Where your data lives, and why it won't feed a third-party model

In short. Your data is hosted on Azure in France, encrypted in transit and at rest, isolated per organization, and its content is inaccessible to the employer. It is not used to train AI models. Vikl makes no automated decisions and does not score people. Here's the detail, question by question.

The situations a manager entrusts to Vikl are among the most sensitive in the company. Security and confidentiality aren't an option, they're a condition of use. Here are the straight answers to the questions a DPO or security team asks.

Where is my data hosted?

On Microsoft Azure, in the France Central region, exclusively in Europe. The entire infrastructure (application, database, cache, file storage) is hosted in this European region.

Is my data encrypted?

Yes, in transit and at rest. Exchanges between components are encrypted via TLS, and stored data is encrypted via the at-rest encryption mechanisms of managed Azure services. Secrets are handled in a dedicated vault (Azure Key Vault).

Will my data be used to train an AI?

No. Your content is not used to train artificial intelligence models. Vikl relies on a large language model operated via Azure OpenAI, whose processing stays in a European region (France), and whose policy excludes using customer content to train the models. It's the question that comes up most often, and the answer is clear: your management situations feed no model.

Who can access what?

No one, on the company side, can read the content of an individual situation. Isolation between organizations is strict and enforced at several levels, down into the database. No admin role (employer, HR or manager) grants access to conversation content. Each user also sets granular consents on arrival (personalization, memory policy, retention period, analysis permission). We detail this in the article The confidentiality paradox.

Are you GDPR compliant?

You keep control of your data: access, export, deletion and portability are implemented, and the retention period is configurable (from 30 to 365 days). A user can delete a conversation, reset their AI data, or delete their account. Deletion is always user-driven, never by a manager on someone else's data.

What about the AI Act?

Vikl is designed in that spirit: no automated decisions (the tool's proposals remain suggestions, the human decides), no intrusive emotion detection (an explicit ban on inferring or labeling a person's emotions), and no scoring of people (DISC-type profiles are self-assessments filled in by the user, not a score assigned by the AI).

What Vikl does not do

As important as what it does. Vikl is not a tool for medical, psychological or legal content. It is not a surveillance or managerial-control tool. Nothing is shared without consent. And the tool is never used to evaluate or score individuals.

These principles aren't marketing promises: they follow from how the product is built. It's that requirement that lets a manager trust Vikl with their most sensitive matters.