Regulatory compliance is an important part of deploying any AI-powered tool in your customer support stack. This page covers My AskAI’s position on GDPR, HIPAA, and other relevant regulations — including what documentation is available and how to request it. If a regulation you need isn’t covered here, contact the team via chat.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/arainey2022/myaskai-docs/llms.txt
Use this file to discover all available pages before exploring further.
- GDPR
- HIPAA
My AskAI and GDPR
The General Data Protection Regulation (GDPR) applies to any organisation processing personal data of individuals in the EU or UK. My AskAI takes GDPR compliance seriously and has structured its data processing activities accordingly.My AskAI as a Data Controller and Data Processor
My AskAI’s role under GDPR depends on the context:- Data Controller: When My AskAI collects and processes your data as a subscriber (e.g. your email address, usage data, billing information), My AskAI acts as the Data Controller — making decisions about how that data is used.
- Data Processor: When you use My AskAI as part of your own customer support service (e.g. your customers chatting with your AI agent), My AskAI may act as a Data Processor on your behalf, processing data at your direction.
What Personal Data Is Processed
The primary personal data My AskAI collects from subscribers is your email address. Depending on usage, additional data may include:- Contact data (email only for all users)
- Connection data (IP address, logs, timestamps)
- Internet data (cookies, analytics, navigation data)
- Content uploads (which may inadvertently include personal data)
- Conversation data from end-user interactions (retained for 30 days)
Legal Bases for Processing
My AskAI processes personal data under three legal bases:- Legitimate Interest (LI): Where processing is necessary for the pursuit of My AskAI’s or a third party’s legitimate interests
- Contractual Duties (CD): Where processing is necessary to deliver the service you’ve subscribed to
- Consent (C): Where you have explicitly agreed to a specific processing activity
Sub-Processors and DPAs
My AskAI relies on a carefully vetted list of sub-processors to deliver its service, including OpenAI, Anthropic, Qdrant, Bubble, Stripe, and others. Every sub-processor has a Data Processing Agreement (DPA) in place.For the full sub-processor list and their respective DPAs, refer to the GDPR compliance documentation.International Data Transfers
Some of My AskAI’s sub-processors are based in the United States. Data transfers to these processors are lawful under:- The EU-US Data Privacy Framework (adequacy decision by the European Commission)
- Standard Contractual Clauses (SCCs) for transfers not covered by the adequacy decision
Your GDPR Rights
As a data subject, you (and your end users) have the following rights under Articles 12–23 of GDPR:Right to Access
Right to Access
You can request a copy of the personal data My AskAI holds about you at any time.
Right to Rectification
Right to Rectification
You can ask My AskAI to correct inaccurate or incomplete personal data.
Right to Erasure
Right to Erasure
You can request deletion of your personal data. Requests are completed within 30 days. You can also delete your account (and all associated data) directly in Account Settings.
Right to Data Portability
Right to Data Portability
Where technically feasible, you can request that My AskAI send you a copy of the personal data you have provided, or transfer it to a third party.
Right to Object or Restrict Processing
Right to Object or Restrict Processing
You can object to processing based on legitimate interest, or request a temporary restriction on processing in certain circumstances.
Requesting a DPA or DPIA
- Data Processing Agreement (DPA): Available to all paid subscribers. Contact the team via chat from your registered account email to request a copy for signing.
- Data Protection Impact Assessment (DPIA): Available to Enterprise plan customers. Contact the team to request a copy.
Data Protection Officer
My AskAI has a designated Data Protection Officer (DPO). If you have GDPR-specific questions, contact the DPO via the support chat.ICO Registration
AskAI Ltd is registered with the UK Information Commissioner’s Office (ICO): ICO registration ZB608683.Other Regulations
CCPA (California Consumer Privacy Act)
CCPA (California Consumer Privacy Act)
My AskAI’s data handling practices are broadly compatible with CCPA principles, including data minimisation, transparency about data use, and honouring deletion requests. If you are a California-based business or serve California consumers and have specific CCPA compliance questions, contact team@myaskai.com.
Other Regional Regulations
Other Regional Regulations
My AskAI aims to comply with applicable data protection laws globally. Where regulations not listed here are relevant to your use case (e.g. PIPEDA in Canada, LGPD in Brazil, PDPA in Singapore), contact the team via chat to discuss how My AskAI can support your compliance requirements.
Requesting Compliance Documentation
| Document | Who can request | How to request |
|---|---|---|
| Data Processing Agreement (DPA) | All paid subscribers | Contact via chat from registered account |
| Data Protection Impact Assessment (DPIA) | Enterprise plan customers | Contact via chat |
| SOC-2 Type 2 report | Enterprise plan customers | Contact via chat |
| Business Associate Agreement (BAA) | Healthcare organisations (case-by-case) | Email team@myaskai.com |
For all compliance document requests, contact the My AskAI team using the chat widget on myaskai.com or email team@myaskai.com. Please use the email address associated with your My AskAI account.