TellMe: security and privacy

TellMe is part of the Embat platform and is subject to the same security and compliance framework that governs all other Embat products and features. This means that the data TellMe analyses and processes receives the same level of protection as any other data in Embat.

How your data is protected

Data processed by TellMe is subject to the same data processing agreements and privacy commitments as the rest of the platform. ISO 27001 security policies and security training requirements apply equally to TellMe-related processes. The same confidentiality, data retention, and intellectual property protections extend to all TellMe functionality.

For more information about Embat's general security framework, please refer to the Security and Compliance documentation.

Google Cloud Vertex AI and data retention

TellMe uses Google Cloud Vertex AI for its generative AI capabilities. Google Cloud maintains a zero data retention policy for customer inputs and outputs.

In practice, this means:

No training on your data

Google does not use your data to train or fine-tune AI models without explicit permission.

Zero data retention

Customer inputs and generated content are not stored by Google for model improvement.

Project-level data isolation

Any in-memory caching is isolated at the project level with strict access controls.

Data residency compliance

All data processing adheres to applicable regional data residency requirements.

Frequently asked questions

Does Embat use my data to train AI models?

No. Embat does not use your data to train AI models. Additionally, Google Cloud Vertex AI maintains a zero data retention policy, meaning it does not use customer inputs or outputs to train or improve its models without explicit permission.

How long does Embat retain data processed by TellMe?

Data processed by TellMe follows the same retention policies as all other data in Embat, as set out in the Terms and Conditions and Data Processing Agreement. Google Cloud Vertex AI does not retain customer inputs or outputs for its own purposes.

Can Embat employees access the content of my TellMe interactions?

Access to data processed by TellMe follows the same strict access controls that apply to all data in Embat. Employees only access customer data when necessary for support, security, or compliance purposes.

Is my data isolated from other customers?

Yes. TellMe processing maintains the same multi-tenancy isolation controls as the rest of the platform. Google Cloud Vertex AI also implements project-level data isolation with strict access controls.

What happens if I delete content that TellMe has processed?

Deleted content follows Embat's standard data deletion procedures. Google Cloud Vertex AI does not retain copies of customer inputs or outputs.

Can I turn TellMe off?

Yes. TellMe is an optional feature. You can choose not to use it without affecting any other functionality on the platform.

Is TellMe compliant with GDPR and other data protection regulations?

Yes. TellMe is subject to the same compliance framework as all Embat services, including GDPR and ISO 27001 certification. Google Cloud Vertex AI is also compliant with major data protection regulations and supports data residency requirements.

TellMe and the EU AI Act

TellMe is not classified as a high-risk AI system under the EU Artificial Intelligence Act. There are three main reasons for this:

Human oversight at every step

TellMe is designed as a decision-support tool. It generates suggestions that the user reviews and validates before any change is applied. It does not take autonomous decisions on critical financial data.

B2B corporate focus

The high-risk category under the EU AI Act in the financial sector applies to systems that assess the creditworthiness of natural persons (individuals). TellMe operates in a B2B environment focused on corporate treasury management, not on the evaluation of individuals.

Optionality and control

TellMe is an optional feature. Customers can enable or disable it according to their own internal compliance requirements.

Although TellMe is not classified as a high-risk system, Embat proactively aligns with EU AI Act best practices on transparency, human oversight, traceability, and security.