Data protection, privacy and security

LiffeyAI is a commercial intelligence platform. It connects to your business documents, files, and knowledge sources, indexes them into a secure knowledge base, and makes them available to an AI assistant (called Liffey) that your team can query in plain language.

We hold the following categories of data on your behalf:

We do not hold payment card data, national identity numbers, health data, or any special-category personal data under GDPR.

You can connect external sources to LiffeyAI: documents, folders, websites, email threads, and third-party platforms such as Google Drive, Microsoft 365, Slack, or GitHub. Connecting a source does not give LiffeyAI permanent access to your systems. We read the content you authorise at the time of connection and at each sync, then immediately derive our own representation of it. The live source files themselves are never stored by LiffeyAI.

What we do store is a derived version: the text we extracted and a numerical representation (embedding vector) of each passage. This derived version lives in your workspace's knowledge base in our EU database. It is used exclusively to answer your team's queries; it is never shared with other customers or used to train AI models.

The ingestion process works as follows:

1. LiffeyAI reads the content of the source using the access you have authorised.
2. The readable text is extracted (parsing PDFs, Word documents, spreadsheets, and so on where applicable).
3. The text is split into overlapping passages of approximately 500 words.
4. Each passage is converted into an embedding vector (a compact numerical representation of its meaning) using an EU-hosted AI model.
5. The passage text and its embedding vector are stored in your workspace's EU knowledge base. The original file is not retained.

When a member asks Liffey a question, the question itself is converted into an embedding vector, and the most semantically relevant passages are retrieved from the knowledge base. Those passages, together with your Commercial Brain content, are sent to the AI model in-EU to generate an answer. LiffeyAI applies a recency weighting so that more recently added content is preferred when sources conflict or overlap.

Removing connected sources and extracted knowledge

You are in full control of what stays in your knowledge base. At any time you can remove a connected source. When you do, you choose between two outcomes:

Individual documents within a source can also be archived or purged independently through the Knowledge Base section of your settings, giving you document-level control without disconnecting the entire source.

LiffeyAI operates two distinct knowledge layers. Understanding the difference is important for assessing how your data is used:

Neither layer is shared with other customers. Each workspace has its own fully isolated Commercial Brain and its own fully isolated knowledge base.

LiffeyAI is built for EU data residency. Your database, application compute, and all AI processing run within the European Union. One component, version-controlled storage of your Commercial Brain source documents and brand assets, currently runs on GitHub (United States); we are migrating this to EU-resident storage. The full picture:

Source systems you choose to connect (Google Drive, Microsoft 365, Slack, GitHub, and so on) are governed by their own terms of service. LiffeyAI reads only what you authorise, processes the content in-EU, and stores only the extracted text and embeddings as described above.

LiffeyAI is a multi-tenant platform. The following controls ensure that no customer can access another's data:

• Row-level tenant isolation. Every record in the database carries a workspace identifier. Every query and API request is scoped to that workspace and verified before execution. It is not possible to construct a request that returns data from a different workspace.
• Isolated content storage. Each workspace's Commercial Brain documents and brand assets live in their own private, per-workspace Git repository, and the queryable copy lives in per-workspace database tables. Content is never held in a shared file system.
• Encrypted credentials. Access tokens for connected sources are encrypted with AES-256-GCM at the application layer (in addition to database-level encryption at rest) using a key held separately from the data. A database breach alone cannot expose your credentials.
• Invite-only access. Your workspace is accessible only to email addresses you explicitly invite. Sign-in uses one-time codes sent to verified email addresses (no passwords). There is no self-sign-up.
• Role-based permissions. Owners can edit and approve changes to the Commercial Brain. Members can query and contribute. Neither role can see data from another workspace.
• Append-only audit log. Every significant action (brain edits, source connections, member changes, AI commits) is logged with the actor, timestamp, and before/after state. Logs cannot be edited or deleted.

LiffeyAI uses foundation AI models to power the assistant. The following commitments apply:

• Your data is not used to train AI models. Anthropic and AWS operate under enterprise terms that prohibit using customer inputs to train or improve their models.
• Zero data retention at the AI layer. Prompts and responses are processed in memory and are not stored by the AI provider.
• AI processing stays in the EU. Both the inference model and the embedding model are served from AWS Frankfurt (eu-central-1). Your prompts and retrieved knowledge are processed in-EU and are not sent to US AI infrastructure. (Separately, your Commercial Brain source documents are version-controlled on GitHub in the US, as noted in section 4; that migration to EU storage is planned.)
• Query expansion. To improve search quality, LiffeyAI generates alternative phrasings of your question before retrieving knowledge (multi-query RAG). These alternative phrasings are generated using a lightweight AI model and are treated with the same data handling as the original query.
• No autonomous action. Liffey proposes; your team decides. The assistant can draft content and suggest updates to the Commercial Brain, but nothing is committed without explicit owner approval.

LiffeyAI uses the following sub-processors to deliver the service. All are under data processing agreements consistent with GDPR:

The complete, current sub-processor list and our standard Data Processing Agreement (DPA) are available on request at hello@liffey.ai.

Access to your LiffeyAI workspace is controlled at multiple layers. We have deliberately avoided passwords: they are the most common source of credential breaches and they put the security burden on your team. Instead, LiffeyAI uses the following model:

Infrastructure security

• Encryption in transit. All connections use TLS 1.2 or higher.
• Encryption at rest. The EU database is encrypted at rest by the hosting provider (Neon). Source credentials are additionally encrypted at the application layer with AES-256-GCM.
• Least-privilege service accounts. Each internal service (database, AI inference, email) has its own isolated credentials scoped only to what it needs. A breach of one service account cannot be used to access others.
• Audit logging. All significant actions are logged immutably. Logs are used for security review, incident response, and customer-requested audit trails.
• Backups. The database has continuous point-in-time recovery. Backups are stored within the EU.
• Source disconnection. When you remove a connected source, you can choose to archive (retain the extracted knowledge, hide the source) or purge (delete the source record, the extracted items, and all knowledge chunks). Purge is irreversible.

Under GDPR and applicable data protection law, you have the following rights in relation to your data:

To exercise any of these rights, contact hello@liffey.ai. We will acknowledge your request within 72 hours and respond fully within one calendar month. Where a request is complex or we have received a number of requests simultaneously, we may extend this by a further two months; if so, we will notify you within the first month and explain the reason for the extension.

We retain your data for as long as your workspace is active. Specific retention periods:

For enterprise customers with specific data residency or isolation requirements, LiffeyAI offers a dedicated, single-tenant deployment in the jurisdiction of your choice. This provides:

• A dedicated database in your chosen region (EU, UK, US, or other).
• Dedicated compute pinned to that region.
• In-region AI inference and embedding, so your content never leaves your jurisdiction.
• The option to bring your own AI API keys (BYOK), so prompts are processed under your own account with your provider.
• Isolated encryption keys (optionally customer-managed).
• Complete logical and physical separation from the shared platform.

To discuss the enterprise plan, contact hello@liffey.ai.

In the event of a confirmed security incident affecting your data, LiffeyAI will notify affected workspace owners within 72 hours of becoming aware of the incident, consistent with our GDPR obligations. Notifications will describe the nature of the incident, the data affected, the likely consequences, and the measures taken or proposed. Contact hello@liffey.ai to report a suspected security issue.

LiffeyAI processes personal data on the following lawful bases under Article 6 of the GDPR:

LiffeyAI is the data processor acting on your instructions. You, as the customer, are the data controller for the commercial data you bring into the platform. This means you determine the purposes and means of processing your data; we process it only as directed by your use of the service and by our Data Processing Agreement. A standard DPA is available on request at hello@liffey.ai.

All core processing (database, compute, AI inference, and embeddings) takes place within the European Union. No personal data or commercial content is transferred to the United States or other third countries as part of the standard service.

Where you choose to connect optional third-party sources (such as Google Drive, GitHub, or Slack), those providers may process data in the United States. LiffeyAI reads only the content you specifically authorise and immediately processes and stores it in-EU. The transfer of data to those optional connectors is covered by Standard Contractual Clauses (SCCs) under Article 46(2) GDPR, entered into between LiffeyAI and each relevant sub-processor. A list of those sub-processors and the SCCs in place are available on request.

If you have specific requirements around international transfers, such as a prohibition on any third-country processing, please contact us at hello@liffey.ai to discuss the enterprise dedicated deployment option, which can be configured to eliminate optional-connector transfers entirely.

LiffeyAI is an early-stage company and does not yet hold its own SOC 2 or ISO 27001 certification. We are working toward SOC 2 Type II as our first formal certification. We will update this document when that process is complete.

In the meantime, the infrastructure and AI providers that underpin the service are certified independently:

We can share sub-processor SOC 2 reports and ISO certificates on request, subject to any NDA requirements from those providers. Contact hello@liffey.ai.

The LiffeyAI service is a business-to-business platform intended for use by organisations and their authorised employees. It is not directed at individuals under the age of 16 and we do not knowingly process personal data of children. If you believe a person under 16 has been added as a workspace member in error, please contact hello@liffey.ai and we will remove that access immediately.

If you believe we have not handled your data in accordance with applicable data protection law, you have the right to lodge a complaint with the relevant supervisory authority. LiffeyAI is based in Ireland. The relevant authority for Ireland is:

Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
www.dataprotection.ie

If you are based in another EU member state, you may also contact your local supervisory authority. We would, however, appreciate the opportunity to address any concern directly before a formal complaint is made. We would appreciate the opportunity to resolve any concern directly; please contact us at hello@liffey.ai.

We may update this document as our infrastructure, certifications, or practices evolve. Material changes will be communicated to workspace owners by email before they take effect. The current version is always available at this URL. Last reviewed June 2026 and signed off by the LiffeyAI data controller.