Data and Security
- Is XICBOT GDPR-compliant? Data protection is part of the implementation from the start. Hosting and data processing are located in Germany or the EU, there is a data processing agreement, a deletion concept and full data sovereignty on your side. Data is neither passed on nor sold. Which data is processed how and how the assistant fits cleanly into your privacy policy is described on the privacy and hosting page. On request, we use European or self-hosted language models.
- Where is the data hosted? The assistant is operated in Germany or the EU. This is advantageous from a data protection perspective and ensures short paths for questions about operation. Your content and conversation data remain in your access; you are not pushed into a closed system. For companies with particularly high requirements, European or self-hosted language models can be used on request, so that the model processing also stays within the desired framework. You can find details on the privacy and hosting page.
- What happens with sensitive topics, and can the assistant hand over to a human? Yes. The assistant hands over to a staff member at any time, live or via ticket and email with the full conversation context. For sensitive topics such as a complaint or legal and medical questions, it deliberately escalates to a human instead of advising itself. This keeps responsibility where it belongs, and the visitor is not left alone with a delicate piece of information. How this handover is set up is shown on the support assistant page.
- Can the AI make things up? An AI assistant can err, that cannot be ruled out. That is why we bind its answers to your own content: it answers from your website, documents and knowledge base, instead of formulating freely into the blue. If a piece of information is not on file, it says so and points onward. In addition, handover to a human and the ongoing conversation analytics provide safety: knowledge gaps and false assumptions become visible and can be closed specifically. This keeps the information traceably bound to your sources.
- Is data passed on or sold for training? No. Your content and your visitors' conversation data are not passed on to third parties and not sold. They serve the operation of your assistant and the analysis for you, not external purposes. Data sovereignty stays with you: you decide which sources the assistant uses and can have data removed according to the agreed deletion concept. The framework for this is described on the privacy and hosting page.