Data retention policy
We never train our models on your data.
Your prompts and responses are never used to improve or fine-tune any models. The system never
learns from your environment.
What we do store: logs
We retain logs only for audit, compliance, security, and troubleshooting.
These are required so you can see what actions were taken, by whom, and why - ensuring permissions
enforcement and safe, compliant automation across your GTM stack.
Logs keep you safe. Training on your data would expose you. We only do the former.
Logs vs. Training Data
1. Training Data (what we do not use)
Training data modifies a model permanently - pre-training, fine-tuning, or teaching it new behaviors.
Alysio never trains on customer data.
This means:
● No customer data shapes the model
● No data leaves your environment for training pipelines
● No cross-customer learning
● No persistence of your content inside the model
● No model drift based on your proprietary information
This protects IP, prevents leakage, and ensures strict isolation.
2. Logs (what we do store and why)
Logs are operational metadata, not training examples.
They stay inside your tenant and typically include:
● Timestamp of the request
● Which user performed the action
● What system/API calls occurred
December 2025
● What was written back to Salesforce or other tools
● A high-level prompt (often scrubbed or encrypted)
Why logs must exist:
a. Auditability
i. Traceability of who did what, when, and with what data - aligning with SOX, SOC 2, ISO
27001, FINRA, etc.
b. Security and Forensics
i. Teams must verify:
1. Was the request legitimate?
2. Did the agent follow permissions?
3. Did the system behave correctly?
c. Debugging and Reliability
i. If Salesforce or another system errors, logs pinpoint the cause.
d. Compliance with customer IT policies
i. Enterprises require immutable records, command traceability, and separation between
data and training.
Data archiving and removal policy
Minimal customer data is retained for the duration of the customer’s active use of the service. When a customer disconnects their workspace, terminates their account, or requests data deletion, Alysio removes or anonymizes customer data within a reasonable timeframe. Limited data may be retained temporarily in backups or logs for security, operational, or compliance purposes and is automatically purged according to retention schedules.
Data storage policy
Alysio stores customer data securely in cloud infrastructure to provide the requested product functionality. Data stored is limited to what is necessary to deliver analytics, insights, and automation features. Customer data is logically isolated by workspace and access is restricted through role-based controls. Data is encrypted in transit and at rest using industry-standard security practices.
App/service has sub-processors
yes
Guidelines for sub-processors
App/service uses large language models (LLM)
yes
LLM model(s) used
Anthropic
LLM retention settings
Alysio is configured to minimize data retention when interacting with LLMs. Customer data is sent only as needed to fulfill user requests and is not retained by the LLM provider for training purposes. (Zero data retention certificate from Anthropic).
LLM data tenancy policy
Alysio operates a single-tenant logical data model at the customer level. Customer data sent to the LLM is processed only within the context of the requesting workspace and is not shared across customers or tenants.
LLM data residency policy
Customer data is processed in secure cloud infrastructure operated by Alysio and its LLM providers. Data residency remains in customer environment and processed within Alysio’s primary hosting regions and the regions supported by the LLM provider.