PromptVigilPromptVigil

GDPR Compliance

GDPR-aligned AI interaction security

PromptVigil is designed to help organizations protect personal data in AI interactions, reduce accidental disclosure, and support GDPR compliance workflows across browser and desktop AI usage.

Our GDPR Approach

PromptVigil is built around data minimization, local-first inspection where possible, privacy-preserving controls, and administrative visibility. Our architecture prioritizes keeping sensitive data on-device while providing organizations the tools they need to protect their workforce from AI-related risks.

PromptVigil helps customers meet GDPR obligations but does not replace legal counsel or the customer's own compliance program. Organizations remain responsible for their data protection obligations under GDPR.

How PromptVigil Helps

Data minimization

Scans prompts, files, and AI interactions to reduce unnecessary personal data exposure before it reaches AI services.

Local-first protection

Performs supported inspections locally where possible before content is sent to AI services, keeping sensitive data on-device.

Risk visibility

Gives teams logs and event context for risky AI interactions without encouraging broad content surveillance.

Policy enforcement

Helps organizations warn, block, redact, or route risky interactions based on configured policy.

GDPR Principles Supported

Lawfulness, fairness, and transparency

Clear policies and controls for users and administrators to understand how AI interactions are protected.

Purpose limitation

Inspection focused solely on security risk detection, not general content surveillance.

Data minimization

Local-first design reduces data leaving devices; logs scoped to high-signal security events.

Accuracy

Detection tuned to reduce false positives while maintaining protection coverage.

Storage limitation

Configurable retention policies and customer-controlled log lifecycle.

Integrity and confidentiality

Encryption, least-privilege architecture, and secure development practices.

Accountability

Audit-oriented logging, role-based access, and documented security controls.

Shared Responsibilities

Customer Responsibilities

  • Define lawful basis and internal AI usage policies.
  • Configure PromptVigil policies for their workforce and risk posture.
  • Manage employee notices, consent where applicable, and access governance.
  • Review exported logs and incidents under their own compliance process.

PromptVigil Responsibilities

  • Provide privacy-preserving product controls.
  • Limit collection to product, security, and operational needs.
  • Support deletion/export workflows where applicable.
  • Maintain security controls appropriate for AI interaction protection.

Data Handling

  • PromptVigil is designed to inspect AI interactions for risk.
  • Browser extension protections are local-first where supported.
  • Desktop agent protections inspect supported local surfaces.
  • Enterprise deployments may configure centralized policy, telemetry, or gateway-style enforcement depending on plan.
  • Logs should be scoped to high-signal security events and configured according to customer policy.

Data Subject Rights

PromptVigil supports customer workflows for access, deletion, correction, restriction, objection, and portability where applicable. Organizations can work with their PromptVigil deployment to fulfill data subject requests in accordance with their compliance program.

Contact privacy@promptvigil.app

Security Measures

  • Encryption in transit where data leaves the device
  • Role-based administrative access
  • Least-privilege product design
  • Audit-oriented event logging
  • Secure development practices
  • Vendor and subprocessors reviewed for security and privacy risk

International Transfers and Subprocessors

PromptVigil evaluates subprocessors for security and privacy risk and will provide appropriate notices or documentation for enterprise customers. We maintain appropriate safeguards for any international data transfers in accordance with applicable data protection requirements.

Questions about GDPR or enterprise privacy?

Contact us for security, privacy, and deployment details.

privacy@promptvigil.app

This page is provided for informational purposes only and does not constitute legal advice. Customers are responsible for determining how GDPR applies to their organization and use of PromptVigil.

← Back to Home