Cybersecurity and Privacy in Lyyli.ai – Comprehensive Guide for IT Departments

When building an AI tool to support communication, we fully understand our responsibility in protecting our customers' data. Lyyli handles sensitive messages and confidential documents daily, so we've built world-class security from the ground up.

This article is aimed at IT management and departments evaluating the service's security. We openly share how data protection and cybersecurity are handled in Lyyli.ai.

Encryption and Data Protection

All data processed in Lyyli.ai is protected with the highest level of encryption both in transit and at rest.

AES-256 Encryption

We use AES-256 encryption for all data. This is the same encryption algorithm used to protect data for government organizations and banks. Data is encrypted both when stored on disk and when transferred over the network.

Secure Data Transfer

All data transfer occurs protected by TLS 1.3 protocol. This ensures that data cannot leak during transfer, even if someone attempts to intercept network traffic.

EU Data Centers and Data Location

Our service runs on servers located within the EU. This means all customer data remains within the EU by default, which is important both for GDPR compliance and many organizations' internal security policies.

We do not transfer data outside the EU without the customer's explicit consent. This ensures your data complies with the EU Data Protection Regulation and remains within the Union's legal framework.

Isolated Environment and Data Isolation

One of our most important security principles is that each customer's data is stored completely isolated in its own environment.

Your data is never used to train AI models except within your organization's own environment. This means in practice that:

• Your competitors cannot benefit from your data

• You do not benefit from their data

• Each organization is completely independent

This is especially important when handling confidential messages and documents. Your company data is isolated and never used to train global models – complete privacy from the ground up.

Zero Data Retention – How AI Model Data Processing Works

Zero Data Retention (ZDR) means that the language model provider does not retain customer data in any form after processing. When Lyyli sends user text or communication ideas to a language model – whether Claude, GPT, or Gemini – the data is processed in memory in real time and destroyed immediately. It is not saved to logs, written to disk, or used for model training.

What Zero Data Retention Means in Practice

Lyyli uses multiple language models for content ideation and drafting. Without specific ZDR agreements, language model providers can by default retain inputs and responses sent through their API for a certain period – typically up to 30 days. With a ZDR agreement, this data retention is eliminated entirely, with the exception of legal obligations and abuse prevention.

In Lyyli's architecture, every API call to a language model is stateless: the model does not remember previous requests and does not retain anything after processing. Lyyli's own platform stores customer preferences, tone of voice guidelines, and content drafts in its own EU environment, but nothing remains with the language model provider.

Why This Matters for Organizations Handling Communications

Communications teams in organizations handle confidential content daily: strategic directions, unpublished press releases, customer communications, and brand materials. A key question when evaluating AI tools is what happens to data after it has been sent to the language model's API. ZDR addresses this concern directly:

• Communication content and brand materials are not stored on language model providers' servers

• The risk of data leakage through APIs is eliminated

• Unauthorized access to processed content is prevented, because the data simply does not exist after processing

Industry Examples

ICT company. A technology organization's communications team handles competitively sensitive information: product launches, partnership negotiations, and strategic directions. When the communications team uses AI for content ideation, ZDR ensures that competitively sensitive content does not remain behind APIs. For the IT department, this means AI-assisted communications do not create a new data leakage risk – data passes through the API and disappears.

Financial sector organization. A financial organization's communications include regulatory topics, investor communications, and market-sensitive information. In regulatory communications, even a single sentence leaking at the wrong time can constitute a market disruption. ZDR ensures that regulatory communications or financial information is not retained in third-party systems, supporting the organization's compliance requirements.

Public sector organization. A public sector entity handles topics related to citizen services and decision-making in its communications. The confidentiality of government communications is a fundamental requirement. ZDR ensures that confidential government communications remain under the organization's control and do not end up as training data for AI models or in third-party log files.

No Third Parties

Your data is not shared, sold, or rented to third parties. Full control remains with your organization. This is a clear principle we follow absolutely.

If we use subcontractors or service providers, we ensure they comply with the same security standards and GDPR requirements. All such agreements include a Data Processing Agreement (DPA) that ensures proper data handling.

GDPR Compliance in Practice

We have built Lyyli in accordance with GDPR requirements from the start. This means GDPR compliance is not a feature added afterward, but part of the service's basic architecture. Detailed information about data processing can be found in our privacy policy.

Data Minimization

We process only necessary data for the service to function. We do not collect extra data we don't need to provide the service.

Purpose Limitation

Your data is used only to improve communication and provide the service. We do not use data for other purposes without your explicit consent.

Right to Deletion

You can request deletion of your data within 30 days. When we receive a deletion request, we start the deletion process immediately and ensure all your organization's data is removed from the system.

Data Portability

All your data can be provided in a machine-readable format. This means you can easily export your data if you want to switch to another service or store it in your own system.

Dedicated Data Protection Officer

We have a dedicated Data Protection Officer who responds to all data protection questions quickly and comprehensively. We believe transparency is the best way to build trust.

You can contact the Data Protection Officer by email, and you'll receive an expert response within 24 hours. This is especially important for IT departments that need quick and clear answers to security questions. Additional information about data processing can be found in our privacy policy.

Access Rights and Access Control

Lyyli implements precise access control and comprehensive activity monitoring. This ensures only authorized personnel can access your organization's data.

Role-Based Access

Organization members see only the data they have access to. This means, for example, a team member cannot see management messages unless they have specific permission.

Administrator Management

Administrators can manage access in detail. You can define who has access to which data and change these permissions as needed.

Activity Logging

All system logins and activities are logged securely. This means you can track who has used the system and what actions have been taken. Log data is stored securely and available for security audits.

Automatic Monitoring

Suspicious activity is automatically detected and reported immediately. This includes, for example, unusual login attempts, large amounts of data downloads, or other anomalous behavior patterns.

Infrastructure Standards and Certifications

We follow industry-standard practices and approach security in accordance with the ISO 27001 framework. We will certify the service according to ISO 27001 standard, which ensures our security processes comply with international best practices.

This is especially important for organizations requiring certified security solutions. ISO 27001 certification demonstrates that we have a systematic approach to security management.

Continuous Development and Security Audits

Security is not a one-time project for us, but a continuous process. We regularly improve our systems and respond quickly to new threats.

Regular Updates

We regularly update our systems and actively monitor security threats. This includes both software updates and infrastructure improvements.

External Audits

We conduct regular security audits and test our systems with external experts. This ensures our security remains at a high level and we identify potential weaknesses before they become problems.

Staff Training

Our staff is continuously trained in security matters, as security depends on the weakest link in the chain. All our employees understand the importance of security and know how to act correctly in different situations.

Threat Monitoring

We continuously improve our protections and respond quickly to new threats. We actively monitor security news and update our systems as needed.

Collaboration with IT Departments

We understand that IT departments need detailed information about the service's security. Therefore, we are ready to share additional information and answer questions.

If you have questions about security or privacy, don't hesitate to contact us:

• Email: hello@lyyli.ai – quick response to security questions

• Data Protection Officer: expert response within 24 hours

• Chat support: immediate help with security questions

• Phone support: personal support for enterprise customers

Finally

Ultimately, security is a matter of trust. We trust you by sharing our best practices, and we hope you trust us by letting Lyyli help with your communication.

We are committed to maintaining the highest possible security level and continuously developing it. If you have questions or concerns, feel free to contact us – we're here to help. Detailed information about data processing can be found in our privacy policy.