Trust · Privacy

Privacy

Plurall AI is GDPR Art. 28-aligned and offers a customer DPA on request. We process customer media solely to deliver the contracted scanning service.

Lawful basis: Customer instructions (controller-to-processor)
Sub-processor changes: 30-day notice with right to object
Data subject requests: Routed to the customer (controller)
International transfers: Standard Contractual Clauses

We do not retain customer media beyond the scan window. We do not use customer media to train our detection models; training data is sourced from licensed corpora and clearly demarcated red-team data.

Privacy questions go to privacy@plurall.example. Subject requests should be routed through the customer that ingested the media — Plurall AI is the processor, not the controller.

Back to Trust Center