Usizy & OpenAI
When Usizy leverages the OpenAI API as part of its Smart Assistant platform, the following terms and safeguards apply.
The Usizy Smart Assistant leverages OpenAI’s language models to provide natural, contextual, and intelligent conversations. This partnership enables Usizy to deliver high-quality conversational experiences while ensuring data privacy, security, and full GDPR compliance.
1. Partnership with OpenAI
Usizy uses the OpenAI API to process messages and generate conversational responses. OpenAI acts as a sub-processor of Usizy, meaning it processes data strictly on behalf of Usizy and its customers — never for its own purposes.
A Data Processing Agreement (DPA) between Usizy and OpenAI ensures that all data is handled securely and in compliance with the General Data Protection Regulation (GDPR).
2. Data Hosting and Security
All processing through the OpenAI API follows OpenAI’s Enterprise and API Data Usage Policies, which are designed to guarantee privacy, security, and compliance with both European and international data protection standards.
Data Residency
For all Usizy customers, data processed through the OpenAI API is hosted and stored within the European Union (Ireland), in accordance with the GDPR and the Data Processing Agreement signed between Usizy and OpenAI.
Data never leaves the European Economic Area (EEA) without adequate safeguards, such as the Standard Contractual Clauses (SCCs) approved by the European Commission.
Data Use and Retention
- OpenAI does not use API data submitted through Usizy for model training or improvement.
- Data is used solely for inference (to generate responses) and retained for a limited period (typically ≤ 30 days) for operational integrity and abuse detection.
Security and Encryption
OpenAI applies industry-leading security controls, including:
- Encryption in transit and at rest (TLS 1.2+ and AES-256);
- Access isolation between customer environments;
- SOC 2 Type II and ISO 27001 certifications;
- Regular third-party audits and continuous vulnerability assessments;
- Role-based access control and multi-factor authentication (MFA) for internal operations.
Infrastructure
OpenAI does not use the content of API calls or interactions to train or fine-tune its base models.
Usizy and OpenAI Partnership Commitments
Through its enterprise relationship with OpenAI, Usizy ensures that:
- The Smart Assistant processes all data solely on behalf of the Customer;
- No data is ever used to train OpenAI’s public or base models;
- Encryption and access isolation are enforced across all processing layers;
- European data residency is maintained by default for all customers.
3. Use of Data
The data processed by OpenAI is used only to generate relevant, real-time responses to user messages. Neither Usizy** nor OpenAI use this data for training or improving general AI models.
All messages sent through the Smart Assistant are:
- processed temporarily by OpenAI for inference only;
- encrypted during transmission;
- after the retention period, any personal identifiers are permanently removed and the remaining conversation data is retained only in anonymized form for statistical or analytical purposes..
4. Roles and Responsibilities
Under the GDPR framework:
- The Customer (brand or retailer) is the Data Controller, deciding what data is collected and for what purposes.
- Usizy acts as the Data Processor, operating the Smart Assistant and managing its integration with OpenAI.
- OpenAI acts as a Sub-Processor, providing the AI infrastructure required to generate responses.
Usizy ensures that all data handled by OpenAI is processed solely on behalf of the Customer, following the contractual and technical safeguards agreed between both parties.
5. Compliance and Transparency
Both Usizy and OpenAI comply with international privacy and security standards, including:
- The EU General Data Protection Regulation (GDPR);
- The Standard Contractual Clauses (SCCs) for cross-border data transfers;
- ISO 27001 and ISO 27701 certifications.
For more information on OpenAI’s privacy and security practices, please visit:
Data Protection Officer (DPO)
- dp@usizy.com
- Usizy Labs S.L., calle Siete Picos, 20, Madrid, Spain