.png?fit=max&auto=format&n=EQK5eX9kTD8NzWwA&q=85&s=878008bf159fcc4964d0c0d508b6e400)
What data AI agents access and process
HoopAI AI agents access different types of data depending on the feature and configuration. Understanding what data flows through your AI agents is the first step toward responsible data management.Conversation data
When a customer interacts with your Conversation AI agent, the following data is processed:- Message content: The text of messages sent by the customer and the AI agent’s responses
- Contact metadata: Name, email, phone number, and other contact fields stored in your CRM
- Conversation context: Previous messages in the current thread to maintain context
- Channel information: Whether the conversation is happening via SMS, webchat, email, Facebook Messenger, Instagram, or another channel
Knowledge base data
Data you upload to your knowledge base is processed and indexed to enable AI agents to answer questions accurately. This includes:- Documents, PDFs, and text files you upload
- Website content you configure for crawling
- FAQ entries and custom training data
- Business information such as hours, services, and pricing
Voice AI data
For Voice AI interactions, additional data is processed:- Audio recordings: Call audio may be recorded depending on your settings and consent requirements
- Transcriptions: Spoken words are transcribed to text for processing
- Call metadata: Duration, phone numbers, timestamps, and call disposition
Action and workflow data
When AI agents trigger actions, they may access:- Calendar availability for appointment booking
- Pipeline and opportunity data for lead qualification
- Custom field values for personalization
- Workflow trigger data
Data retention policies
HoopAI provides configurable retention policies for AI conversation data. Understanding these policies helps you comply with privacy regulations and manage storage costs.Default retention
| Data type | Default retention | Configurable |
|---|---|---|
| Conversation transcripts | Account lifetime | Yes |
| Voice call recordings | 90 days | Yes |
| Voice transcriptions | Account lifetime | Yes |
| Knowledge base content | Until deleted | N/A |
| AI analytics and metrics | 12 months | No |
| Audit logs | 24 months | No |
Configuring retention
You can adjust retention settings for most AI data types in your account settings. When data reaches the end of its retention period, it is permanently deleted from HoopAI systems, including backups, within 30 days.Shortening retention periods is applied prospectively. Data already past the new retention period will be queued for deletion within 30 days of the policy change.
Data deletion requests
You can delete specific AI conversation data at any time through the conversations interface or via the API. For bulk deletion requests or account-wide data removal, contact HoopAI support.How knowledge base and training data is stored
Your knowledge base is a critical component of your AI agents. Here is how that data is handled.Storage architecture
- Isolation: Each account’s knowledge base data is logically isolated. Your data is never accessible to other HoopAI accounts.
- Encryption: Knowledge base content is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher.
- Indexing: When you upload documents or configure website crawling, the content is processed into vector embeddings for semantic search. These embeddings are stored alongside the source content.
- Versioning: When you update knowledge base content, previous versions are overwritten. Deleted content is purged from the index within 24 hours.
What happens when you delete knowledge base content
When you remove a document or data source from your knowledge base:- The source content is marked for deletion immediately
- The associated vector embeddings are removed from the search index within 24 hours
- The AI agent will no longer reference that content in responses
- Backup copies are purged within 30 days
AI data is not used to train third-party models
Your data is never used to train third-party AI models. This commitment applies to all data types:- Customer conversation content is not shared with LLM providers for model training
- Knowledge base documents are not used to improve third-party AI systems
- Voice recordings and transcriptions are not shared for speech model training
- Contact data and business information remain within HoopAI systems
How HoopAI uses AI providers
HoopAI integrates with leading AI model providers to power features like Conversation AI and Content AI. When your data is sent to these providers for processing:- Data is transmitted over encrypted connections
- The provider processes the data to generate a response and does not retain it
- HoopAI has data processing agreements with all AI providers that prohibit training on customer data
- No personally identifiable information is shared unless required for the specific AI function
User consent considerations
When your AI agents interact with customers, you have a responsibility to obtain appropriate consent for data collection and processing. Here is guidance for different scenarios.Chat and messaging consent
- Inform users that their conversation may be processed by AI before or at the start of the interaction
- Include AI data processing in your privacy policy
- Provide an option for users to request a human agent instead of AI
- Clearly state what data is collected and how it will be used
Voice AI consent
Voice interactions require special attention due to recording laws that vary by jurisdiction.- One-party consent
- Two-party consent
- Best practice
In jurisdictions with one-party consent laws, you can record calls as long as one party (your business) consents. However, best practice is still to inform callers that the call may be recorded and that they are speaking with an AI assistant.
Opt-out mechanisms
Provide clear mechanisms for individuals to:- Opt out of AI interactions and speak with a human
- Request deletion of their AI conversation data
- Access a copy of their AI interaction data
- Withdraw consent for future AI processing
GDPR compliance
For businesses operating in the European Union or processing data of EU residents, GDPR compliance is essential. Here is how HoopAI supports your GDPR obligations regarding AI features.Lawful basis for processing
AI data processing in HoopAI can be supported by several lawful bases under GDPR:- Legitimate interest: Processing customer inquiries and providing support through AI agents
- Consent: Where explicitly obtained for AI interactions
- Contract performance: When AI processing is necessary to fulfill a service agreement
Data subject rights
HoopAI provides tools to help you fulfill data subject rights requests related to AI data:| Right | How HoopAI supports it |
|---|---|
| Right to access | Export conversation transcripts and contact data via the platform or API |
| Right to rectification | Edit contact records and conversation notes |
| Right to erasure | Delete conversations, contact records, and knowledge base data |
| Right to restriction | Pause AI agents for specific contacts or channels |
| Right to portability | Export data in standard formats (JSON, CSV) |
| Right to object | Configure opt-out mechanisms for AI interactions |
Data processing agreement
HoopAI offers a Data Processing Agreement (DPA) for customers who require one under GDPR. The DPA covers:- HoopAI’s obligations as a data processor
- Sub-processor disclosures, including AI model providers
- Data transfer mechanisms for international data flows
- Security measures and breach notification procedures
Data transfer mechanisms
When AI data is processed by providers outside the EU, HoopAI ensures appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and, where applicable, supplementary security measures.Data residency considerations
HoopAI’s infrastructure is primarily hosted in the United States. This means AI data, including conversation transcripts, knowledge base content, and analytics, is processed and stored in US-based data centers.What this means for you
- If you operate in a jurisdiction with data residency requirements, ensure your use of AI features is covered by an appropriate legal mechanism, such as SCCs or user consent for international transfers
- HoopAI’s DPA includes provisions for international data transfers
- Voice AI call routing may involve processing in multiple regions depending on the call origin and destination
Future data residency options
HoopAI is evaluating expanded data residency options for customers with strict requirements. Contact your account manager for the latest information on available regions.Best practices for AI data privacy
Audit your data flows
Review what data your AI agents access and process. Remove access to any data that is not necessary for the agent’s function. Apply the principle of data minimization.
Update your privacy policy
Ensure your privacy policy discloses the use of AI in customer interactions, what data is collected, how it is processed, and your customers’ rights regarding that data.
Configure retention appropriately
Set data retention periods that align with your business needs and regulatory requirements. Do not retain AI conversation data longer than necessary.
Train your team
Ensure your team understands what data AI agents access and how to handle data subject requests related to AI interactions.
Review knowledge base content
Periodically review what you have uploaded to your knowledge base. Remove outdated or unnecessary information, and ensure no sensitive personal data is included unnecessarily.
Next steps
AI compliance
Review detailed compliance guidance for GDPR, HIPAA, TCPA, and industry regulations.
Security best practices
Secure your AI deployment with access controls, monitoring, and prompt injection prevention.
Knowledge base setup
Learn how to build and manage your AI agent’s knowledge base with privacy in mind.
AI safety overview
Return to the full overview of HoopAI’s responsible AI principles and practices.