logo
Knowledgebase

GDPR & Data Security

Last update: 2026-02-24
This page describes how aReception.ai protects customer data and supports GDPR compliance. It is intended for IT, Security and Compliance stakeholders evaluating or deploying aReception.ai.

1) Roles & GDPR responsibility model

Within the aReception.ai service:
  • Customer is the Data Controller (defines purpose and means of processing).
  • aReception.ai is the Data Processor (processes data on behalf of the customer).
  • Customers retain control over their data and can manage it via the admin interface.

2) Data hosting & location

  • aReception.ai runs on Google Cloud Platform (GCP).
  • Employee contact details (used for calling/notifications) are stored in our cloud application on Google servers in the EU, specifically Belgium.
  • We do not operate our own servers; infrastructure security and hardening is provided by Googleโ€™s security stack.

3) Data protection (encryption & segregation)

  • Encryption at rest: AES-256
  • Encryption in transit: TLS 1.2+
  • Customer data is logically separated and access-controlled.
  • No unencrypted data is transmitted or stored.

4) Identity, authentication & access control

  • Access to data is restricted to authorized users through an Identity & Access Management approach.
  • Authentication is handled via Google Cloud Identity Platform.
  • Login is performed using a one-time login link sent to the userโ€™s email (no static password required).

5) Audio/video and camera data

  • aReception.ai does not store audio, video, or image recordings from the camera.
  • Only an anonymous transcript of spoken interaction can be stored in the client chatbot for quality review and improvement; it is not associated with an individual.

6) Calling employees / telephony privacy

When the digital receptionist (avatar) calls an employee:
  • Only the phone number is used.
  • No other personal data is transmitted to the external telephony service.
  • No link between name and phone number is created within the telephony provider context.

7) Chatbots and scenario tooling (EU hosting)

For chatbot scenarios and low-code configuration we use Coworkers/Daktela, hosted within data centers in the European Union.

8) Use of AI providers (OpenAI, Google Gemini)

8.1 OpenAI API

  • We use the OpenAI API (/v1/chat/completions) for real-time text processing only.
  • We do not send personal data to OpenAI (data is anonymized/pseudonymized where applicable).
  • We do not allow model training on our data and requests are not persistently stored (processed and then deleted).
  • All communication with OpenAI is encrypted and OpenAI does not use submitted data to train or improve models (per our configuration and data controls).

8.2 Google Gemini API (fallback)

  • If OpenAI services are unavailable, we may use Google Gemini API for query processing.
  • We do not send personal data to Google and use only secure paid API access, where Google states prompts/responses are not used for training within paid services.

9) Application & API security

  • All communication uses HTTPS endpoints only.
  • Client applications contain no sensitive keys or credentials.

10) Monitoring, logging & backups (availability & resilience)

  • GCP provides real-time monitoring, anomaly detection and infrastructure-level intrusion prevention.
  • Automatic backups and multi-availability-zone replication support availability and resilience.

11) Data subject rights & customer support

aReception.ai supports customers in meeting GDPR obligations (requests, access control, deletion/retention processes) under the customerโ€™s controller policies and configuration.
For privacy/legal information, see:

12) Contact

For security, GDPR, or compliance inquiries, contact our team here:
๐Ÿ”

Security summary

aReception.ai is built on Google Cloud Platform. Customer data is encrypted at rest (AES-256) and in transit (TLS 1.2+). Access is controlled via authenticated identity and authorization. We do not store audio/video/image recordings from devices; only anonymous transcripts may be stored for chatbot improvements. AI processing is performed through encrypted APIs with controls preventing provider model training on customer data.
Visitor Management Portal
Changelog
Powered by Notaku
aReception.ai
Share
Content
GDPR & Data Security
1) Roles & GDPR responsibility model
2) Data hosting & location
3) Data protection (encryption & segregation)
4) Identity, authentication & access control
5) Audio/video and camera data
6) Calling employees / telephony privacy
7) Chatbots and scenario tooling (EU hosting)
8) Use of AI providers (OpenAI, Google Gemini)
8.1 OpenAI API
8.2 Google Gemini API (fallback)
9) Application & API security
10) Monitoring, logging & backups (availability & resilience)
11) Data subject rights & customer support
12) Contact