Zum Inhalt springen
Individually trained

Privacy & Hosting for Your AI Assistant

An AI chat assistant processes the requests of your visitors — which is why XICBOT aligns hosting and data processing rigorously with the GDPR: operation in Germany and the EU, a data processing agreement under Art. 28 GDPR, data sovereignty in your hands, a clear deletion policy, and no sharing or selling of data. On request with European or self-hosted language models.

Hosting in Germany and the EU DPA under Art. 28 GDPR Data sovereignty and deletion policy

DE / EU

hosting and data processing

DPA

data processing under Art. 28

Deletion

defined periods and rules

on request

European or self-hosted models

An AI chat assistant only relieves your team if it does not turn data protection into a problem. As soon as an assistant talks to people on your website or in your shop, it processes personal data — questions, contact details, sometimes order or appointment requests. That is why XICBOT is built from the ground up so this processing is transparent, minimal and aligned with the General Data Protection Regulation. In concrete terms: hosting and processing in Germany and the EU, a data processing agreement under Art. 28 GDPR, a clear deletion policy and the commitment that we neither share nor sell your data. Why this standard matters to us is explained under About us.

Four Layers That Protect Your Data

Privacy & Hosting
Four layers that protect your data
From the data centre to the deletion policy — every layer is aligned with the GDPR and governed by contract
1
Hosting in Germany and the EU
Operation and data processing in data centres within the EU — no transfer to unsafe third countries
DE / EU
2
Data processing agreement
DPA under Art. 28 GDPR — you remain the controller, we process on your instructions
DPA
3
Encrypted transmission
Transport via TLS, access logged, rights strictly limited to what is necessary
TLS
4
Deletion policy with periods
Defined retention, governed deletion, no sharing and no selling
Period
On request European or self-hosted language modelsData sovereignty with you
Data processingin Germany and the EU
Operation Start planfrom 49 € per month net
From the data centre to the deletion policy: every layer is aligned with the GDPR and governed by contract.

How XICBOT Protects Your Data

Data protection is not a single setting but an interplay of location, contract, technology and clear rules. We look at each of these layers and align them so your assistant is helpful in everyday use without accumulating data unnecessarily. The following building blocks are the starting point in every XICBOT project and are shaped concretely with you — to fit your industry and the tasks your assistant is meant to take on.

Hosting in Germany and the EU

Operation and data processing take place in data centres within the EU. This keeps the data within the European legal area and avoids transfer to unsafe third countries.

Data Processing Agreement

We conclude a data processing agreement with you under Art. 28 GDPR. You remain the controller under the GDPR, and we process the data solely on your instructions for the agreed purpose.

Data Sovereignty With You

The content and conversation data belong to you. You decide which sources the assistant uses, which actions it may perform and how long data is retained.

Deletion Policy With Periods

Together we define retention periods and deletion rules. Data that is no longer needed is deleted in a governed way instead of being stored indefinitely — data minimisation as a principle.

Encryption and Access Control

Transmission is encrypted via TLS, access is logged and rights are strictly limited to what is necessary. This keeps the circle of those who see data small and traceable.

European or Self-Hosted Models

On request we use European or self-hosted language models so that processing stays even closer to your environment. We clarify the right framework in the initial consultation.

Interactive demo

Try XICBOT live

This is not a video or a recording — you are chatting with a real assistant trained on XICBOT. Ask a question or click an example to start.

For example, ask:
XICBOT
online
A quick note on data protection

This demo processes your input to reply — also via a provider outside the EU (standard contractual clauses). Please do not enter sensitive data. Click “Understood” to start the chat. Privacy

Data Protection Builds Trust, Not Just Compliance

For many companies, data protection is first of all an obligation — with an AI assistant, it quickly becomes a genuine factor of trust. Anyone who asks a question on a website or leaves contact details wants to know what happens to that information. An assistant that visibly handles data sparingly, is operated in Germany and the EU and shares nothing with third parties lowers the barrier to entering a conversation at all. In this way, clean data processing pays off not only in legal certainty but also in the number of enquiries and completions your assistant generates.

For you as the operator, this also means less effort and less risk. Because the data processing agreement, the deletion policy and purpose limitation are settled from the start, the assistant can be added to your existing privacy policy and record of processing activities without detours. You do not have to clarify afterwards where data is stored or how long it is kept — these questions are already answered. And because we stay factual, we do not promise absolute security but a transparent processing aligned with the GDPR and the current state of the art.

Especially in sensitive industries such as practices, law firms or trade involving personal data, the handling of information decides whether a digital offer is accepted. This is where XICBOT plays to its strengths: on request, processing stays even closer to your environment with European or self-hosted language models, and the assistant hands over to a human on delicate topics rather than deciding on its own. In this way, data protection and reliability combine into an offer your customers trust.

Reading and Acting — Data-Minimising and With Approvals

An assistant is only as privacy-friendly as the data flows it triggers. That is why XICBOT works on the principle of data minimisation: it reads only the sources you approve and performs only actions for which you have defined a function. It does not build profiles as a precaution and does not track visitors without a legal basis. How the assistant is trained from your own content and binds its answers to those sources is explained under Knowledge base & training. Typical content it reads includes:

  • Website content and subpages you approve
  • Shop catalogue based on Shopware Community Edition with products, prices and availability
  • Opening hours, locations and contact details
  • Documents, PDFs and data sheets from your knowledge base
  • FAQs, help articles and internal knowledge base
  • Calendar availability as well as order and delivery status

The assistant performs actions only through clearly defined functions, each with its own approval. This prevents uncontrolled access to your systems, and every action is traceable. How the assistant is embedded technically with a short snippet, without loading a bloated third-party widget, is described on the Integration page. Typical approved actions include:

  • Add a product to the cart and change quantities
  • Apply a voucher or promotion and show shipping costs
  • Book or reschedule an appointment and send confirmation
  • Request a callback and pre-fill the contact form
  • Hand a qualified lead to an inbox or CRM
  • Create a support ticket and hand over to a human for sensitive topics

Answers From Your Sources, No Data Collection on the Side

The assistant binds its answers to your own content and triggers actions only through approved functions. The data flow is therefore manageable: requests are processed within the EU, answered bound to your content and not evaluated for external purposes. An AI assistant can be wrong — which is why we rely on source binding, handover to humans and later evaluation rather than unfounded claims.

  • Answers bound to your own, approved sources
  • Actions only through defined functions with approval
  • No selling and no sharing with third parties
Data flow · only with approvalno sharing
Visitor
XICBOT · EU
Your content
Processing within the EU
Answers bound to your sources
No tracking without a legal basis

How We Set Up Data Protection

Data protection is not created at the end of a project but from the very start. We clarify the relevant data protection questions as early as the initial consultation, record the agreements in a contract and implement them technically. This way you know early which data the assistant processes, where it is stored and how long it is retained. The following process is the framework we tailor to your project together with you.

Start plan · net plus VAT

from 49 € per month net
  • Hosting and data processing in Germany and the EU
  • Data processing agreement under Art. 28 GDPR included
  • Deletion policy with defined periods, no sharing, no selling
  • On request European or self-hosted language models

Data protection is included in every XICBOT plan. The entry-level Start plan begins with a one-time setup from 990 € net and operation from 49 € per month net — including hosting in Germany, operation, maintenance, updates and GDPR-aligned data processing. More extensive plans as well as European or self-hosted models can be found in the pricing overview. Every project begins with a free initial consultation and, on request, a free demo.

Third-Party Widget and XICBOT Compared

Many standard chatbots are embedded as a ready-made widget from an external provider. That is quick to install but shifts control over location, contracts and data usage to a third party. XICBOT takes the opposite route: individually built, operated in Germany and the EU and with clear contractual rules. The comparison shows where the difference lies in everyday practice.

AspectThird-party chatbot widgetXICBOT
Hosting locationoften outside the EUGermany and the EU
Contractual basisblanket provider termsdata processing agreement under Art. 28 GDPR
Data usageuse for external purposes possibleno sharing, no selling
Deletionperiods often intransparentdefined deletion policy with periods
Language modelfixed by the provideron request European or self-hosted
Data sovereigntywith the providerwith you

Your Privacy Questions in the Initial Consultation

Would you like to know how the assistant fits into your existing privacy policy and your record of processing activities? In the free initial consultation we clarify location, retention, deletion and the question of European or self-hosted models concretely for your project — factually and without empty promises.

Frequently Asked Questions About Privacy & Hosting

By submitting you consent to the processing of your details to handle this request. Details in our privacy policy.