Introducing the Ochre AI support workspace. Start a 14-day trial

GDPR and your data rights

Concierge data export, end-user erasure, sub-processors, and DPA requests under GDPR. Not self-serve — emailed to hello@ochrehq.com.

By ChristopherUpdated 3 min read

If you operate in the EU, the UK, or anywhere a customer might be a data subject under GDPR, you need a clear answer about how Ochre handles their data. This is that answer.

Roles

Under GDPR, you (the workspace owner) are the data controller for your customers' data. Ochre is the data processor: we store and process that data on your instructions, on infrastructure we operate.

This split matters because the rights below belong to your customers, but most of the practical mechanics are things you (or we, on your behalf) trigger to fulfil them.

Right of access and portability

Workspace and customer-record exports are handled as a concierge process today — there is no one-button export in the product, contrary to older marketing copy.

Email hello@ochrehq.com with:

  • Your workspace slug.
  • Whether you need a full workspace export or a single end-user record.
  • The format you need (JSON is the default; CSV available for tabular slices).

We produce a JSON archive that contains conversations and messages, customer profiles and custom fields, internal notes, tags, aliases, routing rules, SLA policies, and survey configurations, and deliver it via signed download URL. Standard turnaround is two business days.

For a single end-user's data (one of your customers asks for their record), we extract the customer profile and all linked conversations.

Right to erasure

Two paths.

Workspace deletion. Owners can delete the workspace from settings. There is a 30-day grace period for accident recovery, then a hard delete. After hard delete, no row tagged with that org_id remains.

End-user erasure. When one of your customers asks to be erased, contact hello@ochrehq.com with the customer's email or ID. We delete their profile, mask their identifiers in conversations they participated in, and confirm. We do not run end-user erasure as a self-service workflow because most teams want a human review step.

Aggregate or anonymized data that has had identifiers removed may be retained for product analytics. The original PII is gone.

Right to rectification

Customer profile fields are editable in the UI. Update the customer's profile or merge duplicates with customer-merge, and the change is reflected immediately. Conversation messages themselves are immutable: the historical record is preserved, but the customer profile that messages are linked to is current.

Right to object and to restrict processing

Stop new data from flowing into Ochre by disconnecting the relevant integration (Stripe, HubSpot, Slack, Linear, GitHub, Notion, GitBook). You can also turn off a channel from channel-master-toggles so no new conversations arrive there.

For AI processing in particular, autopilot and AI drafting-modes can be turned off per workspace. The conversation will still be stored, but the AI will not generate drafts or replies.

Sub-processors

Ochre uses a small set of sub-processors:

  • Supabase / AWS for Postgres and storage.
  • Vercel for application hosting.
  • Anthropic and OpenAI for AI inference (via customer-supplied BYOK keys).
  • Resend for email send and receive (Svix for webhook signing).
  • Stripe for billing.
  • Slack, HubSpot, Linear, GitHub, Notion, GitBook as integration partners (data flows only when you connect them).

The current list with regions and purposes is in our security-questionnaire. We update it before adding a new sub-processor that handles personal data.

Data Processing Agreement

We sign DPAs that include the EU Standard Contractual Clauses for transfers out of the EEA. The DPA is available on request as a concierge — email hello@ochrehq.com and we will send our standard DPA. Custom redlines are available for paid plans.

Where data is stored

Today, all customer data is stored in AWS us-east-2 (Ohio, USA). Transfers from the EU rely on SCCs in the DPA. EU residency is on the roadmap, not shipped. See data-storage.

Retention defaults

While your workspace is active, we keep data indefinitely so the product works. After workspace deletion, the 30-day grace period and then a hard delete. Backups roll off on Supabase's standard retention.

Security and breach notification

For the technical controls behind this, see security-overview and rls-isolation. In the event of a breach involving your data, we notify the workspace owner without undue delay and within the GDPR-required windows.

Related

Was this article helpful?

← Back to Ochre Help
GDPR at Ochre · Ochre