Data & privacy model

SotsAI is designed to be used inside enterprise LLM stacks where data control, privacy, and auditability are critical.

This page explains what SotsAI does and does not do with your data.

Core principles

SotsAI follows four core principles:

You stay in control of all data
No unnecessary data is collected
No raw conversations are stored
Psychometric data is handled explicitly and securely

SotsAI is not a data sink — it is a stateless reasoning layer.

What data is sent to SotsAI

When you call SotsAI, you may send:

a situation description (context_summary)
one or two psychometric profiles
optional metadata (relationship type, situation hints)

A user psychometric profile is required for behavioral reasoning and is expected in all meaningful SotsAI calls.

You decide:

what fields are sent
when SotsAI is called
whether outputs are stored or discarded

SotsAI does not require:

conversation logs
user identifiers
access to your internal systems

What SotsAI does not store

By design, SotsAI does not persist:

raw conversation content
chat histories
user messages or replies
psychometric profiles fetched via API
personal identifiers beyond request scope

Each request is processed independently and no request payload data is persisted.

Psychometric data handling

Psychometric profiles are treated as sensitive inputs.

DISC profiles via SotsAI

When using SotsAI DISC:

invitations are sent via email
assessment completion happens outside your system
profiles are fetched on demand via API
profiles are not persisted beyond the scope of the request
no raw reports are exposed to end users

SotsAI acts as a secure proxy, not a profile database.

Email and personal data

For DISC invitations:

email is used only to send the invitation
email addresses are encrypted in transit and at rest
email is not stored nor reused for analytics or training
no additional PII is required

Email addresses are processed within request scope and are not persisted as stored profile records.

For SotsAI-managed DISC, an email address is required by the underlying assessment provider.

Invitations are sent via the SotsAI Admin page.
To fetch a DISC profile via API, your system must provide the user’s raw email address.

SotsAI uses the email only to derive an organization-scoped external identifier (based on org context + one-way encryption) for provider communication. SotsAI does not expose the email in API responses.

What you can control

Even though email is required for DISC, you can reduce exposure by:

limiting where email appears in your own systems (e.g., only in a backend service, never in LLM prompts)
redacting or hashing emails in your logs and traces
restricting who can send invitations from the SotsAI Admin page
using domain allowlists and internal policies to control who can be invited

Logging and observability

SotsAI logs are designed to be safe by default.

no raw text content is logged
no psychometric data is logged
logs focus on metadata (timing, status, error codes)
correlation IDs can be used for tracing

This allows monitoring and debugging without exposing sensitive data.

Redaction recommendations

We recommend applying redaction before calling SotsAI.

Common patterns include:

removing names
replacing identifiers with roles
summarizing situations instead of sending verbatim messages

Example:

> “Alice told Bob his performance was disappointing.”

Can become:

> “A manager gave critical feedback to a direct report.”

SotsAI does not require identifiable information to reason about behavior.

Compliance posture

SotsAI is designed to fit within common enterprise compliance frameworks:

GDPR (data minimization, purpose limitation)
internal security reviews
vendor risk assessments

You remain the data controller.
SotsAI operates as a data processor limited to request scope.

Your responsibility

You are responsible for:

deciding what data is sent
enforcing internal policies
defining retention rules on your side
determining when psychometric data is appropriate

SotsAI provides the tooling — you define the policy.