In the last months, working with multiple SaaS teams together with my partner Christiane Kaiser, one pattern kept emerging — especially in Germany:

AI adoption isn’t blocked by technology, it’s blocked by data privacy concerns.

Most teams don’t worry about AI taking over their work — they worry about what happens to their data. They’re afraid of:

• losing control over customer data
• accidentally violating GDPR
• training external models with sensitive inputs
• not being able to explain data flows to compliance

We’ve repeatedly heard questions like: “Where exactly does the data go?” “Could any of this be stored outside the EU?” “Are our prompts used to train another company’s LLM?”

So I sat down with our CTO Thomas Vié to write an open explanation of how we handle data privacy at Pollup AI in AI workflows, LLM usage, and customer intelligence systems

Here are the 6 principles that guide our approach:

1 - Your data stays in Europe.

2 - We don’t store data longer than needed.

3 - You maintain full ownership of your data.

4 - We choose models that don’t “learn from your inputs”.

5 - Transparency over magic.

6 - Privacy is not a checkbox. It’s part of our culture.

And here’s what each of these means in practice:

We use models and infrastructure that are hosted exclusively in the EU. That means:

• no transfers to US servers
• no routing through global clouds that replicate to unknown regions

Simply put: What happens in the EU, stays in the EU.

We work according to strict data-minimization principles:

• use data only for the intended workflow
• anonymize when possible
• auto-delete temporary data
• avoid retention of identifiable information

We treat sensitive data like something fragile — not something convenient.

If you share data for analysis, enrichment, insight generation, or automation: it remains yours. We never:

• use it to train external models
• send it to third-party APIs without explicit agreement
• repurpose it for other clients
• monetize it directly or indirectly

We simply process the data on your behalf, and only for the use cases you want.

Some AI services use your interactions to train themselves. We don’t. We work with models and hosting setups where:

• prompts are not stored for training purpose
• outputs are not fed back to the model
• model-training is isolated from inference
• logs can be fully disabled

Your data is used to get your answer, not to improve someone else’s AI.

A lot of AI vendors still hide behind “just trust us.” That’s not good enough. We are always ready to show:

• hosting locations
• model architecture
• data flow
• logging behavior
• encryption standards
• access rights
• exactly what leaves the server and what doesn’t

If someone asks: “Where does this data go?”, we don’t answer with marketing. We answer with specifics.

Data privacy isn’t something we “add at the end.” It shapes how we design systems from day one. Internally that means:

• privacy-first thinking
• constantly asking “do we even need this data?”
• reviewing access rights
• avoiding unnecessary collection
• making the secure option the default option

Because if AI is going to empower people, it needs to respect them first.

In our work with SaaS companies in Germany and across Europe, we’ve seen that AI succeeds when people trust the architecture. And trust is earned through clarity, not hype.

Our position is simple:

AI should make humans and systems more robust — not more vulnerable.

If you want to explore how this looks in real life, check out our automation examples here.