Last updated: 14 May 2025

This policy applies to every AI Twin deployed by People Heart Business AB inside Microsoft Teams (e.g., “AI‑Fredrik”, “AI‑Anna”).

1. WHO WE ARE

People Heart Business AB (”we”, ”us”) operates the AI Twin chat application (the ”Service”).

Slottsvägen 99, 183 52 Täby, Sweden.

2. DATA WE COLLECT

• Your full name
• Microsoft Entra ID (used to identify your Microsoft Teams user)
• The messages you exchange with the AI Twin

We collect no other personal analytics data.

Important: Do not share confidential business data, health-related, or other sensitive personal data in the chat.

3. WHY WE PROCESS YOUR DATA

• To generate personalised answers from the AI Twin.
• To monitor Service usage in aggregate (via PostHog).
  We never use your data for advertising.
• To maintain and improve the Service.
• To give the client company anonymised, aggregated usage statistics so they can gauge adoption and improve the Service.

4. LEGAL BASIS FOR PROCESSING

We rely on several GDPR bases, depending on the purpose:
Consent (Art 6 (1)(a)) – your chat messages are processed to generate answers and to compile aggregated data on how the service is used. The welcome message from the AI Twin explains that you provide consent by sending your first message.  

Legitimate Interests (Art 6 (1)(f)) – we retain minimal security/event logs solely to keep the service secure and reliable. We have balanced these interests against your privacy and found no overriding risk; the logs contain no message content.

Legal Obligation (Art 6 (1)(c)) – if a data breach occurs or an authority audits us, we must retain and disclose specific records.

Withdrawal of consent stops all consent-based processing, but we may still keep the limited data processed under legitimate interest or legal obligation (see Section 6).

5. WHERE WE STORE AND SEND YOUR DATA

Purpose	Processor	Location	Safeguards
Hosting of chat data	Supabase	EU	Encryption at rest & in transit, SOC 2 Type II audited
Generating AI replies	OpenAI	EU	0‑day retention, encryption, SOC 2 Type II audited
Product analytics (aggregated)	PostHog	EU	No message content

We store and process your data exclusively on servers located within the EEA. If limited support operations ever require access from outside the EU, we rely on Standard Contractual Clauses or an adequacy decision.

We will not engage any additional sub-processors until we have updated this policy and notified all users in-chat in advance, giving you a reasonable opportunity to object before the change takes effect.

 

6. RETENTION AND DELETION

We keep your data until you uninstall the AI Twin. Security/event logs kept under our legitimate-interest basis are retained for 7 days before automatic deletion.

How to uninstall the AI Twin app from Microsoft Teams (desktop version):

• If the AI Twin app icon is visible in the far left vertical menu bar, hold control on your keyboard and click the app icon. Select Uninstall.
• If the AI Twin app icon is NOT visible in the far left vertical menu bar, click the Apps icon. Find the AI Twin app, click Open and Open again. Press control on your keyboard and click the app icon in the far left vertical menu bar. Select Uninstall.

You can also request deletion by emailing hello@peopleheartbusiness.com; we erase all personal data within 30 days.

 

7. SECURITY

• TLS in transit & AES‑256 at rest
• Role‑based staff access only
• Mandatory two‑factor authentication

 

8. CHILDREN

The AI Twin is intended for adult employees only.

 

9. AUTOMATED DECISION-MAKING

The AI Twin offers advice; it does not make decisions with legal or significant impact on you.

 

10. YOUR RIGHTS

Under the GDPR you may request access, correction, deletion, restriction, portability, or object to processing.

Contact us at hello@peopleheartbusiness.com.

 

11. POLICY CHANGES

We will notify all users inside the AI Twin chat before significant changes take effect.

 

12. CONTACT

People Heart Business AB

Slottsvägen 99, 183 52 Täby, Sweden

Email: hello@peopleheartbusiness.com