Skip to main content

Data Protection & AI Processing

The automation uses an AI model for three tasks: classifying incoming activities and emails, detecting genuine customer replies, and drafting follow-up emails in your writing style. This page describes what data is processed in the course of that — and what the AI model never sees in clear form.

The principle: placeholders instead of real names

Before any text is transmitted to the AI model, it passes through a pseudonymization layer. It runs entirely on the application infrastructure in Frankfurt and is based on Microsoft Presidio (open source). Personal data is replaced with neutral placeholders — the AI model works on the structure of the text, not on identifiable persons. The model's response is then translated back.

The mapping between placeholders and clear text exists exclusively in memory for the duration of the individual request. It is never stored and never logged.

Example:

Your text:

Hello Mr. Mustermann, we have received your IBAN
DE89 3704 0044 0532 0130 00. Questions to max@acme-gmbh.de.

What the AI model sees:

Hello Mr. [Person1_Nachname], we have received your IBAN
[IBAN1]. Questions to [Email1].

What gets replaced

Two mechanisms work together:

Known contact data — always replaced. The name, company, and email address of the contact in question are known to the system from Pipedrive and are directly replaced with placeholders before every AI call, without relying on detection.

Detected data in free text. In addition, the pseudonymization layer scans the entire text and replaces: further person names, company names, and locations, as well as — pattern-based and therefore highly reliable — email addresses, phone numbers, IBANs, German tax identification numbers, tax numbers, VAT identification numbers, and credit card numbers. This in particular covers the data typically found in B2B email signatures.

Dates and links are deliberately kept: they usually contain no personal reference but are important context — delivery dates or links to documents, for example.

When pseudonymization is unavailable

A strict rule applies here: no pseudonymization, no AI call. If the pseudonymization layer is temporarily unavailable, the AI call is not made with clear text — it does not happen at all. Affected operations are retried automatically or flagged for manual review; the processes are logged.

Storage & logs

The placeholder mapping is — as described above — never persisted. Beyond that: the activity log contains no email addresses or subject lines in clear text; a hashing scheme is used for technical correlation. The writing-style profile is generated from pseudonymized emails. The CRM data required for operation (deals, contacts) resides in a database in the EU region. Credentials for your connected services (Pipedrive, Microsoft 365) are stored encrypted with AES-256-GCM.

Hosting & providers

ComponentProviderLocation
Application & pseudonymizationCodesphereFrankfurt, Germany
DatabaseSupabaseEU region
AI modelAnthropicUSA — receives pseudonymized content only
Email sendingYour own Microsoft 365 accountper your Microsoft configuration

Content transmitted to Anthropic is not used there for training the models and is subject to limited retention periods. You receive the complete data-processing documentation, including the list of sub-processors, as part of the data processing agreement.

Settings

Under Settings → App → Data Protection & GDPR you will find the switch for PII anonymization. It is enabled by default; disabling it is possible but remains your responsibility as the data controller. Two further options are already prepared there: human approval before generated emails are sent, and an AI disclosure notice in the email footer (transparency under Art. 50 EU AI Act).

Frequently asked questions

Does the AI model see our customers' names? Contact data known from Pipedrive is replaced before every call; names additionally detected in the text are replaced as well. The model works with placeholders such as [Person1].

What happens if pseudonymization fails? No AI call takes place — the system is deliberately built to stop in that case rather than send clear text.

Can we switch pseudonymization off? Yes, via the settings. It is not recommended; the data-protection assessment of disabling it is yours to make.