GDPR Compliance
How OGuardAI supports GDPR compliance for AI systems processing personal data
Audience: Data Protection Officers, Legal Counsel, Compliance Teams
1. Is OGuardAI a Data Processor or Controller?
OGuardAI is a data processor (Art. 28 GDPR). It processes personal data solely on behalf of and under the instructions of the deploying organization (the data controller). OGuardAI does not determine the purposes or means of processing -- those decisions remain with the controller. OGuardAI is self-hosted software; Oronts does not operate OGuardAI as a hosted service and therefore does not itself act as a processor. The controller deploys and operates OGuardAI within its own infrastructure.
2. Does OGuardAI Store Personal Data?
No persistent storage of raw personal data occurs.
- During request processing, raw values exist transiently in server process memory (RAM only). Memory is freed the moment the HTTP response is sent.
- The sealed session blob (an AES-256-GCM encrypted mapping of tokens to original values) is returned to the calling application. The server retains nothing after the response.
- The entity revocation table stores only HMAC-SHA-256 hashes of revoked values. No raw personal data is stored in the revocation table.
- Audit logs record entity types, counts, and policy names. Raw personal data values never appear in logs.
See Data Retention for the complete data lifecycle matrix.
3. Where Does Personal Data Flow?
Your Application (controller)
|
v
OGuardAI Runtime (processor, self-hosted)
|--- Raw PII exists ONLY here, transiently in RAM
|
+---> Tokenized text (no raw PII) ---> LLM Provider
+---> Encrypted session blob ---------> Your Application
+---> Audit event (no raw PII) -------> Your Log InfrastructureRaw personal data never crosses the trust boundary to the LLM provider. The LLM receives only semantic tokens (e.g., {{email:e_001}}) and safe metadata (entity type, language, formality -- never actual values).
4. Right to Erasure (Art. 17)
OGuardAI supports erasure through three mechanisms:
- Session expiry. Sealed session blobs expire after a configurable TTL (default: 1 hour). After expiry, the blob is cryptographically invalid and values are unrecoverable.
- Entity revocation. Calling the revocation API marks specific values as permanently non-restorable. Future rehydration requests return
[DELETED]for revoked entities. Cascade revocation propagates from a person to all linked entities (email, phone, address). - Key rotation. Rotating the session encryption key instantly invalidates all existing sealed session blobs. No data migration is required.
The controller remains responsible for deleting personal data held in its own systems (databases, vector stores, application caches).
See Data Retention Section "Forget User X" for the step-by-step procedure.
5. Data Portability (Art. 20)
- Tokenization is deterministic within a session: the same value always produces the same token.
- Sealed session blobs are portable -- they can be transferred between application instances that share the same encryption key.
- The transform API returns structured JSON containing all token mappings, enabling the controller to fulfill portability requests using its own export tooling.
6. Data Processing Agreement (DPA) Considerations
Because OGuardAI is self-hosted, the standard DPA landscape is simplified:
- No third-party sub-processors are introduced by OGuardAI in its default (sealed session, built-in detectors) configuration.
- If the optional Python NER sidecar is deployed, it runs within the controller's own infrastructure as a co-located service -- not as an external sub-processor.
- The LLM provider (OpenAI, Anthropic, etc.) is the controller's own sub-processor. OGuardAI ensures that this sub-processor receives only tokenized text, not raw personal data.
- Standard Art. 28 DPA clauses (purpose limitation, confidentiality, deletion on termination, audit rights) are satisfied by the controller's operational control over the self-hosted deployment.
7. Data Protection Impact Assessment (Art. 35)
When conducting a DPIA for AI systems that process personal data, OGuardAI provides the following controls:
| DPIA Element | OGuardAI Control |
|---|---|
| Necessity and proportionality | Policy engine enforces data minimization per entity type |
| Risk to data subjects | Trust boundary prevents raw PII from reaching LLM providers |
| Safeguards and security measures | AES-256-GCM encryption, session TTL, key rotation, entity revocation |
| Monitoring and accountability | Structured audit events (no raw PII), policy governance events |
| Lawful basis support | Tokenization enables AI processing without exposing personal data |
OGuardAI also supports shadow mode (dry-run), allowing the DPIA team to evaluate the system's detection and tokenization behavior on representative data before enabling active protection.
8. Summary for DPO Review
| Question | Answer |
|---|---|
| Role under GDPR | Processor (self-hosted by the controller) |
| Persistent PII storage | None. RAM-only during processing. |
| Sub-processors introduced | None in default configuration |
| Encryption standard | AES-256-GCM (authenticated encryption) |
| Right to erasure | Session expiry + entity revocation + key rotation |
| Data portability | Deterministic tokens, portable session blobs, structured JSON export |
| Audit trail | Structured events with entity types/counts only -- never raw values |
| Data residency | Entirely within the controller's infrastructure |
9. Related Documentation
- Compliance Controls Mapping -- GDPR, HIPAA, SOC 2, PCI DSS article-by-article mapping
- Data Retention and Privacy -- Complete data lifecycle, deletion procedures, retention policies
- Guarantees and Non-Guarantees -- Explicit statements of what OGuardAI does and does not guarantee
- Security Whitepaper -- Trust boundary model, encryption, authentication, tenant isolation