AI & data protection at narratiQ

How we protect your manuscripts – technically, contractually, and legally.

No AI training with your data

narratiQ uses Azure OpenAI Service – not ChatGPT. The difference is crucial: With ChatGPT, input data can be used to train new models. With Azure OpenAI, this is contractually excluded.

Microsoft guarantees in the Azure OpenAI Service Terms:

"Your prompts (inputs) and completions (outputs), your embeddings, and your training data are NOT available to other customers, NOT available to OpenAI, NOT used to improve OpenAI models, NOT used to improve any Microsoft or 3rd party products or services."

Microsoft Azure OpenAI Data Privacy

This means: No manuscript you analyze through narratiQ feeds into the training of GPT models or other AI systems. Neither today nor in the future.

Processing exclusively in Europe

All data is processed in European Azure data centers (Region West Europe / Sweden Central). There is no data transfer to the USA or other third countries.

This complies with the GDPR requirements for data processing within the European Economic Area (Art. 28 GDPR).

  • Data centers in the Netherlands and Sweden
  • No data transfer to the USA
  • Compliant with Art. 28 GDPR (data processing agreement)

Deletion and data subject rights

Processing data at Azure OpenAI is automatically deleted after 30 days. Additionally, data subjects (authors) have the following GDPR rights at any time:

  • Right to erasure (Art. 17 GDPR) – immediate deletion on request
  • Right of access (Art. 15 GDPR) – what data is stored
  • Right to data portability (Art. 20 GDPR) – export of own data

These rights can be exercised at any time through the publisher or directly with us.

Roles and responsibilities

Under the GDPR, roles are clearly defined:

Publisher

Data controller (Art. 4 No. 7 GDPR) – decides on processing

narratiQ

Data processor (Art. 28 GDPR) – processes on behalf of the publisher

Author

Data subject – has GDPR rights regarding their own data

Every publisher receives a data processing agreement (DPA) under Art. 28 GDPR that governs all details.

Microsoft Azure in detail

Azure OpenAI Service is the enterprise version of OpenAI technology, hosted and secured by Microsoft Azure. The platform holds the following certifications:

  • ISO 27001, ISO 27017, ISO 27018 (information security)
  • SOC 2 Type II (security controls)
  • EU Standard Contractual Clauses (SCCs)

All data is protected with AES-256 encryption at rest and TLS 1.2+ in transit.

Complete Azure OpenAI data protection documentation

Summary

This is not a marketing promise. This is applicable law.

  • No AI training with your manuscripts (contractually guaranteed)
  • Processing only in Europe (Azure West Europe / Sweden Central)
  • Automatic deletion after 30 days + GDPR right to erasure
  • Data processing agreement (DPA) for every publisher
  • ISO 27001, SOC 2 Type II certified infrastructure
Back to homepage