We treat client data the way a brokerage has to.

SUD TECH LIMITED, a company registered in the Republic of Ireland (trading as “AI Broker”), operates the AI Broker platform and the Aoibhe agent. Registered office: Waterford, Ireland. Operational contact: support@aibroker.ie. References to “AI Broker”, “we”, “our”, or “us” in this notice mean SUD TECH LIMITED.

When a brokerage uses AI Broker to communicate with its own clients, the brokerage is the data controller for that client data. AI Broker is the data processor, acting under a written Data Processing Agreement (DPA) with each brokerage. We do not decide why client data is processed; the brokerage does.

When you visit our marketing pages (this site), submit a contact form, or sign up to a brokerage account, AI Broker is the data controller for that interaction.

Data Protection Officer: a DPO is being appointed before general availability. Until then, privacy queries are handled by the founding team via support@aibroker.ie. Response within 30 days.

From brokerage staff (account holders): name, work email, role, phone (optional), authentication credentials managed by Supabase Auth, IP address, audit log of administrative actions.

From end clients of a brokerage (where the brokerage uses AI Broker on a chat surface): name, email, phone, address, eircode, date of birth, the conversation transcript, any documents the client uploads (policy packs, claims correspondence, photos, PDFs), and the agent’s replies.

From integrated channels (WhatsApp, Gmail, Microsoft 365 / Outlook, web widget, browser extension): inbound message bodies, sender identifiers (phone number / email address), attachments, and metadata required to route the reply (channel ID, thread ID, message ID).

We do not collect biometric data. We do not collect payment or banking details. We do not request special-category personal data (GDPR Article 9). Where a client volunteers it, the conversation is escalated to a human broker and the agent stops drafting.

For brokerage-to-client conversations: Article 6(1)(b) GDPR — processing is necessary to perform a service the client has requested via the brokerage. Article 6(1)(f) for ancillary record-keeping required by Central Bank of Ireland Consumer Insurance Contracts Act 2019 and the Insurance Distribution Directive.

For account holders (brokerage staff): Article 6(1)(b) — contract performance.

For our own marketing communications and site analytics: Article 6(1)(a) consent, withdrawable at any time. We do not run third-party advertising trackers on this site.

We do not use client data to train any AI model. Anthropic, Vercel AI Gateway, and OpenAI embeddings are contractually configured not to train on customer inputs. The full position is in our internal Data Governance document, available to brokerage customers under DPA.

Conversation transcripts and uploaded documents: 7 years from the last interaction. Required by Consumer Insurance Contracts Act 2019 and the Insurance Distribution Directive record-keeping rules.

Audit pipeline records (agent runs, classifier events, verifier events, citation grounding, disclosures): 7 years. Required by EU AI Act Article 12 logging obligations.

AI-disclosure events (when Aoibhe identified herself as an AI to the client): for the lifetime of the parent conversation. Required by EU AI Act Article 50 transparency.

Knowledge-base documents uploaded by a brokerage: lifetime of the brokerage account, unless quarantined or deleted by the brokerage.

Data subject request records: 3 years from closure (GDPR accountability).

Operational backups: 30 days rolling. After erasure under GDPR Article 17, residual data persists in backups for up to 30 days before it is purged.

AI Broker uses a small set of audited sub-processors. Every transfer outside the European Economic Area runs under the European Commission’s Standard Contractual Clauses (Implementing Decision (EU) 2021/914, Module 2) plus the provider’s executed Data Processing Agreement.

Subscribers receive 30 days written notice before a new sub-processor is engaged. The current list below is authoritative; updates are dated against the “Last updated” marker at the top of this page.

Personal data is encrypted at rest using AES-256-GCM with application-managed keys. Field-level encryption applies to client PII (name, email, phone, eircode, date of birth), conversation messages, internal notifications, OAuth refresh tokens, and channel credentials. Encryption is enforced inside the Prisma data layer, so a query that bypasses the application layer does not return readable data.

Tenant isolation is enforced at the database (Supabase Row-Level Security) and at the application layer (per-request business identifier). A brokerage’s data is never returned to a query running under another brokerage’s auth context.

Inbound webhooks (Meta WhatsApp, Gmail, Microsoft Graph, embedded widget) are HMAC-verified before any payload is processed. Auth uses scoped tokens: webhook signatures, server API keys, embed keys, Supabase JWTs, conversation tokens — each restricted to the surface that issues it.

Every agent action writes an audit row: AgentRun (model, prompt version, tokens, stop reason), ClassifierEvent (intent labels), VerifierEvent (5-category safety score with thresholds), GroundingAssertion (per-sentence citation status), DisclosureEvent (AI Act Art. 50 evidence), HumanOverride (when a broker takes over from the agent), DataRequest (GDPR exports and deletions). The audit trail is reconstructable end-to-end for any reply.

Vulnerability disclosure: support@aibroker.ie. We respond within 5 business days and coordinate disclosure under a 90-day default window.

Where a client interacts with the agent on a chat surface, the agent identifies itself as Aoibhe, the brokerage’s AI assistant, on first turn. The disclosure is logged as a DisclosureEvent in the audit pipeline. This is our implementation of EU AI Act Article 50 transparency obligations.

The agent does not advise on cover, confirm an insurer’s decision, recommend a specific product, or handle a vulnerable consumer without escalation. Refusal categories are enforced server-side by a verifier model and route the conversation to a human broker.

Every agent reply is reconstructable. Brokers and regulators can see the exact prompt, model, retrieved documents, classifier and verifier scores, and grounding citations that produced any reply, against the timestamp it was sent.

If you are an end client of a brokerage that uses AI Broker, your data subject rights run against the brokerage as the controller. Contact your broker first. AI Broker assists the brokerage in fulfilling the request as processor.

If you are an account holder, a marketing-site visitor, or a contact who reached us directly, your rights run against AI Broker:

Right of access (GDPR Art. 15): we provide a copy of the personal data we hold about you, with explanation of processing purpose, retention, and recipients.

Right to rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), and objection (Art. 21).

Right not to be subject to a decision based solely on automated processing producing legal or similarly significant effects (Art. 22). Aoibhe never makes such decisions — advice and binding decisions are made by a human broker.

To exercise any of the above: support@aibroker.ie. We respond within 30 days. To complain to a supervisory authority: the Data Protection Commission, Republic of Ireland (dataprotection.ie).

aib_t_<conversationId>: scoped to .aibroker.ie, used to maintain a conversation across page reloads on the embedded chat widget. First-party. No tracking purpose.

sb-access-token / sb-refresh-token: Supabase Auth session cookies for brokerage staff signed into the dashboard. First-party.

No third-party advertising cookies, no cross-site tracking, no Facebook pixel, no Google Analytics. Telemetry on the marketing site is server-side only and aggregates IP, country, and user-agent without setting a cookie.

AI Broker is a B2B platform for regulated insurance brokerages. The product surface is not directed at children. If you believe a child’s personal data has been submitted through our platform, contact support@aibroker.ie and we will erase it.

Material changes (new sub-processor, new processing purpose, change in retention) are notified to brokerage customers under DPA, with at least 30 days’ notice before they take effect, except where shorter notice is required by law.

Non-material changes (formatting, clarification, contact updates) are reflected here with an updated revision date.

Last updated: 2026-05-11.