# Privacy & Data Protection > How GoSmarter handles personal data under GDPR - data processing practices, subject rights, and Microsoft's DPA. **URL:** https://www.gosmarter.ai/docs/content/privacy/ **Date:** 0001-01-01 --- ## Privacy and data protection GoSmarter processes data on behalf of our customers. This page describes our data protection practices and how we support your GDPR obligations. This page provides a high-level overview. Detailed privacy control documentation is available on request under NDA. ### Our role under GDPR - **You** (the customer) are the **data controller**: you decide what data is uploaded and processed - **GoSmarter** acts as a **data processor**: we process data according to your instructions via the platform - **Microsoft Azure** acts as a **sub-processor**: they host the infrastructure and provide AI services ### What personal data does GoSmarter process? GoSmarter is a B2B platform. The personal data we process is limited to what is required for account access, platform authorisation, and business-document workflows. GoSmarter does not collect or process sensitive personal data (health, biometric, financial) as part of its core functionality. ### Data Processing Agreement We provide a Data Processing Agreement (DPA) that covers: - The scope and purpose of data processing - Technical and organisational security measures - Sub-processor obligations (Microsoft Azure) - Data subject rights support - Breach notification commitments - Data deletion on contract termination Data Processing Agreement available on request via [talktous@gosmarter.ai](mailto:talktous@gosmarter.ai) ### Microsoft's data processing commitments As our infrastructure provider, Microsoft's processing commitments apply: - [Microsoft Products and Services DPA](https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA) - [Microsoft Trust Center](https://www.microsoft.com/en-gb/trust-center/privacy/gdpr-overview) - AI services: Your data is not used to train Microsoft AI models ([Azure AI data privacy](https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy)) ### Data subject rights If your users or data subjects exercise their rights (access, rectification, erasure, portability), we support you by: - Providing access to data stored in GoSmarter through the platform or on request - Deleting user accounts and associated data when requested - Supporting data export in standard formats Data can be accessed and managed through the GoSmarter application or by contacting us directly. ### Data retention - **Active data**: Retained for the duration of your subscription - **Uploaded documents**: Stored in Azure Blob Storage for the duration of your subscription - **Audit logs**: Retained in line with our operational and compliance requirements - **On contract termination**: Data handling and deletion are managed according to contractual terms ### International transfers Core persistent data is hosted in UK regions. Where supporting processing uses EU regions, it remains within UK/EU operating boundaries. See [Data Residency](data-residency) for more detail. ### Key points for your security team - **Data processor role**: GoSmarter processes data under your instructions as controller - **Limited personal data**: Primarily user accounts and names on business documents - **DPA available**: Covers processing scope, security measures, breach notification, and deletion - **Microsoft sub-processor**: Covered by Microsoft's Products and Services DPA - **No AI model training**: Contractual commitment from Microsoft - **UK/EU only**: No international transfers outside UK GDPR adequacy framework ### Detailed information under NDA Additional privacy and data protection evidence can be shared under mutual NDA, including: - Data flow and processing context documentation - Retention and deletion process details - Sub-processor and transfer assurance information - Operational control evidence relevant to due diligence ### Request evidence [Email us](mailto:talktous@gosmarter.ai), [contact us online](https://gosmarter.ai/contact), or [book a compliance call](https://calendly.com/gosmarter-demo) to request the NDA pack.