories of data:
Account data
Name, email, company name, billing information (handled via Stripe), API keys (stored encrypted).
Context data (memory)
Documents you upload (PDF, txt, csv), conversations, instructions (system prompts) you provide to the AI teammate.
Execution traces
Technical logs: API calls made by the AI teammate, timestamps, pages visited during authorised scraping.
How we use your data
HUMAIN acts as a Processor (Data Processor) under the GDPR. Our customers remain the Controllers (Data Controllers).
- Run the AI teammate (provide the context it needs for its tasks).
- Authenticate your connections to third-party integrations (Google, Slack, Hubspot).
- Bill for the number of requests processed (usage metering).
- Improve the infrastructure technically by analysing execution error logs.
Sub-processors & LLM models
Zero-data training commitment
We contractually guarantee, through our agreements with OpenAI/Anthropic (via their Enterprise zero-data-retention APIs), that your requests and data are NEVER used to train or improve the public foundation models.
To deliver the AI service, we temporarily send packets of text to:
- OpenAI / Anthropic: providers of the LLM engines (temporary processing, no extended retention).
- Supabase: database hosting (European Union — Frankfurt).
- Stripe: secure payment processing.
Data sovereignty
Your data belongs to you. Exclusively.
The contextual intelligence of your AI teammates is a competitive advantage. If you leave SQUAD, you take your memory with you.
AI-specific security
End-to-end encryption
All API keys you entrust to your AI teammates are encrypted with AES-256-GCM. We cannot read them in cleartext.
Database RLS isolation
Row Level Security is enabled: it is mathematically impossible for teammate A to read customer B's RAG memory.
Your rights (GDPR)
In accordance with European regulation (GDPR), you have the following fundamental rights over your personal data:
Right of access
Know exactly what data an AI teammate has stored about you or your company.
Right to rectification
Correct any inaccurate information the AI teammate has memorised.
Right to erasure
Compel the AI to forget (delete the vector store) any information about you.
Right to restriction / objection
Ask us to temporarily or permanently block the use of certain data.
Right to portability
Retrieve a raw export of your agentic memory to use it elsewhere.
How to exercise your rights
Simply email our Data Protection Officer (DPO): privacy@humain-01.com. We commit to processing your request within 30 days at most.
Avenues for appeal to supervisory authorities are detailed in the next section (International jurisdictions).
International jurisdictions
The HUMAIN service is published by Zedream Ltd, a company registered in the United Kingdom (Company No. 15531321), acting as data controller. The protection of your data is governed differently depending on where you live.
United Kingdom users
Your data is governed by the UK GDPR and the Data Protection Act 2018. You may lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.
European Union users
Your data is governed by the EU GDPR (EU 2016/679). You may lodge a complaint with the CNIL (cnil.fr) in France or with the competent supervisory authority in your country of residence.
Canadian users
Your data is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) at the federal level, and by Quebec's Law 25 for Quebec residents. Avenues for appeal:
- Office of the Privacy Commissioner of Canada: priv.gc.ca
- Commission d'accès à l'information du Québec: cai.gouv.qc.ca
International data transfers
- The EU → United Kingdom transfer is covered by the European Commission's adequacy decision of 28 June 2021, which recognises an equivalent level of protection.
- Data stored at Supabase (Frankfurt, Germany) stays within the EU.
- Transfers to OpenAI and Anthropic (United States) are framed by the Standard Contractual Clauses (SCCs) adopted by the European Commission, combined with a contractual zero-data-retention commitment on the content processed.