At Smart Role, we take data privacy and security seriously. As an AI-powered training platform for customer support teams, we are committed to helping our customers meet their data protection obligations—especially under the EU General Data Protection Regulation (GDPR).

Whether you’re a BPO or an in-house support team, we ensure your data—and your customers’ data—is handled with care, transparency, and compliance at every stage.

🔐 Our Role Under GDPR

Smart Role acts as a data processor for customer data processed through our platform. Our customers—BPOs and support teams—remain the data controllers, determining what personal data is shared and for what purpose (e.g. during scenario simulations or performance tracking).

We also act as a data controller for the limited data we collect about our own users (e.g. admins and trainers creating simulations) to provide access to our services and improve the platform.

⚙️ How We Ensure Compliance

We’ve implemented robust practices to align with GDPR’s principles of transparency, accountability, and data minimization, including:

• Data Processing Agreements (DPA) with all customers and sub-processors

• Purpose limitation: data is only processed for the purpose of training and coaching scenarios

• Access control and audit logging for all user activity

• Anonymization and pseudonymization options for training data, upon request

• Data deletion and export rights in line with Article 17 (right to be forgotten) and Article 20 (data portability)

🧠 AI with Privacy by Design

Smart Role uses AI to simulate realistic customer conversations and deliver feedback to agents. We follow privacy-by-design principles in all AI features:

• Data isolation: Customer-specific data is never shared across tenants

• Zero training on your data: We use Azure OpenAI, ensuring that no customer data is used to train public models

• Human-in-the-loop controls: Trainers and admins can review, edit, and approve simulations and feedback

🌍 Data Hosting & Transfers

All customer data is hosted securely in the European Union by default. If requested, we can support regional hosting needs for specific compliance requirements (e.g. UK GDPR or other local frameworks).

We’ve also implemented Standard Contractual Clauses (SCCs) and data transfer mechanisms to safeguard international transfers, where applicable.

📄 Your Rights & Requests

Smart Role enables your organization to respond to data subject access requests (DSARs) quickly and efficiently. If you are an end-user and believe your data is being processed via our platform, please contact the relevant organization (your employer or service provider) directly.

For any GDPR-related questions, rights requests, or concerns, contact us at:

📧 privacy@smartrole.ai

✅ Our Commitments

Smart Role is:

• ✅ SOC 2 Type II compliant

• 🚧 Working toward ISO 27001 certification

• 📋 Continuously auditing our practices to meet evolving compliance standards