Dedicated environments
Customer environments are logically separated and deployed specifically for the organization they serve.
Dooblux designs and manages dedicated AI environments for organizations that require greater control over their data, infrastructure and AI operations. Privacy, security and GDPR responsibilities are incorporated into the way these environments are designed, deployed and maintained.
Customer environments are logically separated and deployed specifically for the organization they serve.
The standard hosting model uses dedicated infrastructure in trusted European datacenters.
Customer documents, prompts and conversations are not used by Dooblux to train or improve AI models.
Data processing responsibilities are defined through clear agreements, including a dedicated Data Processing Agreement.
Privacy & GDPR
Dooblux applies privacy-by-design principles throughout the implementation and management of its Private AI Infrastructure. Customer data remains under the customer’s control and is only processed where necessary to provide the agreed services.
Processing principle
Customer documents, prompts, conversations and other personal data are not used by Dooblux to train, fine-tune, evaluate or improve artificial intelligence models. They are processed only where required to operate, maintain, secure and support the customer environment.
No sale or commercialisation of customer data
No customer data used for AI model training
Processing limited to agreed service delivery
Confidentiality obligations for authorised personnel
Dooblux aims to process and store personal data within the European Economic Area wherever reasonably possible. The standard service is hosted in dedicated European datacenters.
Customer processing responsibilities are documented in a dedicated DPA covering security, subprocessors, breach procedures, retention, deletion and GDPR assistance.
01
The customer
The customer determines why personal data is processed, which information is made available and who may access the AI environment.
02
Dooblux
Dooblux processes personal data on behalf of the customer and only as necessary to implement, host, maintain and support the agreed services.
Dooblux may also act as an independent data controller for its own business administration, such as customer communication, contracts, invoicing and legally required records.
Security measures
Dooblux applies technical and organisational safeguards throughout the design, deployment and ongoing management of customer environments. Select a security measure to learn more.
Infrastructure & data location
The standard Dooblux deployment model uses a dedicated customer environment hosted in a trusted European datacenter. Customer applications, documents and AI processing remain within that managed environment.
Private AI environment
Deployed and managed specifically for one customer organization
Access is limited to authorised users and personnel with a legitimate operational requirement.
Customer environments are separated to reduce unnecessary exposure between unrelated organizations.
AI processing and company knowledge remain within the managed private infrastructure.
Deployment, maintenance, updates, monitoring and support are handled within the agreed service scope.
Backup, resilience & incident response
Security is not limited to prevention. Dooblux also maintains structured backup, recovery and incident response processes intended to reduce the impact of service failures, data loss and security incidents.
Managed production environments normally follow a daily backup schedule for relevant application data, customer knowledge bases and configuration information.
Recovery prioritises rebuilding standardised infrastructure and restoring the application data and configuration required to return the environment to operation.
Suspected incidents are assessed, classified and managed through defined containment, eradication, recovery and review stages.
Incident lifecycle
Detect
Assess
Contain
Recover
Improve
Backup coverage, retention periods and recovery objectives may vary depending on the deployed architecture, customer requirements and contractual service arrangements.
Legal documentation
Dooblux maintains legal and privacy documentation that explains how services are delivered, how personal data is handled and how responsibilities are divided between Dooblux and its customers.
Customer agreement
Data protectionDefines how Dooblux processes personal data on behalf of a customer, including security measures, confidentiality, subprocessors, data breaches, retention, deletion and assistance with GDPR obligations.
Privacy
Explains how Dooblux processes personal data for its own business activities, customer relationships, service delivery, support and legal administration.
Commercial terms
Establishes the general commercial and legal framework governing Dooblux implementation, hosting, maintenance, support and related professional services.
Security information
Customers may request additional information about Dooblux security, privacy and operational practices where reasonably required for procurement, due diligence or compliance review.
Customer-facing legal documents may be made publicly available. Detailed internal security policies, incident-response procedures and operational documentation are not necessarily published in full, because they may contain confidential or security-sensitive information.
Frequently asked questions
These answers summarize the main privacy, security and compliance principles behind Dooblux services. Customer-specific arrangements may be documented separately in the applicable agreement or DPA.
The standard Dooblux service is based on dedicated infrastructure hosted in trusted European datacenters. Dooblux aims to process and store personal data within the European Economic Area wherever reasonably possible.
No. Dooblux does not use customer documents, prompts, conversations or other personal data to train, fine-tune, evaluate or improve AI models. Customer data is processed only where required to provide, secure, maintain and support the agreed services.
The customer retains ownership of its data, documents, knowledge bases, prompts, business information and other materials supplied to the environment. Dooblux does not obtain ownership of customer content through the provision of its services.
Customers are given a reasonable opportunity to retrieve or export their data. Unless otherwise agreed, customer data and the hosted environment may be retained for up to 30 calendar days after termination before being securely deleted or rendered inaccessible.
Data contained in backups may remain until the relevant backup is overwritten or deleted through the normal retention cycle.
Managed production environments normally follow a daily backup schedule for relevant application data, customer knowledge bases and configuration information. Backup storage is separated from the production environment and protected during storage and transmission.
Exact coverage and retention may differ according to the architecture and customer agreement.
Dooblux follows a structured incident response process covering identification, assessment, containment, eradication, recovery, communication and post-incident review.
Affected customers are informed without undue delay where an incident materially affects, or is likely to affect, their environment, information or legal obligations.
Dooblux may use carefully selected service providers where necessary for hosting, storage, backup, monitoring, communication or other supporting functions.
Subprocessors handling customer personal data are subject to appropriate contractual data-protection obligations. Customers may request an up-to-date subprocessor list.
Yes. Dooblux may provide reasonable documentation, written responses or other information to support procurement, compliance reviews and customer due diligence.
Confidential internal procedures, trade secrets and security-sensitive technical information may be withheld or shared only under appropriate confidentiality arrangements.
Security starts with clarity
Discuss your organization’s requirements, data-processing needs, infrastructure preferences and procurement questions directly with Dooblux.