FAQ

Your data remains within your own infrastructure. Complexio is deployed within your environment and does not host customer data on shared infrastructure. All data is encrypted both in transit using TLS 1.2 or higher and at rest using AES, with either customer-managed or platform-managed keys.

Complexio personnel do not have direct access to customer data stores. Administrative access to customer environments is limited, requires MFA, and is logged.

We maintain a documented incident response plan with defined roles, escalation procedures, and communication protocols. Customers are notified within agreed timeframes.

Yes. We operate as a data processor, execute DPAs with all customers, and implement privacy by design across our platform.

Yes. We support right to erasure requests. Data deletion procedures are defined per customer agreement, covering session data and ingested content.

Enterprise Automator runs entirely within your infrastructure with no third-party data processing. For our interactive AI product, real-time inference is handled by a leading foundation model provider under strict zero data retention terms — no customer data is stored or used for training. A full subprocessor list is available on request as part of our DPA.

Enterprise Automator processes all data within the customer's chosen region with no external transfers. For our interactive AI product, inference requests are processed by an external model provider governed by a Data Processing Agreement with Standard Contractual Clauses and zero data retention. Full transfer details are documented in our DPA.

No. Customer data is never used to train or fine-tune foundation models. Your data improves your results, not our models.

Our system is designed to minimise exposure of personal data in AI responses. During ingestion, multi-layer filtering controls exclude sensitive content before it enters the AI-accessible data environment. At the output layer, additional controls are in place to detect and redact residual personal information before it reaches the user.

Complexio processes business communications at an organisational level. Individual message content may be accessed by the system during ingestion and processing, but user-facing outputs are designed to surface aggregated business insights, not individual employee activity. Customers retain full control over which data sources are connected and can configure ingestion filters to exclude specific content.

Complexio integrates with your existing IAM systems (e.g. Microsoft Entra ID). All platform authentication follows least-privilege principles, with comprehensive query and session logging for full traceability. Data-level access governance is under active development.

Yes. User queries, AI interactions, and administrative actions are logged with full traceability. Logs are available to customers on request, with a self-service audit interface on the roadmap.

Yes. We provide security documentation, support customer-led audits, and are working towards independent third-party certifications (ISO 27001, SOC 2).

Complexio is purpose-built for Azure-native enterprises. Other cloud environments are supported via custom deployment under our partner programme.

All services are continuously monitored via centralised observability tooling, with real-time alerting on error rates, latency, and resource utilisation. Every critical alert is linked to a documented runbook with defined escalation procedures