{"id":45607,"date":"2024-08-05T13:25:24","date_gmt":"2024-08-05T13:25:24","guid":{"rendered":"https:\/\/www.templafy.com\/?page_id=45607"},"modified":"2026-04-27T12:49:39","modified_gmt":"2026-04-27T12:49:39","slug":"security-and-privacy-faq","status":"publish","type":"page","link":"https:\/\/www.templafy.com\/home\/platform\/security\/security-and-privacy-faq\/","title":{"rendered":"Security and Privacy FAQ"},"content":{"rendered":"\n<section id=\"\" class=\"wp-block-templafy-blocks-colored-section  colored-section\" data-bg-color=\"#232323\">\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column has-off-white-primary-color has-text-color has-link-color wp-elements-2bd213e72bc31914f8dc2d518dc17990 is-layout-flow wp-block-column-is-layout-flow\">\n<h1 class=\"wp-block-heading has-off-white-primary-color has-text-color has-link-color has-ultra-font-size wp-elements-7c10b8bccf24d3d712fdc27a0f7e37cd\" style=\"margin-top:var(--wp--preset--spacing--6-25);margin-bottom:var(--wp--preset--spacing--1-8)\">Security and Privacy FAQ<\/h1>\n\n\n\n<p class=\"has-gray-40-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-68e8077a6cbaa44325f58726400e6574\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">This FAQ will provide valuable insights into how we deal with Information Security and Privacy at Templafy, <br>and address commonly asked questions about our application and organizational security measures.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:150px\">\n<div class=\"wp-block-buttons is-horizontal is-content-justification-center is-nowrap is-layout-flex wp-container-core-buttons-is-layout-d8b4acba wp-block-buttons-is-layout-flex\" style=\"margin-top:25px;margin-bottom:var(--wp--preset--spacing--1-8)\">\n<div class=\"wp-block-button has-custom-width wp-block-button__width-100 is-style-fill\"><a class=\"wp-block-button__link has-gray-100-primary-color has-off-white-primary-background-color has-text-color has-background has-link-color wp-element-button\" href=\"https:\/\/www.templafy.com\/soc-2-report\/\" style=\"border-radius:100px;padding-top:10px;padding-right:var(--wp--preset--spacing--1-25);padding-bottom:10px;padding-left:var(--wp--preset--spacing--1-25)\">Request SOC 2 report<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n\n\n\n<div class=\"wp-block-columns alignfull is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column link-list has-gray-100-primary-color has-gray-10-background-color has-text-color has-background has-link-color wp-elements-e7046757a2b7a251913892a465b3e7eb is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:33.33%\"><\/div>\n\n\n\n<div class=\"wp-block-column text-with-list has-gray-100-primary-color has-off-white-primary-background-color has-text-color has-background has-link-color wp-elements-6d87e1ea57069008f1f2fd58609ceea2 is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<div class=\"wp-block-group alignwide content-breadcrumb has-off-white-primary-background-color has-background has-global-padding is-layout-constrained wp-block-group-is-layout-constrained wp-container-1 is-position-sticky\">\n<h6 class=\"wp-block-heading\">Breadcrumbs<\/h6>\n<\/div>\n\n\n\n<div class=\"wp-block-templafy-blocks-content-with-menu\">\n<div id=\"application-security\" class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-2-font-size wp-elements-c14b3df6c400941e8d6476e269ed1194\" style=\"margin-bottom:var(--wp--preset--spacing--2-5)\">Security<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"72\" height=\"63\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/08\/Accounting.svg\" alt=\"\" class=\"wp-image-48380\" style=\"object-fit:cover\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-815b3f054b0ae0cc4c300a6c67c16d00\" id=\"application-security\"><br>Application Security<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-6d6372972e46e946d5c6290a65bdef7f\"><br>Does Templafy conduct penetration testing of its network, infrastructure, and services?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\">Penetration testing is conducted to measure the security posture of Templafy Services and Infrastructure. Templafy has an external penetration test performed at least once per calendar year.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">The objective of those penetration tests is to identify design or functionality issues in Templafy Services that could expose Data or Customers to risks from malicious activities.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Each external penetration test is performed by an internationally recognized, independent third-party software security testing company.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><strong>Each penetration test:&nbsp;<\/strong><\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">(i) encompasses both the internal and external network and authenticated application layer,<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">(ii) includes at least 80 hours of manual effort by the testing company,<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">(iii) probes for weaknesses in network perimeters or other infrastructure elements and any weaknesses in process or technical countermeasures relating to Templafy\u2019s Services that could be exploited by a malicious party, and<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\">(iv) identifies (at a minimum) the following security vulnerabilities: invalidated or unsanitized input; broken access control; broken authentication and session management; cross\u2010site scripting (XSS) flaws; buffer overflows; injection flaws; improper error handling; insecure storage; denial of service; insecure configuration management; proper use of SSL\/TLS; proper use of encryption; and anti\u2010virus reliability and testing.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-9269b70fe96a06e93b647d410b1bf343\"><br>Can customers conduct their own penetration tests?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8)\">Customer-led penetration testing can be conducted upon request at security@templafy.com and is subject to conditions prior to carrying out the tests.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-fe5ae492cb93043ac93e08b167681a1d\"><br>Does Templafy conduct vulnerability scanning of its network, infrastructure, and services?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\">Vulnerability scanning is performed on a continuous basis by Templafy in accordance with the vulnerability management policy. Technologies used are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-body-m-regular-font-size\">WhiteHat Security scanning for 24\/7 web application dynamic application security testing (DAST), <\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\">SonarCloud for static application security testing (SATS) before each release,<\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\">Software Composition Analysis 24\/7. We scan the libraries and dependencies used in our products to identify vulnerabilities and ensure the vulnerabilities are managed.<\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\">Renovate for ensuring that open-source dependencies always are the latest available version.<\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\">Azure Security Center and Azure Monitor for daily infrastructures, network, and application vulnerability scanning. Retests and on-demand scans are performed on an as-needed basis.<\/li>\n<\/ul>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-97625b4a01fce99fbb1dc7e55785f912\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Is there a formal Software Development Life Cycle (SDLC) process?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy\u2019s software development practices across each of the engineering teams are aligned with the Secure Development Lifecycle (SDLC) methodology and follow Scrum and Agile approaches.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Detailed policies and processes for the development of the Templafy Services have been designed with optimal security and quality in mind.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">The principles of security by design and default are implemented and rooted in training, coaching, pair programming, code review comments, coding tools, and branch policies in Azure DevOps.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy has implemented segregated environments for development, testing, and production as a means to support the segregation of duties and prevent unauthorized changes to production.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\">In addition, production data is not used or copied to non-production environments. Test scripts and synthetic data are created for use in the development and stage environments.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-912fbd415b1669220509d60c9c0a031b\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How Does Templafy manage changes in the platform?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">All application code changes are tested, peer-reviewed, and approved prior to implementation into production. The production and non-production environments are deployed in their own Azure Active Directory and their own Azure Subscriptions, thus completely separated, and changes are tested according to the nature of the change in an environment separate from production prior to deployment into a production release.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Tests include functionality unit testing, integration testing, smoke tests, manual regression testing, and load testing. Extensive security testing is conducted&nbsp;<a href=\"https:\/\/www.templafy.com\/table-of-content-demo\/#Does-Templafy-conduct-vulnerability-scanning-of-its-network,-infrastructure-and-services?\"><strong>(see vulnerability management section)<\/strong><\/a>.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">All change requests are logged, whether approved or rejected, on a standardized central system. The approval of all change requests and the results thereof are documented. Access to migrate change to production requires formal approval and is restricted to authorized personnel. Code management tools enforce branch protection policies to help ensure users cannot bypass standard change controls.<\/p>\n<\/div>\n\n\n\n<div id=\"backup\" class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"72\" height=\"68\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/08\/Expansion.svg\" alt=\"\" class=\"wp-image-48383\" style=\"object-fit:cover\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-8897b8c9110bcfb94e87234997c62d6f\"><br>Backup<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-b6ff937fa5265b8b9b2894cad05aa0f2\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>What is the backup strategy in place?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">For Templafy Services, tenant configuration data and binary data are backed up daily in SQL. In Templafy Hive, a 90-day Long-Term backup retention geo-redundant backup of SQL is available.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Data in storage accounts are written to three disks for redundancy per site and replicated across multiple sites.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">The backup system automatically generates a backup log. A point-in-time restoration option is also enabled for up to 7 days, in which all changes can be restored with at most 10 minutes of data loss.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Access to backup data is restricted only to authorized personnel using Entra ID with multi-factor authentication.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\">Furthermore, all backups are encrypted using AES 256 encryption.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-8d39e42b4209a8488ba27bfd2caa8145\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How long is the retention for backups?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-7f96109846e69be986083f93efb2ef96\">Backups are retained for 90 days in SQL. For blob storage, we have enabled soft-delete, so data will be removed 30 days after deletion.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-943468506c8a6d1c394e7863c9977c2f\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does Templafy maintain offsite backups?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-a9e56dd5111c723694938bd5c3e4b015\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">The Templafy solution is hosted using Microsoft Azure PaaS. <\/p>\n\n\n\n<p class=\"has-link-color has-body-m-regular-font-size wp-elements-824872ff46d570d2322bc61bc97331b3\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">Templafy uses multi-site data centers with availability commitments to permit the resumption of Templafy Services in the event of a disaster or partial outage at its primary data center location. <\/p>\n<\/div>\n\n\n\n<div id=\"business-continuity-and-disaster-recovery\" class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"72\" height=\"72\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/08\/Office-1.svg\" alt=\"\" class=\"wp-image-48856\" style=\"object-fit:cover\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-b5a36f3ac2cf3c08f45de3e5c9a0eaee\"><br>Business Continuity and Disaster Recovery<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-253fa032586c85b156eeaf239c5fe553\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How do you ensure the continuity of the Templafy platform?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\">The Templafy platform is deployed redundantly in primary and secondary Azure data centers in respective Azure data regions.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\"><br>Templafy has created Disaster Recovery plans to cover all three general scenarios: malicious incidents (third-party or insider threat), accidental incidents (human error), and unavailability incidents (Azure outages that affect our product). Templafy&#8217;s business continuity plans are reviewed annually and updated, if necessary.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-2f451dba88c92054c7fa55319b084b07\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Do you perform disaster recovery tests?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-03779da84a117f0cba4339e7918e4e96\">Templafy conducts testing of the business continuity and disaster recovery plans annually. Any issues identified during testing are resolved, and plans are updated accordingly. Testing of plans includes failing over a server and restoring backups.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-64593568db6bf010d1d2b909f089fc82\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>What are the Recovery Time Objective and the Recovery Point Objective?<\/h6>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-body-m-regular-font-size\">The Recovery Time Objective (RTO) for the Templafy Platform is 24 hours. <\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">The Recovery Point Objective (RPO) for the Templafy Platform is 24 hours.<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"72\" height=\"64\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/08\/Meta-Data.svg\" alt=\"\" class=\"wp-image-48855\" style=\"object-fit:cover\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-cbf9573753ea9a77e565967c4831fccf\"><br>Data Security<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-94716eb220aeaf50353024216c12fd6d\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Is data encrypted at rest?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\">Data is encrypted at rest using AES 256.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-65fc6c0ebd9fd752333535b8ebcbd320\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Is data encrypted in transit?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-556609d5028a0a6c199a24185aa2218c\">Data is encrypted in transit using minimum TLS 1.2.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-498b509cd25fad1b58e99616a389b714\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How are encryption keys managed?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-1905f7bc315259a5e00d4b8ee4a48ec1\">The key management of Service-Managed keys for data at rest encryption is performed by Azure. The certificates used for data in transit encryption are managed using Azure Key Vault by Templafy and are subject to Templafy&#8217;s cryptography policy.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-b00820cbff5e1cdd1ed6a565505a7862\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Where is data stored?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy does not store any data onsite. Microsoft Azure data centers are used to host the services provided to customers. Storage is clustered into regions to provide enhanced availability (a primary data center and a secondary data center for failover). Customers can select a region for data storage. Once selected, the data storage cannot be moved.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<figure id=\"table-117cfb71-b025-43c8-bf83-c5195ed6f418\" class=\"wp-block-table is-style-regular\" style=\"--tbl-radius:10px\"><table><thead><tr><th>Templafy Service<\/th><th>Applicability<\/th><th>Locations<\/th><\/tr><\/thead><tbody><tr><td>Templafy One<\/td><td>All customers on One (original platform)&nbsp;<\/td><td>European Union\/EEA,&nbsp;incl.&nbsp;Ireland,&nbsp;Sweden,&nbsp;Netherlands, France, Poland<\/td><\/tr><tr><td>Templafy Hive<\/td><td>All customers on Hive (second iteration of the platform)&nbsp;<\/td><td>European Union\/EEA and asselected by the customer: 1) European Union\/EEA incl. Ireland, Sweden, Netherlands, France, Poland, 2) United States, 3) Australia, 4) Canada<\/td><\/tr><tr><td>Data Analytics Platform<\/td><td>All customers<\/td><td>European Union\/EEA,&nbsp;incl.&nbsp;Ireland,&nbsp;Sweden,&nbsp;Netherlands, France, Poland<\/td><\/tr><tr><td>AI&nbsp;Features:&nbsp;AI Assistant, AI Data&nbsp;Transformation,&nbsp;AI&nbsp;Tagging, AI&nbsp;Smartfields&nbsp;<\/td><td>All customers on Hive using these services&nbsp;<\/td><td>Same as the Hive storage location selected by the customer: 1) European Union\/EEA incl. Ireland, Sweden, Netherlands, France, Poland, 2) United States, 3) Australia, 4) Canada<\/td><\/tr><tr><td>AI&nbsp;Features:&nbsp;Document&nbsp;Agent&nbsp;<\/td><td>All customers on Hive using these services\u202f&nbsp;<\/td><td>Storage&nbsp;location&nbsp;selected&nbsp;by the&nbsp;customer:&nbsp;1) European Union\/EEA incl. Ireland, Sweden, Netherlands, France, Poland, 2) United States<\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\">Infrastructure<\/figcaption><\/figure>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\">In addition to Microsoft, other sub-processors store data in locations as listed&nbsp;<strong><a href=\"https:\/\/www.templafy.com\/home\/platform\/privacy\/subprocessors\/\" data-type=\"page\" data-id=\"49333\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a><\/strong>.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\">Data may be processed and stored in sub-processing locations as listed&nbsp;<strong><a href=\"https:\/\/www.templafy.com\/home\/platform\/privacy\/subprocessors\/\" data-type=\"page\" data-id=\"49333\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a><\/strong>.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\">While Templafy does not host data on our premises, data may also be remotely processed outside the locations of Templafy offices for the purpose of provisioning the services to our customers.&nbsp;&nbsp;<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\">To do so in a secure manner, we have implemented a strict remote work policy, governed by the information security department, and subject to applicable contractual and regulatory requirements.&nbsp;<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-508e5072bca3415aab7086b1d1ab5e5b\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>What is the data retention for the data stored in the platform?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-e0824ef8c968afb814a3831b8679a409\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">Customer data is deleted from the platform 90 days after contract termination.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"67\" height=\"73\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/08\/Customer-support.svg\" alt=\"\" class=\"wp-image-48857\" style=\"object-fit:cover\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-5eb1784b272d95a58a76e94818a6c00e\"><br>Identity and Access Management<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-ecd88be43787e4bf27bbebf52ac4e85d\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How do users and administrators gain access to the application?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\">Templafy\u202fsupports just-in-time user-provisioning and SSO on-boarding against Entra ID, ADFS, SAML2, WS federation, Google Authentication (OAuth 2.0), and Entra ID (OpenID Connect). For more information about authentication please refer to our Knowledge Base (<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/sections\/360003899417-Single-sign-on\" data-type=\"link\" data-id=\"https:\/\/support.templafy.com\/hc\/en-us\/sections\/360003899417-Single-sign-on\"><strong>Single-sign on<\/strong><\/a>)<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-73d949deddfa0df5ba6d496fb6dd66a9\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does Templafy Support SCIM?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-10dad310ee755878a5cb7c33dfcb3302\">Yes, please refer to&nbsp;<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/360001052937-What-is-SCIM-and-how-does-Templafy-use-it-\"><strong>this<\/strong><\/a>&nbsp;article on our Knowledge Base.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-54ef46dc7c496ac2aaab386385877b08\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does Templafy use Role Based Access Control?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-2b52554f26aaafffaff0c1855ad7f893\">Yes, please refer to&nbsp;<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/360018077077-Access-levels-in-Templafy-Hive-tenants\"><strong>this<\/strong><\/a>&nbsp;article on our Knowledge Base.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-238752da2be4a02287bfbc073a3a1c41\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Is access logged?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-baf23b4331e55807f03d9a800f280f46\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy offers activity logs to all customers. These logs include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-body-m-regular-font-size\">User management activity log<\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\">Space members&#8217; activity log (if spaces are used)<\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\">Library admin activity log<\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Email signature activity log<\/li>\n<\/ul>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">These logs are available in the admin center of the customer&#8217;s tenant. To learn more about logs see&nbsp;<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/6883595903901-Monitoring-in-Templafy-Hive\"><strong>here<\/strong><\/a>.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"81\" height=\"81\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/08\/Automation.svg\" alt=\"\" class=\"wp-image-48858\" style=\"object-fit:cover\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-c93e37755ea616c74c60d0c7f4f61f61\"><br>Incident Management<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-cbcd3254bc6c94f5833af8827728a85f\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does Templafy have a defined cybersecurity incident management process?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">In the event of such a Security Incident, Templafy shall provide you with a detailed description of the Security Incident and the type of Personal Information concerned, unless otherwise prohibited by law or otherwise instructed by a law enforcement or supervisory authority.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy shall without undue delay (and in any event within thirty-six (36) hours) inform the affected customer in writing, whenever Templafy reasonably believes that there has been an Information Security Incident.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy shall inform the customer with as many details as known at that time (and regularly update the customer thereafter in writing or by email followed by a written notification) setting out in reasonable detail, without limitation, the nature of the information compromised, threatened, or potentially compromised, the specific information compromised or potentially compromised and of all events which may adversely affect the Vendor&#8217;s ability to provide the Service.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Following such notification, Templafy will take reasonable steps to mitigate the effects of the Security Incident and to minimize any damage resulting from the Security Incident.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\">Templafy will assist and cooperate with affected customers with any necessary or appropriate disclosures and other investigative, remedial, and monitoring measures as a result of the security incident.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-e40de57378577c6778629d0f22cedb97\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does Templafy have external reporting procedures in place for cybersecurity or privacy incidents?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Incident report is handled as part of our incident management process, whereby incidents impacting customers are reported to respective customers.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\">For privacy-specific incidents, the process is governed by the DPA customers, and authorities are informed as required by the law.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-0267dc0c025741831b60a8d2ff4adb04\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How can incidents be reported?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-f1f82deddda6e0c031c3abd621962bfd\">Incidents can be reported through our&nbsp;<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/requests\/new?ticket_form_id=6450399636765\"><strong>Incident Reporting form<\/strong><\/a>&nbsp;or through our&nbsp;security@templafy.com&nbsp;email.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-785d3543d37ec3008f653e8cc370005b\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>What SLA is offered for the solution?<\/h6>\n\n\n\n<p class=\"has-body-m-semibold-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">SLA: 99,5%<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">Please see&nbsp;<a href=\"https:\/\/status.templafy.com\/\"><strong>here<\/strong><\/a>&nbsp;to monitor our uptime.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"68\" height=\"81\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/08\/Location-1.svg\" alt=\"\" class=\"wp-image-48862\" style=\"object-fit:cover\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-03db82055182f55a8ef11cb8689f6a55\"><br>Organizational Security<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-f8e0251020ac196083d2b991cadf6dfb\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does Templafy have a cybersecurity awareness training program in place? <\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\">Mandatory general security training is provided at onboarding to all employees and contractors. Mandatory training on a specific security topic is also provided annually.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-17652a6a6d01c6d6c633dd7a7643fd42\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does Templafy have a department with oversight of information security?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-9d0ce74af33b2ea0542c9aa92572f6a6\">The Information Security department at Templafy is managed by a CISO. The department includes members dedicated to the areas of Privacy, Governance, Risk, Compliance, and Technical Operations.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-32b1bdec2aeb1c5a37389a9f399727aa\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does Templafy perform background checks and screening prior to employment?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-b8f0d18842f727a7afaa03d91a64245b\">All employees undergo a background check prior to employment.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-6a718c58220c18324fc66ce86aca9be9\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How are responsibilities allocated between Templafy, the customer, and Microsoft Azure?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-a73f29467e651f0cf130715a80954180\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">Please refer to&nbsp;<strong><a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/7511961591453-Shared-responsibility-using-Templafy\">this<\/a><\/strong>&nbsp;article on our Knowledge Base.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"72\" height=\"73\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/08\/Users.svg\" alt=\"\" class=\"wp-image-48861\" style=\"object-fit:cover\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-3099163b3cbef3290774c07cc4494625\"><br>Physical Security<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-0ef8b15444e2b4f0bd08932ae405bf77\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How do you manage data center security?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy&#8217;s service data is hosted in Microsoft Azure data centers. MS Azure adheres to security controls for ISO 27001, ISO 27018, SOC 1, SOC 2, SOC 3, FedRAMP, HITRUST, MTCS, IRAP, and ENS. Please refer to&nbsp;<strong><a href=\"https:\/\/azure.microsoft.com\/en-us\/explore\/trusted-cloud\/compliance\/\">this<\/a><\/strong>&nbsp;link for more details.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">The data center&#8217;s physical infrastructure is operated by Azure and we rely on their data center security controls.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Access controls are implemented, including biometric controls, CCTV is active across the data center perimeters and access points are staffed with security officers.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\">Please refer to&nbsp;<strong><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/security\/fundamentals\/physical-security\">this<\/a><\/strong>&nbsp;link for more details on the physical security measures implemented in Microsoft Azure data centers. We monitor the compliance of these controls through independent security attestations and reports.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-8abb61a748f4ac2ff24489bca39d6766\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Have you implemented physical security controls at your offices?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy maintains a physical and environmental policy for its offices to ensure the security and integrity of Templafy\u2019s facilities and the assets located within.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy offices have industry-standard physical security protection with secure access, burglary alarm, motion detectors, etc.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">Further visitors to secure areas are required to sign in and out with arrival and departure times, are required to wear an identification badge, and are always escorted while in secure areas.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"72\" height=\"73\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/08\/Users.svg\" alt=\"\" class=\"wp-image-48861\" style=\"object-fit:cover\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-fe0ab86a33c611261ff14cf463b8fc96\"><br>Artificial Intelligence<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-2d2822764de0ee0d1bb05ada9ff73edd\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does the Templafy platform leverage any AI?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy utilizes AI in various aspects of the product. Additional details regarding the functionalities that incorporate AI can be found in the links provided below.\u202f&nbsp;<\/p>\n\n\n\n<figure id=\"table-274de529-37e6-431e-87c4-f35b4c9436a1\" class=\"wp-block-table\" style=\"--tbl-radius:10px\"><table class=\"has-fixed-layout\"><thead><tr><th>Templafy Service<\/th><th>Underlying&nbsp;technology<\/th><th>AI\/LLM provider&nbsp;<\/th><th>Customer instance possible&nbsp;<\/th><\/tr><\/thead><tbody><tr><td><a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/360017736038-Enable-or-disable-the-automatic-AI-tagging-for-Pictures-Azure-Computer-Vision\"><strong>AI Tagging<\/strong><\/a><\/td><td>Built on Azure AI Vision<\/td><td>Microsoft&nbsp;<\/td><td>No<\/td><\/tr><tr><td><a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/18241934805021-Leveraging-AI-to-Write-Data-Transformation-or-Explain-Existing-Transformation\"><strong>AI Data Transformation<\/strong><\/a><\/td><td>Built on Azure Open AI<\/td><td>Microsoft&nbsp;<\/td><td>No<\/td><\/tr><tr><td><a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/21525730431261-What-is-Universal-AI-Assistant\"><strong>AI Assistant<\/strong><\/a><\/td><td>Built on Templafy\u2019s instance of Azure OpenAI&nbsp;<\/td><td>Microsoft&nbsp;<\/td><td>Yes<\/td><\/tr><tr><td>AI Smart Fields<\/td><td>Built on Azure OpenAI&nbsp;&nbsp;<\/td><td>Microsoft&nbsp;<\/td><td>Yes<\/td><\/tr><tr><td><a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/29956540303261-About-Document-Agents\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Document Agents<\/strong><\/a>&nbsp;<\/td><td>Built on Templafy\u2019s instance of&nbsp;Azure OpenAI&nbsp;<\/td><td>Microsoft&nbsp;<\/td><td>Yes<\/td><\/tr><tr><td>Image Generation&nbsp;<\/td><td>Nano Banana, a part of the Gemini API model family&nbsp;<\/td><td>Google<\/td><td>No<\/td><\/tr><tr><td>Web Search<\/td><td>Search API model&nbsp;<\/td><td>Perplexity<\/td><td>No<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8)\">Tenant administrators and owners have the option to disable&nbsp;any&nbsp;of these AI functionalities in the Admin Center.&nbsp;&nbsp;<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-4343888ba53face68e2fd62296244959\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>What types of data are processed by Templafy&#8217;s AI functionalities?<\/h6>\n\n\n\n<figure id=\"table-274de529-37e6-431e-87c4-f35b4c9436a1\" class=\"wp-block-table\" style=\"--tbl-radius:10px\"><table class=\"has-fixed-layout\"><thead><tr><th>Templafy Service<\/th><th>Input<\/th><th>Output<\/th><\/tr><\/thead><tbody><tr><td>AI Tagging<\/td><td>All images in the Templafy Library (jpg, jpeg, png, svg)<\/td><td>Tags<\/td><\/tr><tr><td>AI Data Transformation<\/td><td>Prompts configured by the administrator<br>Selected external&nbsp;<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/5120358777117-What-data-can-be-used-to-create-a-smart-template#h_01G3RAHRT49QV9B9E0DQ0S8SWX\"><strong>data source<\/strong><\/a>&nbsp;schema definition<br>Selected data sample from the selected data source<br>The data transformation rule<\/td><td>JMESPath query expression<\/td><\/tr><tr><td>AI Assistant<\/td><td>Free text e.g. a section of a document<br>Tone of voice configuration<br>Prompt configuration<\/td><td>Text e.g. rephrased section of a document<\/td><\/tr><tr><td>AI Smart Fields&nbsp;<\/td><td>Answer to gating questions&nbsp;<br>Data from connectors&nbsp;<\/td><td>Generated text&nbsp;<\/td><\/tr><tr><td>Document Agents<\/td><td>Templafy Library Assets<br>Pre-configured prompts<br>Tone of Voice Settings<br>User Chat Inputs, e.g. text, image&nbsp;<br>Uploaded assets (Optional)&nbsp;<\/td><td>Text, brand compliant presentation aligned with brand-approved templates, tone of voice and style guidelines.&nbsp;<\/td><\/tr><tr><td>Image Generation&nbsp;&nbsp;<\/td><td>User input e.g. text and&nbsp;image&nbsp;<br>Pre-configured prompts&nbsp;<br>Brand guidelines&nbsp;<\/td><td>Text and image&nbsp;<\/td><\/tr><tr><td>Web Search&nbsp;<\/td><td>User&nbsp;search input&nbsp;<\/td><td>Search results&nbsp;e.g. snippets, URLs, page titles and associated metadata&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-cde2314548470820715b6390a6064987\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Are&nbsp;the models&nbsp;utilized by Templafy\u2019s AI features trained on the Customer\u2019s data?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">No, customer data is not used to train any of the AI models leveraged by Templafy&#8217;s AI features.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-52da58d8411f96364c9d98941c5a36ff\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How long is the data retained in Templafy&#8217;s AI features?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"padding-bottom:var(--wp--preset--spacing--1-8)\">This retention period applies to AI input and output content. Audit logs and security logs are governed by our logging and monitoring retention policies described <a href=\"https:\/\/www.templafy.com\/home\/platform\/security\/security-and-privacy-faq\/#what-logging-mechanisms-are-in-place-to-track-access-and-usage-of-the-ai-functionality\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>below<\/strong><\/a>.<\/p>\n\n\n\n<figure id=\"table-2c360a28-e2b9-444e-ba40-15a76a656936\" class=\"wp-block-table is-style-regular\" style=\"--tbl-row-bg:#e8ebe1;--tbl-radius:10px;--tbl-row-side-borders:0\"><table class=\"has-fixed-layout\"><thead><tr><th>Templafy Service<\/th><th>Data type&nbsp;<\/th><th>Data retention&nbsp;<\/th><\/tr><\/thead><tbody><tr><td>AI Tagging&nbsp;<\/td><td>Images in the Templafy library&nbsp;<\/td><td>Stored for the duration of the contract or until manually deleted from the library + 90 days&nbsp;<\/td><\/tr><tr><td>AI Data Transformation&nbsp;<\/td><td>Prompts configured by the administrator&nbsp;<\/td><td>Stored for the duration of the contract or until manually deleted from the tenant + 90 days&nbsp;<\/td><\/tr><tr><td><\/td><td>Selected external\u202f<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/5120358777117-What-data-can-be-used-to-create-a-smart-template#h_01G3RAHRT49QV9B9E0DQ0S8SWX\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>data source<\/strong><\/a>\u202fschema definition&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>Selected data sample from the selected data source&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>Data transformation rule&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>JMESPath query expression&nbsp;<\/td><td><\/td><\/tr><tr><td>AI Assistant&nbsp;<\/td><td>Tone of voice configuration&nbsp;<\/td><td>Stored for the duration of the contract or until manually deleted from the tenant + 90 days&nbsp;<\/td><\/tr><tr><td><\/td><td>Prompt configuration&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>Selected text&nbsp;<\/td><td>Only processed in real time, not stored&nbsp;<\/td><\/tr><tr><td>AI Smart Fields&nbsp;<\/td><td>Gating question answer\/data connector\/app connector\/user profile information (as configured by customer admin)\u202f&nbsp;<\/td><td>Stored for 24 hours in a temporary blob storage\u202f&nbsp;<\/td><\/tr><tr><td><\/td><td>Prompt\u202f&nbsp;<\/td><td>Stored for the duration of the contract or until manually deleted + 90 days\u202f&nbsp;<\/td><\/tr><tr><td><\/td><td>Input (Gating question answer + prompt)\u202f&nbsp;<\/td><td>Only processed in real time, not stored\u202f&nbsp;<\/td><\/tr><tr><td><\/td><td>Template&nbsp;<\/td><td>Stored for the duration of the contract or until manually deleted + 90 days\u202f&nbsp;<\/td><\/tr><tr><td><\/td><td>Output of the AI (input + AI processing \u2013 including simple markdown formatting)\u202f&nbsp;<\/td><td>Stored for 24 hours in a temporary blob storage\u202f&nbsp;<\/td><\/tr><tr><td>Document Agents&nbsp;<\/td><td>Templafy Library Assets\u202f&nbsp;<\/td><td>Stored for the duration of the contract or until manually deleted + 90 days\u202f\u202f&nbsp;<\/td><\/tr><tr><td><\/td><td>Pre-configured prompts\u202f&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>Tone of Voice Settings\u202f&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>User Chat Inputs\u202f&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>Uploaded Assets (optional)\u202f&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>Generated Presentation\u202f&nbsp;<\/td><td><\/td><\/tr><tr><td>Image Generation&nbsp;<\/td><td>Pre-configured prompts\u202f&nbsp;<\/td><td>Stored for the duration of the contract or until manually deleted&nbsp;+&nbsp;90&nbsp;days\u202f\u202f&nbsp;<\/td><\/tr><tr><td><\/td><td>Tone of Voice Settings\u202f&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>User Chat Inputs\u202f&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>Uploaded Assets (optional)\u202f&nbsp;<\/td><td><\/td><\/tr><tr><td><\/td><td>Brand Guidelines&nbsp;<\/td><td><\/td><\/tr><tr><td>Web Search&nbsp;<\/td><td>User search inputs&nbsp;<\/td><td>Stored for the duration of the contract or until manually deleted&nbsp;+&nbsp;90&nbsp;days\u202f\u202f&nbsp;<\/td><\/tr><tr><td><\/td><td>Search results&nbsp;<\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n<style>#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(2) td{background-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(3) td{background-color:#cfd2cc !important;border-top-color:#cfd2cc !important;border-left-color:#cfd2cc !important;border-right-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(3):last-child td{border-bottom-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(4) td{background-color:#cfd2cc !important;border-top-color:#cfd2cc !important;border-left-color:#cfd2cc !important;border-right-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(4):last-child td{border-bottom-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(5) td{background-color:#cfd2cc !important;border-top-color:#cfd2cc !important;border-left-color:#cfd2cc !important;border-right-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(5):last-child td{border-bottom-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(6) td{background-color:#cfd2cc !important;border-top-color:#cfd2cc !important;border-left-color:#cfd2cc !important;border-right-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(6):last-child td{border-bottom-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(7) td{border-top-color:#e8ebe1 !important;border-left-color:#e8ebe1 !important;border-right-color:#e8ebe1 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(7):last-child td{border-bottom-color:#e8ebe1 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(8) td{border-top-color:#e8ebe1 !important;border-left-color:#e8ebe1 !important;border-right-color:#e8ebe1 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(8):last-child td{border-bottom-color:#e8ebe1 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(10) td{background-color:#cfd2cc !important;border-top-color:#cfd2cc !important;border-left-color:#cfd2cc !important;border-right-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(10):last-child td{border-bottom-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(11) td{background-color:#cfd2cc !important;border-top-color:#eef0e9 !important;border-left-color:#eef0e9 !important;border-right-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(11):last-child td{border-bottom-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(12) td{background-color:#cfd2cc !important;border-top-color:#eef0e9 !important;border-left-color:#eef0e9 !important;border-right-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(12):last-child td{border-bottom-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(13) td{background-color:#cfd2cc !important;border-top-color:#eef0e9 !important;border-left-color:#eef0e9 !important;border-right-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(13):last-child td{border-bottom-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(14) td{background-color:#cfd2cc !important;border-top-color:#eef0e9 !important;border-left-color:#eef0e9 !important;border-right-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(14):last-child td{border-bottom-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(16) td{border-top-color:#e8ebe1 !important;border-left-color:#e8ebe1 !important;border-right-color:#e8ebe1 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(16):last-child td{border-bottom-color:#e8ebe1 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(17) td{border-top-color:#e8ebe1 !important;border-left-color:#e8ebe1 !important;border-right-color:#e8ebe1 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(17):last-child td{border-bottom-color:#e8ebe1 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(18) td{border-top-color:#eef0e9 !important;border-left-color:#eef0e9 !important;border-right-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(18):last-child td{border-bottom-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(19) td{border-top-color:#e8ebe1 !important;border-left-color:#e8ebe1 !important;border-right-color:#e8ebe1 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(19):last-child td{border-bottom-color:#e8ebe1 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(20) td{border-top-color:#eef0e9 !important;border-left-color:#eef0e9 !important;border-right-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(20):last-child td{border-bottom-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(21) td{background-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(22) td{background-color:#cfd2cc !important;border-top-color:#cfd2cc !important;border-left-color:#cfd2cc !important;border-right-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(22):last-child td{border-bottom-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(23) td{background-color:#cfd2cc !important;border-top-color:#cfd2cc !important;border-left-color:#cfd2cc !important;border-right-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(23):last-child td{border-bottom-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(24) td{background-color:#cfd2cc !important;border-top-color:#cfd2cc !important;border-left-color:#cfd2cc !important;border-right-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(24):last-child td{border-bottom-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(25) td{background-color:#cfd2cc !important;border-top-color:#cfd2cc !important;border-left-color:#cfd2cc !important;border-right-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(25):last-child td{border-bottom-color:#cfd2cc !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(27) td{border-top-color:#eef0e9 !important;border-left-color:#eef0e9 !important;border-right-color:#eef0e9 !important;}#table-2c360a28-e2b9-444e-ba40-15a76a656936 table tbody tr:nth-child(27):last-child td{border-bottom-color:#eef0e9 !important;}<\/style>\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy\u00a0has procedures in place to ensure\u00a0adherence to\u00a0purpose limitation, storage limitation and data minimization. Input and output data are only processed for as long as necessary to fulfill the purpose for which they were collected.\u00a0We govern the contractual, organizational, and technical measures by our sub-processors to ensure that they are able to live up to the same level of data protection and data retention\u00a0commitments\u00a0outlined in our\u00a0<a href=\"https:\/\/www.templafy.com\/data-processing-agreement\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Data Processing Agreement<\/strong><\/a>.\u00a0<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\">As a rule, input and output data is processed only in real time by the AI model providers. However, authorized data processing\u00a0activities may require temporary\u00a0storage\u00a0for the purpose\u00a0ensuring\u00a0the integrity, security, and\u00a0reliability\u00a0of the services. This includes debugging purposes in the event of a failure and investigating patterns of abuse and misuse to determine if services are being used in a manner that\u00a0violates\u00a0the applicable product terms.\u00a0Human\u00a0reviewers assessing potential abuse can access this repository of prompts and completions data if that data has been flagged by the abuse monitoring systems.\u00a0<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\">Microsoft\u2019s\u00a0retention for debugging\u00a0and abuse monitoring is 30 days, with full backup cycle at 90 days\u00a0in the event that investigation require further storage. Google\u2019s temporary storage of input and output data for abuse monitoring and enforcement is up to 55 days. In the event of\u00a0further investigation, data may be\u00a0subject to the\u00a0<a href=\"https:\/\/services.google.com\/fh\/files\/misc\/data_deletion_on_gcp.pdf?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Google Cloud Platform\u2019s deletion pipeline<\/strong><\/a>, which can be immediately on the application and storage layer depending on storage configuration, 60 days from active systems, and up to 180 days from long-term backup systems for disaster recovery purposes.\u00a0<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-8481df835e4e8d5df428eb8b8c7e23ce\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Who has access to the data, and how is access control managed?<\/h6>\n\n\n\n<figure id=\"table-0cbd4ef4-563e-42d7-bb86-ebfdea8f549e\" class=\"wp-block-table\" style=\"--tbl-radius:10px\"><table class=\"has-fixed-layout\"><thead><tr><th>Templafy service&nbsp;<\/th><th>Access&nbsp;purpose and control&nbsp;<\/th><\/tr><\/thead><tbody><tr><td>AI Tagging&nbsp;<\/td><td>Authorized Templafy employees may have access to the input and output data&nbsp;stored on the Templafy platform<strong>\u202f<\/strong>when they provide customer support and success services offered in the best interest of the customer, or when a forensic investigation needs to be carried out following a security incident&nbsp;<\/td><\/tr><tr><td>AI Data&nbsp;Transformation&nbsp;<\/td><td>Authorized Templafy employees may have access to the input and output data&nbsp;stored on the Templafy platform<strong>\u202f<\/strong>when they provide customer support and success services offered in the best interest of the customer, or when a forensic investigation needs to be carried out following a security incident&nbsp;<\/td><\/tr><tr><td>AI Assistant&nbsp;<\/td><td>Authorized&nbsp;Templafy employees may have access to prompts and tone of voice stored in the tenant.\u202f&nbsp;<\/td><\/tr><tr><td>AI Smart Fields&nbsp;<\/td><td>Authorized Templafy employees may have access to input and output data&nbsp;<\/td><\/tr><tr><td>Document Agents&nbsp;<\/td><td>Authorized Templafy employees may have access to input and output data&nbsp;<\/td><\/tr><tr><td>Image Generation&nbsp;<\/td><td>Authorized Templafy employees may have access to input and output data&nbsp;<\/td><\/tr><tr><td>Web Search&nbsp;<\/td><td>Authorized Templafy employees may have access to input and output data&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-top:var(--wp--preset--spacing--1-8);margin-bottom:var(--wp--preset--spacing--1-8)\">The data that is stored in the customer\u2019s tenant is secured by various means. Access to program production data is restricted and limited to authorized personnel. Templafy has role-based access control. Access to production information systems is enforced via Entra ID multi-factor authentication. Appropriate identification and authentication are required to perform actions on the production environment and cannot be circumvented. Read access to system databases is provided to Senior Site Reliability Engineers. No one in Templafy has write access to production system databases.&nbsp;<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-82388c69286feac93be416c19ee1c6ec\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Is the data shared with third parties, and if so, what safeguards are in place to protect it?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy relies on trusted partners&nbsp;for&nbsp;providing AI\/LLM services&nbsp;for our platform.&nbsp;They each serve as&nbsp;a&nbsp;reliable&nbsp;<a href=\"https:\/\/www.templafy.com\/subprocessors\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>sub-processor<\/strong><\/a>&nbsp;in providing our services to customers,&nbsp;which puts them subject to&nbsp;extensive evaluations by Templafy\u2019s Information Security team, ensuring they meet the data protection standards outlined in the Templafy Data Processing Agreement with our clients. Both Templafy and&nbsp;our&nbsp;AI sub-processors&nbsp;hold certifications under the Data Privacy Framework,&nbsp;and&nbsp;the sub-processing agreements incorporate&nbsp;the Standard Contractual Clauses.&nbsp;As mentioned\u202f<a href=\"https:\/\/www.templafy.com\/home\/platform\/security\/security-and-privacy-faq\/#how-long-is-the-data-retained-in-templafys-ai-features\" data-type=\"link\" data-id=\"https:\/\/www.templafy.com\/home\/platform\/security\/security-and-privacy-faq\/#how-long-is-the-data-retained-in-templafys-ai-features\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>above<\/strong><\/a>,&nbsp;sub-processors&nbsp;have&nbsp;limited access to the input and output data.&nbsp;They&nbsp;ensure the security of specific reviewers through various means,&nbsp;as outlined in the following table.&nbsp;&nbsp;<\/p>\n\n\n\n<figure id=\"table-c74df67c-344c-4938-a4b0-ccb11de53c86\" class=\"wp-block-table\" style=\"--tbl-radius:10px\"><table class=\"has-fixed-layout\"><thead><tr><th>Sub-processor&nbsp;<\/th><th>Implemented security measures&nbsp;<\/th><\/tr><\/thead><tbody><tr><td>Microsoft&nbsp;<\/td><td>The security of Azure OpenAI and Azure AI Vision is primarily managed by Microsoft, which implements a range of security measures to protect customer data. These include data encryption both in transit and at rest, strong access controls through Azure Active Directory (Entra ID) with multi-factor authentication and role-based access control, and strict data privacy policies ensuring customer data is isolated and protected. Microsoft also ensures compliance with key industry standards, such as ISO 27001 and SOC 2, and provides ongoing monitoring, logging, and patching to mitigate security risks.&nbsp;<br><br>\u2022 AI Tagging: For more information please refer to\u202f<a href=\"https:\/\/learn.microsoft.com\/en-us\/legal\/cognitive-services\/computer-vision\/imageanalysis-data-privacy-security\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Microsoft\u2019s safeguards<\/strong><\/a>\u202faround image analyses.&nbsp;<br>\u2022 AI Data Transformation, AI Assistant, AI smart Fields, Document Agents: All inputs and outputs for this service are passed directly through Microsoft OpenAI Service via secured APIs. These APIs employ various security measures such as encryption, authentication, and authorization to safeguard sensitive information from unauthorized access or tampering during transfer. For more information, please refer to\u202f<a href=\"https:\/\/learn.microsoft.com\/en-us\/legal\/cognitive-services\/openai\/data-privacy?context=%2Fazure%2Fai-services%2Fopenai%2Fcontext%2Fcontext&amp;tabs=azure-portal\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Data, privacy, and security for Azure OpenAI Service<\/strong><\/a>.<\/td><\/tr><tr><td>Google<\/td><td>As part of the Gemini API model&nbsp;family, Nano Banana is&nbsp;deployed within Google Cloud\u2019s enterprise-grade compliance framework, including ISO27001 and SOC 2.&nbsp;For Google Cloud compliance center, please see&nbsp;<a href=\"https:\/\/cloud.google.com\/compliance?_gl=1*s0v0y9*_ga*MTI3MTE1OTE1NC4xNzczMzg3ODQ0*_ga_WH2QY8WWF5*czE3NzU3MjEwMDYkbzI3JGcxJHQxNzc1NzIxNzg2JGo1OSRsMCRoMA..&amp;hl=en\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>.&nbsp;Google implements&nbsp;strong&nbsp;access control&nbsp;using Google Cloud IAM,&nbsp;encryption&nbsp;in transit and at rest,&nbsp;and&nbsp;controlled deployment pipelines.&nbsp;For Google\u2019s security overview, please see&nbsp;<a href=\"https:\/\/docs.cloud.google.com\/docs\/security\/overview\/whitepaper\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>here<\/strong><\/a>&nbsp;.&nbsp;<\/td><\/tr><tr><td>Perplexity<\/td><td>Applicable for&nbsp;our&nbsp;Web Search feature,&nbsp;Perplexity&nbsp;maintains GDPR, HIPAA, PCI DSS and SOC 2 compliance. Data is encrypted in transit&nbsp;and at rest.&nbsp;Perplexity ensures the security&nbsp; and integrity&nbsp;of its AI by various means, including&nbsp;secure SDLC practices, strong access control, system safeguards and monitoring mechanisms, described in their&nbsp;<a href=\"https:\/\/trust.perplexity.ai\/resources\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SOC 2 report<\/strong><\/a>&nbsp;,&nbsp;<a href=\"https:\/\/trust.perplexity.ai\/controls\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>trust center<\/strong><\/a>, and&nbsp;<a href=\"https:\/\/www.perplexity.ai\/help-center\/en\/collections\/18799294-privacy-data\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>knowledge center<\/strong><\/a>.&nbsp;&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-87cc61ee32739df47aee0ad77be37403\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How transparent is the AI model\u2019s decision-making process, and can users understand how their data influences outcomes?<\/h6>\n\n\n\n<ul class=\"wp-block-list text-with-list has-body-m-regular-font-size\">\n<li><strong>Microsoft<\/strong>:&nbsp;Please refer to Microsoft\u2019s\u202f<a href=\"https:\/\/learn.microsoft.com\/en-us\/legal\/cognitive-services\/openai\/transparency-note?tabs=text\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Transparency Note for Azure OpenAI Service<\/strong><\/a>\u202ffor more information on the transparency of the models used for of AI features.&nbsp;<\/li>\n\n\n\n<li><strong>Google<\/strong>:&nbsp;Please visit Google\u2019s&nbsp;<a href=\"https:\/\/ai.google\/principles\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>AI Principles<\/strong><\/a>&nbsp;for more general AI transparency&nbsp;and&nbsp;<a href=\"https:\/\/ai.google.dev\/gemini-api\/docs\/models\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Gemini API models<\/strong><\/a>&nbsp;for details about&nbsp;the&nbsp;models.&nbsp;&nbsp;&nbsp;<\/li>\n\n\n\n<li><strong>Perplexity<\/strong>:&nbsp;Perplexity provides transparency in how it generates answers, primarily through source attribution and evidence-based outputs&nbsp;(see more information&nbsp;(<a href=\"https:\/\/www.perplexity.ai\/help-center\/en\/articles\/10352895-how-does-perplexity-work\" data-type=\"link\" data-id=\"https:\/\/www.perplexity.ai\/help-center\/en\/articles\/10352895-how-does-perplexity-work\"><strong>here<\/strong><\/a>).&nbsp;Each response typically includes numbered citations linking to the original sources, allowing users to verify claims and review the evidence behind the answer. The system performs real-time web retrieval, gathers relevant sources, and summarizes them into a response with clickable references, enabling users to trace information back to its origin.&nbsp;The platform emphasizes verifiable outputs with traceable sources, making it easier to check how a conclusion was derived compared&nbsp;to&nbsp;many generative&nbsp;AI tools.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-1e32aabd51620f28eee7f11ad9daf97d\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How are updates to the AI model managed, and what controls are in place to ensure that updates do not introduce new vulnerabilities?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy does not control the AI models&nbsp;for any of the AI features that we leverage. For information about&nbsp;the third party models, please visit the respective websites for&nbsp;<a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/foundry\/openai\/how-to\/working-with-models?tabs=powershell\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Microsoft<\/strong><\/a>,&nbsp;<a href=\"https:\/\/ai.google.dev\/gemini-api\/docs\/models\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Google<\/strong><\/a>&nbsp;and&nbsp;<a href=\"https:\/\/docs.perplexity.ai\/docs\/search\/quickstart\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Perplexity<\/strong><\/a>.&nbsp;<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-68e668967bf04b6e4e9f2bd07e93bb69\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How is the model protected against adversarial attacks or attempts to manipulate input data?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy does not have control over the underlying models, but&nbsp;each AI\/LLM provider have&nbsp;&nbsp;implemented several measures that raised the security level of this model to high standards.&nbsp;&nbsp;<\/p>\n\n\n\n<figure id=\"table-156b1a8c-aa1d-4427-bb5c-246e45139247\" class=\"wp-block-table\" style=\"--tbl-radius:10px\"><table class=\"has-fixed-layout\"><thead><tr><th>Service provider                                                                            <\/th><th>Model security measures&nbsp;<\/th><\/tr><\/thead><tbody><tr><td>Templafy<\/td><td>While most Gen AI tools allow for free prompts, our AI Assistant limits the prompts to just the ones that were deemed acceptable by the tenant administrator. Prompt engineering can be a difficult and risky task, but with our AI Assistant you can rest assured that only pre-approved and accurate prompts are run. Any updates and patches to the AI Assistant are deployed in accordance with our Secure Software Development Lifecycle. We secure API keys and integrations using Azure Key Vault and in accordance with best practices.&nbsp;<\/td><\/tr><tr><td>Microsoft<\/td><td>Measures include guardrails that prevent the model from generating harmful or malicious content. These guardrails include filtering out toxic or offensive content, flagging content that may be harmful and limiting the model\u2019s ability to generate certain types of content. To see more information, follow here:<br>\u2022 <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/ai-services\/openai\/concepts\/content-filter?tabs=warning%2Cuser-prompt%2Cpython\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Content Filtering<\/strong><\/a>\u00a0<br>\u2022 <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/ai-services\/openai\/concepts\/abuse-monitoring\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Abuse Monitoring<\/strong><\/a>\u00a0<br><br>For more information, please refer to\u202f<a href=\"https:\/\/learn.microsoft.com\/en-us\/legal\/cognitive-services\/openai\/data-privacy?context=%2Fazure%2Fai-services%2Fopenai%2Fcontext%2Fcontext&amp;tabs=azure-portal#preventing-abuse-and-harmful-content-generation\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Data, privacy, and security for Azure OpenAI Service<\/strong><\/a>\u202fand\u202f<a href=\"https:\/\/learn.microsoft.com\/en-us\/legal\/cognitive-services\/computer-vision\/imageanalysis-data-privacy-security\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Data and privacy for Image Analysis<\/strong><\/a><strong>.<\/strong>\u00a0<\/td><\/tr><tr><td>Google<\/td><td>\u2022 Gemini-based system use&nbsp;industry standard ML security controls such as adversarial testing, input filtering, abuse detection, and safety guardrails to reduce prompt manipulation or&nbsp;malicious&nbsp;inputs, detect abnormal prompts and enforce model safety policies, maintain reliable outputs and prevent exploitation.&nbsp;&nbsp;<br>\u2022 Models deployed through Google Cloud infrastructure use controlled deployment pipelines, identity-based access controls, and&nbsp;platform security protections to ensure model artifacts are verified and executed only within trusted artifacts.&nbsp;&nbsp;<br>\u2022 Model updates and service patches are delivered through Google\u2019s secure software supply chain and controlled&nbsp;cloud deployment systems. \u2022 \u2022 Updates undergo validation and integrity checks before rollout, and only authenticated Google infrastructure can deploy new model versions.&nbsp;&nbsp;<br>\u2022 Gemini services provide centralized logging through Google Cloud and Admin tools. Administrators can view usage logs, export them to SIEM platforms, and monitor activity, policy violations, or anomalous usage patterns for auditing and security monitoring.&nbsp;&nbsp;<br>\u2022 Google provides natural-language explanations and traceable responses based on prompts and available context. While generative models cannot fully expose internal reasoning, transparency features include contextual explanations, citations in some responses, and administrative visibility into usage patterns.&nbsp;&nbsp;<br>\u2022 Enterprise Gemini deployments isolate customer data and do not use prompts or outputs for model training by default, preventing leakage of proprietary or sensitive information into model training datasets. Access controls and data governance policies further restrict exposure of sensitive data.&nbsp;&nbsp;<br>\u2022 To learn more about&nbsp;Google\u2019s AI governance,&nbsp;please&nbsp;see&nbsp;Google\u2019s&nbsp;resources around&nbsp;<a href=\"https:\/\/deepmind.google\/blog\/advancing-geminis-security-safeguards\/?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>defending Gemini against indirect prompt injections<\/strong><\/a>,&nbsp;<a href=\"https:\/\/docs.cloud.google.com\/gemini\/enterprise\/docs\/security-overview?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Gemini Enterprise security overview<\/strong><\/a>,&nbsp;and using&nbsp;<a href=\"https:\/\/docs.cloud.google.com\/architecture\/framework\/security\/use-ai-for-security?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>AI for security<\/strong><\/a>.&nbsp;&nbsp;<\/td><\/tr><tr><td>Perplexity<\/td><td>\u2022 Perplexity mitigates adversarial manipulation through prompt-injection detection, input filtering, security testing\/red-teaming, and system-level safeguards that restrict AI actions and monitor anomalous behavior.&nbsp;&nbsp;<br>\u2022 Perplexity verifies AI model integrity through&nbsp;secure&nbsp;software&nbsp;development&nbsp;lifecycle&nbsp;practices, controlled deployment pipelines, strong access controls, and audit\/monitoring mechanisms, reducing the risk of unauthorized modifications or compromised models during deployment.&nbsp;&nbsp;<br>\u2022 Model updates and patches are validated through secure change management processes, mandatory code reviews, automated testing pipelines, and staged deployment to preview environments, ensuring that unauthorized or tampered updates are detected before reaching production.&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-e565308e80668c8efac97d1129a7c845\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>What logging mechanisms are in place to track access and usage of the AI functionality?<\/h6>\n\n\n\n<figure id=\"table-bf17eaee-9977-4c6a-a88c-141294c2bdf6\" class=\"wp-block-table\" style=\"--tbl-radius:10px\"><table class=\"has-fixed-layout\"><thead><tr><th>Templafy service&nbsp;<\/th><th>Logging<\/th><\/tr><\/thead><tbody><tr><td>AI Tagging&nbsp;<\/td><td>Templafy does not collect any usage logs for its AI tagging functionality.&nbsp;<\/td><\/tr><tr><td>AI Data Transformation&nbsp;<\/td><td>Same tracking as for the AI Assistant,&nbsp;as well as&nbsp; successful and unsuccessful transformation attempts.&nbsp;<\/td><\/tr><tr><td>AI Assistant&nbsp;<\/td><td>Templafy will improve and enhance our service offering by tracking the use of our product. Please note that user provided&nbsp;input will not be tracked or logged.&nbsp;The usage data is pseudonymized and includes the character length of the selected text by users and the character length of prompts configured for actions. The activation or deactivation of the AI functionality is recorded.&nbsp;<\/td><\/tr><tr><td>AI Smart Fields&nbsp;<\/td><td>Templafy tracks the number of AI Text Smart Fields that are used per document.\u202f&nbsp;<\/td><\/tr><tr><td>Document Agents&nbsp;<\/td><td>Templafy will improve and enhance our service offering by tracking the use of our product. The following will be tracked:&nbsp;<br><br>\u2022 Usage data, pseudonymized where applicable&nbsp;<br>\u2022 Templafy user ID, job title, department, location and company name&nbsp;<br>\u2022 Name, email address, phone number and other user profile elements where applicable&nbsp;<br>\u2022 Input and outputs&nbsp;<\/td><\/tr><tr><td>Image Generation&nbsp;<\/td><td>Templafy will improve and enhance our service offering by tracking the use of our product. The following will be tracked:<br><br>\u2022 Usage data, pseudonymized where applicable&nbsp;<br>\u2022 Templafy user ID, job title, department, location and company name&nbsp;<br>\u2022 Name, email address, phone number and other user profile elements where applicable&nbsp;<br>\u2022 Input and outputs&nbsp;&nbsp;<\/td><\/tr><tr><td>Web Search&nbsp;<\/td><td>Templafy will improve and enhance our service offering by tracking the use of our product. The following will be tracked:<br><br>\u2022 Usage data, pseudonymized where applicable&nbsp;<br>\u2022 Templafy user ID, job title, department, location and company name&nbsp;<br>\u2022 Name, email address, phone number and other user profile elements where applicable&nbsp;<br>\u2022 Input and outputs&nbsp;&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"padding-top:var(--wp--preset--spacing--1-8);padding-bottom:var(--wp--preset--spacing--1-8)\">These logs are retained in accordance with our contractual commitments, hereunder the&nbsp;<a href=\"https:\/\/www.templafy.com\/home\/legal\/templafy-saas-agreement\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>SaaS Agreement<\/strong><\/a>&nbsp;and&nbsp;the\u202f<a href=\"https:\/\/www.templafy.com\/home\/platform\/security\/data-processing-agreement\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Data Processing Agreement<\/strong><\/a>.&nbsp;<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-3f63fac06b0c30d3190500a92e88a42d\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Is the EU AI Act applicable to Templafy?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Yes, the EU AI act is applicable to all providers and users of AI systems within the EU.&nbsp;<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy\u2019s AI features can be classified in the \u201cLimited Risk\u201d category. The security requirements for limited risk systems include\u202f<strong>transparency<\/strong>\u202fand\u202f<strong>information provision<\/strong>. Templafy\u2019s AI features fulfil both of these requirements by being clearly marked as \u201cAI\u201d within the platform\u2019 UI and through the multiple articles available in our\u202f<a href=\"https:\/\/support.templafy.com\/hc\/en-us\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Templafy Help center<\/strong><\/a>\u202fand courses available in our\u202f<a href=\"https:\/\/academy.templafy.com\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Templafy Academy<\/strong><\/a>.&nbsp;<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy continuously re-evaluates its AI features in light of evolving laws and regulations, and adjusts its security measures to ensure that its product remains fully compliant with all applicable requirements.&nbsp;<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<h2 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-2-font-size wp-elements-80854d2a7176aa892aea740d5774ccde\" style=\"margin-bottom:var(--wp--preset--spacing--2-5)\"><br>Privacy<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"73\" height=\"82\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/08\/Statistics.svg\" alt=\"\" class=\"wp-image-48860\" style=\"object-fit:cover\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-4be04e8e085fa716be2905783db4f36c\"><br>Personal Data Types<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-618d30014834636eebdb6669f4290e44\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>What types of personal data Does Templafy process on behalf of customers?<\/h6>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-body-m-regular-font-size\">User profile information, such as name, email address, phone numbers, job title, and other elements as configured by customer admins. Can be read from customer ADs.<\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\">Any personal data in&nbsp;customer digital assets&nbsp;uploaded to the services, such as company pictures, contact information e.g. in contracts or slide decks, and any other elements in digital assets that customer admins choose to upload to Templafy<\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\">Any personal data inputted into&nbsp;response forms&nbsp;or relevant&nbsp;data sources, configured by customer admins.<\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\">System information&nbsp;such as IP address and usage behavior as users navigate through the Templafy services.<\/li>\n<\/ul>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-05d63ef0e4a8b873d96c3f9a80496a4e\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does Templafy process sensitive data?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy is typically used for standard, generic content such as contract templates and brand-compliant slide decks that users generate and further build on.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">We mainly see user personal data in the form of&nbsp;work-related&nbsp;information&nbsp;and&nbsp;basic contact details, such as what an email signature would contain.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">Templafy services can be used in many ways to optimize business contents, however from a privacy perspective, it is possible to restrict and govern the processing; the control is with appropriate customer admins.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/07\/icon_shape.svg\" alt=\"\" class=\"wp-image-45340\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-a0273f695904a9b33dbea23af23dd237\"><br>Data subjects<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-f3959ba28505b2ec5e27aa896c02158e\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Whose personal data does Templafy process?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-b5a85a25f108b1819fe15ff0c1e19ffa\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">Templafy primarily processes customer employee data, who are users of the services. However customer admins may choose to give access to partners or involve other data subjects should they wish (e.g. through the available integrations).<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/07\/icon_shape.svg\" alt=\"\" class=\"wp-image-45340\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-4514d3610101ddf3590abd7e01866457\"><br>About the Processing<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-5571ec27ab1c92425870e710a7c2d9ee\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How Does Templafy process customer personal data?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Customer admins configure the&nbsp;<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/sections\/360003927898-Authentication\"><strong>authentication method<\/strong><\/a>&nbsp;by which customer end-users access Templafy with the use of their&nbsp;<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/360008803198-User-Profiles\"><strong>user profiles<\/strong><\/a>. Templafy processes end-users\u2019 personal data set up in their user profile, any personal data included in the customer\u2019s digital assets (e.g. company pictures), and if otherwise inputted in the services (e.g.&nbsp;<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/5120358777117-What-data-can-be-used-to-create-a-smart-template-#h_01G3RAHRT49QV9B9E0DQ0S8SWX\"><strong>data sources<\/strong><\/a>&nbsp;and&nbsp;<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/5126572749725-What-is-a-response-form-\"><strong>response forms<\/strong><\/a>).<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">The authentication method may be just-in-time (JIT) user provisioning and&nbsp;<a href=\"https:\/\/support.templafy.com\/hc\/en-us\/articles\/201908882-Supported-Single-Sign-on-SSO-technologies\"><strong>single-sign-on onboarding<\/strong><\/a>&nbsp;against the customer\u2019s active directory (AD), which can be configured to communicate to Templafy certain personal data elements (name, work email address, job title). End-users are able to view their user profile, and modify or delete to a degree controlled by the customer admin.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-a8d70e4b758e9f37e2cff2f57d177d1b\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Is the data collected by AI personally identifiable information? How is it handled to protect user privacy?<\/h6>\n\n\n\n<p class=\"has-body-m-semibold-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">AI Tagging<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Images processed by this AI feature may contain Personally Identifiable Information.<\/p>\n\n\n\n<p class=\"has-body-m-semibold-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">AI Data Transformation<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Data transformation input and output may contain Personally Identifiable Information if configured by the customer administrator, however, it is not essential for optimal usage.<\/p>\n\n\n\n<p class=\"has-body-m-semibold-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">AI Assistant and Document Agents<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">The AI Assistant and Document Agents input and output may contain Personally Identifiable Information as part of the input selected by the customer.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">Customers remain controllers of the data used for Templafy\u2019s AI functionalities. All processing of customer personal data is governed by the entered into <a href=\"https:\/\/www.templafy.com\/home\/platform\/security\/data-processing-agreement\/?_gl=1*r9lniq*_up*MQ..*_ga*NTQ3OTg1MzkwLjE3NzIwMTMyNjA.*_ga_QM66J36TFK*czE3NzIwMTMyNTkkbzEkZzAkdDE3NzIwMTMyNTkkajYwJGwwJGgxNzk5ODM2MTYw\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Data Processing Agreement<\/strong><\/a>. In line with all processing activities related to personal data within Templafy services, the data flow of the AI functionalities adheres to fundamental data protection principles, ensuring that data is processed solely for the approved purposes and duration, which are clearly communicated. Templafy\u2019s Privacy team has conducted a formal evaluation of the personal data processing by Templafy\u2019s AI functionalities, confirming its alignment with the initial purpose of data collection and affirming that the risk to the rights and freedoms of data subjects has not increased.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/07\/icon_shape.svg\" alt=\"\" class=\"wp-image-45340\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-1f02834608ef15ca9719611bdfb2c3dc\"><br>Data Processing Agreement<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-6dfce55b3b16432ce8d185e3988478e9\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Is there a data processing agreement with customers? <\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Yes. The Templafy&nbsp;<a href=\"https:\/\/www.templafy.com\/home\/platform\/security\/data-processing-agreement\/\" data-type=\"page\" data-id=\"45227\"><strong>data processing agreement<\/strong><\/a>&nbsp;(DPA) governs the processing of personal data that Templafy takes on as data processor, on behalf of customers as data controllers, unless otherwise agreed.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">The Templafy DPA is compliant with applicable data protection legislation, including the General Data Protection Regulation (GDPR) and includes the necessary details about the processing of personal data specific to our services.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/07\/icon_shape.svg\" alt=\"\" class=\"wp-image-45340\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-28365dbe389db807029b2a1812d44c78\"><br>Sub-Processors<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-c4ecbd1ebda852ca96b113b9b297ee53\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Which sub-processors are in use for the services?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy may use sub-processors, including affiliates of Templafy, as well as third-party companies, to provide, secure, or improve the services, and such sub-processors may have access to customer data.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">Our&nbsp;<a href=\"https:\/\/www.templafy.com\/home\/platform\/privacy\/subprocessors\/\" data-type=\"page\" data-id=\"49333\"><strong>list of sub-processors<\/strong><\/a>&nbsp;provides an up-to-date list of the names and locations of all sub-processors.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/07\/icon_shape.svg\" alt=\"\" class=\"wp-image-45340\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-b806096a9cbb99e3716b1b8690ef3895\"><br>Processors or Controller<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-c880064c1d939497ebc9c6fe573c2b60\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Is Templafy a data processor or a data controller?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">For the purpose of provisioning the Templafy services to our customers on the basis of performing the contracts we have with them, Templafy acts as a&nbsp;data processor.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">For other purposes, Templafy may act as a&nbsp;data controller. These processing activities are described in the applicable privacy policies:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"has-body-m-regular-font-size\"><a href=\"https:\/\/www.templafy.com\/home\/platform\/privacy\/privacy-policies\/general-privacy-policy\/\" data-type=\"page\" data-id=\"46035\"><strong>General privacy notice<\/strong><\/a><\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\"><a href=\"https:\/\/www.templafy.com\/home\/platform\/privacy\/privacy-policies\/recruitment-privacy-notice\/\" data-type=\"page\" data-id=\"45189\"><strong>Templafy recruitment privacy notice<\/strong><\/a><\/li>\n\n\n\n<li class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\"><a href=\"https:\/\/www.templafy.com\/home\/platform\/privacy\/privacy-policies\/cookies\/\" data-type=\"page\" data-id=\"45223\"><strong>Website cookie notice<\/strong><\/a><\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/07\/icon_shape.svg\" alt=\"\" class=\"wp-image-45340\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-8898d82155b8f06356f5709b5d12283d\"><br>International Data Transfers<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-48c5bb26024c25b59bd033f1e04fc407\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Is Templafy certified with the Data Privacy Framework (DFP)?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-74268849dda536528ba11e61df9e79a6\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Yes. Please see our up-to-date status&nbsp;<a href=\"https:\/\/www.dataprivacyframework.gov\/s\/participant-search\"><strong>here<\/strong><\/a>.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-0e2b7e81c869ed98498a27109a8cd7bd\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How does Templafy respond to regulatory restrictions on third country transfers?<\/h6>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy Privacy keeps updated with regulatory restrictions and any changes to these. Once the Schrems II judgement required that the personal data protection in the European Economic Area (EEA) travelled with the data wherever it goes, Templafy verified that all third country transfers had legal basis for such transfer, including the use of the Standard Contractual Clauses (SSCs) and the performance of Transfer Impact Assessments (TIAs) on applicable jurisdictions to ensure appropriate supplementary safety measures were in place with the Templafy affiliates and third-party service providers.<\/p>\n\n\n\n<p class=\"has-body-m-regular-font-size\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">As a result of the European Commission\u2019s adoption of the adequacy decision for the EU-US Data Privacy Framework, Templafy certified under the framework to demonstrate reliable mechanisms for safe personal data transfer from the EU to the US.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/07\/icon_shape.svg\" alt=\"\" class=\"wp-image-45340\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-7d0137802a1e72f30cd953438bd13cee\"><br>Contact<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-c6b591fac3e89936015280627cab910b\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>How can customers contact Templafy&#8217;s DPO?<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-ac7b0ebe41e1d04bc3b0780e82e0254a\" style=\"margin-bottom:var(--wp--preset--spacing--3-75)\">Attn: Margr\u00e9t Due<br>Head of Privacy<br>Wilders Plads 15A<br>1403 Copenhagen K<br>Denmark;<br>privacy@templafy.com<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group has-global-padding is-layout-constrained wp-block-group-is-layout-constrained\">\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"50\" height=\"50\" src=\"https:\/\/www.templafy.com\/wp-content\/uploads\/2024\/07\/icon_shape.svg\" alt=\"\" class=\"wp-image-45340\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-3-font-size wp-elements-31ae3f4e262c4a7d450f1a34dc41b306\"><br>Law Enforcement Request<\/h3>\n\n\n\n<h6 class=\"wp-block-heading has-gray-100-primary-color has-text-color has-link-color has-h-6-font-size wp-elements-d863fc55f765aa7c4b11806f4f2dc243\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\"><br>Does Templafy have a transparency report<\/h6>\n\n\n\n<p class=\"has-gray-100-primary-color has-text-color has-link-color has-body-m-regular-font-size wp-elements-0b75da96b0e0b31c57ae4cf96ec29805\" style=\"margin-bottom:var(--wp--preset--spacing--1-8)\">Templafy can provide updated information relating to law enforcement requests for customer information upon request. As of 30\/03\/2026, we have received the following requests:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Type of Request<\/th><th>Number of Requests<\/th><th>Content Data Disclosed<\/th><th>Non-Consent Data Disclosed<\/th><\/tr><\/thead><tbody><tr><td>Subpoena<\/td><td>0<\/td><td>0<\/td><td>0<\/td><\/tr><tr><td>Court Order<\/td><td>0<\/td><td>0<\/td><td>0<\/td><\/tr><tr><td>Search Warrant<\/td><td>0<\/td><td>0<\/td><td>0<\/td><\/tr><tr><td>Emergency Requests<\/td><td>0<\/td><td>0<\/td><td>0<\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\">Law enforcement requests<\/figcaption><\/figure>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Breadcrumbs<\/p>\n","protected":false},"author":8,"featured_media":0,"parent":45650,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-45607","page","type-page","status-publish","hentry"],"acf":{"header_mode":"dark","footer_mode":"dark","book_a_demo_mode":"dark","exclude_from_search_results":false},"_links":{"self":[{"href":"https:\/\/www.templafy.com\/wp-json\/wp\/v2\/pages\/45607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.templafy.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.templafy.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.templafy.com\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.templafy.com\/wp-json\/wp\/v2\/comments?post=45607"}],"version-history":[{"count":99,"href":"https:\/\/www.templafy.com\/wp-json\/wp\/v2\/pages\/45607\/revisions"}],"predecessor-version":[{"id":72725,"href":"https:\/\/www.templafy.com\/wp-json\/wp\/v2\/pages\/45607\/revisions\/72725"}],"up":[{"embeddable":true,"href":"https:\/\/www.templafy.com\/wp-json\/wp\/v2\/pages\/45650"}],"wp:attachment":[{"href":"https:\/\/www.templafy.com\/wp-json\/wp\/v2\/media?parent=45607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}