Data Privacy & Security

Pockla is committed to building privacy-first AI products and ensuring the protection of our users' privacy. We are currently working towards achieving SOC 2 (Type 2) compliance and ISO 27001 certification in 2024, demonstrating our dedication to security and data privacy standards.

We welcome any questions about Pockla’s approach to Data Privacy and Security. Feel free to contact us:

Data Processing at Pockla

Pockla processes messages from Slack and tools connected to Slack to provide AI-powered features such as summarization and prioritization. We ensure that all data is fully pseudonymized and/or anonymized before processing. Our policy is to minimize the collection and storage of Personally Identifiable Information (PII). Any indirect PII in notifications processed by Pockla (like names, phone numbers, or email addresses in messages) is fully anonymized or pseudonymized using Named Entity Recognition (NER) before processing.

Based in the UK Pockla is committed to full compliance with the GDPR. You can find a high-level overview of GDPR requirements here.

For more details, please read our Privacy Policy or contact us at security@pockla.com with any questions or concerns.

Technology and Third-Party Collaborations

Pockla employs a mix of technologies, including leveraging pre-trained models from partners and developing our own models for tasks like PII pseudonymization and bias mitigation. We are in the process of establishing Data Processing Agreements (DPAs) with third parties and share only pseudonymized or anonymized PII data with them. These third parties typically do not have direct access to our data. We are continually enhancing our models to ensure full data anonymization. Further information can be found in our Privacy Policy.

Data Retention and Deletion Policies

Aligned with GDPR guidelines, Pockla processes data only as necessary for specified purposes or to comply with legal retention requirements. After these conditions cease to apply, we routinely delete the data.

Data deletion or ‘right to be forgotten’ requests can be directed to security@pockla.com and will be responded to within 2 weeks.

Data Storage and Application Security

Our technical infrastructure is managed through AWS Managed Services, allowing us to adhere to leading security and compliance practices. Data at rest is encrypted using AES-256 and stored on AWS Servers. More information about AWS security can be found here and AWS SOC Reports are available here.

All Pockla applications and websites are SSL encrypted. We utilize virtual private clouds (VPCs) with IP whitelisting and conduct regular internal security audits.

Operational Security at Pockla

Our team is equipped with the tools and training necessary for maintaining top-tier security protocols. We strictly control access management using AWS Identity and Access Management (IAM) and robust device management policies.

To safeguard confidential data, team members follow stringent security measures, including encrypted storage and communication, and strong password enforcement. A thorough process is in place for removing access and retrieving company property when team members depart.

Addressing AI-Generated Content and Data Biases

Pockla is dedicated to developing AI products in a responsible, human-centric manner. We actively remove gendered pronouns from all generated content and continually review our models to reduce the risk of harmful content. User feedback is vital, and we encourage reporting of any inappropriate content.