# Data Privacy & Handling

Conversation data moves through a clear lifecycle on Helvia: collection, anonymization, storage, and deletion. The platform gives you direct control over the two stages that vary most between organizations: how personal information (PII) is identified and replaced, and how long conversation data is kept before it is deleted (data retention).

{% hint style="info" %}
For certifications, the security FAQ, and how Helvia protects your data end-to-end, see the [Security Overview](/security/overview.md) page.
{% endhint %}

### Anonymization and PII Handling

The platform automatically detects personal information in conversations and replaces it before that data is stored or sent to third parties. Anonymization is activated and configured **per agent** under **Designer > Settings > Privacy**, so each agent can carry rules appropriate to its domain.

<div data-with-frame="true"><figure><img src="/files/Cf3V0mEMXXuqbidAYEoN" alt="" width="563"><figcaption></figcaption></figure></div>

Three mechanisms work together, each addressing a different sensitivity level:

<table data-column-title-hidden data-view="cards"><thead><tr><th>Title</th><th>Description</th></tr></thead><tbody><tr><td><h4><i class="fa-tags">:tags:</i></h4><h4>Entity-Based Detection</h4></td><td>Recognize named entities like people, locations, dates, and money, or match custom regex patterns</td></tr><tr><td><h4><i class="fa-plug">:plug:</i></h4><h4>Custom Anonymization Service</h4></td><td>Plug in your own detection endpoint when the built-in entities are not enough</td></tr><tr><td><h4><i class="fa-mask">:mask:</i></h4><h4>Full Message Obfuscation</h4></td><td>Replace the entire user message before storage for the highest-sensitivity scenarios</td></tr></tbody></table>

#### Entity-Based Anonymization

Entity-based anonymization uses Named Entity Recognition to detect Personally Identifiable Information (PII) in free text and substitute it with placeholder values. The detector recognizes a fixed set of categories, such as names, locations, dates, and monetary values.

Detection runs on every incoming user message when configured, before it enters the agent's processing pipeline, so the data is replaced before it ever reaches the language model or persistent storage. It can also be applied to the full conversation transcript before export to external systems. Contact [support](/resources/support.md) for special configurations beyond the defaults.

To add a detection and replace rule:

{% stepper %}
{% step %}

#### Open Privacy Settings for the Agent

In Designer, go to **Settings > Privacy**.
{% endstep %}

{% step %}

#### Add a Detection Rule

Under **Anonymization Settings**, select **Add Data Type** to insert a new row. You can add as many rows as you need, one per entity type or regex pattern you want to detect.

<div data-with-frame="true"><figure><img src="/files/nq7aRzSmVqwbtuRoetgz" alt="" width="375"><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

#### Choose What to Detect

Pick the **Data Type** category. The full set of supported categories is listed below.
{% endstep %}

{% step %}

#### Set the Replacement

Enter the text that will replace matches in **Replacement Text**. Leave it blank to fall back to the **Default Replacement** value set for the section.
{% endstep %}

{% step %}

#### Provide a Regex Pattern &#x20;

Only required when **Custom Regex** is selected as a data type. Enter the **Regex pattern** and the **Replacement Text**. Use this for identifiers specific to your domain, such as account numbers or internal case IDs.

<div data-with-frame="true"><figure><img src="/files/XfrI4iGc15oMlY5B0nWY" alt="" width="375"><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}

#### Save the Rule

Select **Save Changes** to apply.
{% endstep %}
{% endstepper %}

The full list of supported entities is:

<table><thead><tr><th width="160">Entity</th><th>What It Covers</th></tr></thead><tbody><tr><td><code>PERSON</code></td><td>People, including fictional</td></tr><tr><td><code>GPE</code></td><td>Countries, cities, states</td></tr><tr><td><code>NORP</code></td><td>Nationalities, religious or political groups</td></tr><tr><td><code>FAC</code></td><td>Buildings, airports, highways, bridges</td></tr><tr><td><code>ORG</code></td><td>Companies, agencies, institutions</td></tr><tr><td><code>LOC</code></td><td>Non-GPE locations, mountain ranges, bodies of water</td></tr><tr><td><code>PRODUCT</code></td><td>Objects, vehicles, foods (not services)</td></tr><tr><td><code>EVENT</code></td><td>Named hurricanes, battles, wars, sports events</td></tr><tr><td><code>WORK_OF_ART</code></td><td>Titles of books, songs, and other works</td></tr><tr><td><code>LAW</code></td><td>Named documents made into laws</td></tr><tr><td><code>LANGUAGE</code></td><td>Any named language</td></tr><tr><td><code>DATE</code></td><td>Absolute or relative dates and periods</td></tr><tr><td><code>TIME</code></td><td>Times smaller than a day</td></tr><tr><td><code>PERCENT</code></td><td>Percentages</td></tr><tr><td><code>MONEY</code></td><td>Monetary values, including currency</td></tr><tr><td><code>QUANTITY</code></td><td>Measurements such as weight or distance</td></tr><tr><td><code>ORDINAL</code></td><td>First, second, third, and so on</td></tr><tr><td><code>CARDINAL</code></td><td>Numerals that do not fit another type</td></tr></tbody></table>

#### Custom Anonymization Service

If the built-in detector does not cover a category specific to your domain, point Helvia at your own service instead. In the same Privacy settings, enable **Service Configuration**, supply the endpoint **URL**, and add any HTTP headers your service requires for authentication.

{% hint style="info" %}
**When to use a custom service:** industry-specific identifiers (medical record numbers, account numbers, internal case IDs) or jurisdictions where you need detection beyond the standard entity set.
{% endhint %}

#### Full Message Obfuscation

For the highest-sensitivity scenarios, enable **Obfuscate User Input** to replace the entire user message with an obfuscated string before it is stored or sent downstream. Use this when entity-level redaction is not enough and no portion of the original message should be preserved.

<div data-with-frame="true"><figure><img src="/files/qKssKFsy0VcPrSe8wmRB" alt="" width="173"><figcaption></figcaption></figure></div>

{% hint style="danger" %}
With full obfuscation on, the language model only sees `_censored_` in place of the user message and cannot respond to the original content.
{% endhint %}

### Data Retention

Helvia retains conversation transcripts for a configurable window and deletes them automatically when that window expires. Data retention has two levels:

{% tabs %}
{% tab title="Workspace Default" %}
Set under **Workspace > Settings > Configuration** in the **Data Retention** field.

* Range: 1 to 24 months
* Applies to every agent in the Workspace unless overridden
  {% endtab %}

{% tab title="Per-Agent Override" %}
Set under **Designer > Settings > Privacy** in the **Data Retention** field for an agent, and selectable when creating a new agent.

* Range: 1 to 24 months
* Overrides the Workspace default for this agent
* Leave empty to inherit the Workspace value
  {% endtab %}
  {% endtabs %}

When the retention period expires, the data is completely removed from production databases. Archived copies remain in backup storage for up to two years for disaster recovery, unless a shorter window is agreed in your contract.

{% hint style="info" %}
Retention covers stored conversation transcripts (chat sessions). Audit logs, knowledge base content, and Workspace configuration follow separate retention rules.
{% endhint %}

### Where Your Data Lives

All Helvia services and databases operate within the European Union, on managed cloud infrastructure with geographic redundancy for disaster recovery.

<table data-column-title-hidden data-view="cards"><thead><tr><th>Title</th><th>Description</th></tr></thead><tbody><tr><td><h4><i class="fa-earth-europe">:earth-europe:</i></h4><h4>EU-only Hosting</h4></td><td>All processing and storage happens inside European Union data centers</td></tr><tr><td><h4><i class="fa-cloud">:cloud:</i></h4><h4>Cloud-Native</h4></td><td>Hosted on AWS under their ISO 27001 and SOC 2 certified programs</td></tr><tr><td><h4><i class="fa-server">:server:</i></h4><h4>Geographic Redundancy</h4></td><td>Backups and replicas distributed across availability zones for continuity</td></tr></tbody></table>

### Encryption

All customer data is encrypted in transit and at rest. The same encryption applies to backups and to data flowing between Helvia services.

<table><thead><tr><th width="200">State of Data</th><th>Protection</th></tr></thead><tbody><tr><td>In transit</td><td>TLS/SSL across all internet communications, including traffic to LLM providers</td></tr><tr><td>At rest</td><td>AES-256 encryption applied at the storage layer</td></tr><tr><td>Database-level</td><td>Sensitive fields encrypted inside the database so data stays protected even on direct access</td></tr><tr><td>Passwords</td><td>Hashed with modern algorithms; never visible to administrators</td></tr><tr><td>Backups</td><td>Encrypted with the same standards as primary storage and held in secure, segregated locations</td></tr></tbody></table>

### Data Minimization

Helvia collects only what each processing purpose requires and removes data when that purpose ends. These principles apply across the platform, from the data your agents receive to the records kept in Observatory.

<table data-card-size="large" data-column-title-hidden data-view="cards"><thead><tr><th>Title</th><th>Description</th></tr></thead><tbody><tr><td><h4><i class="fa-bullseye">:bullseye:</i></h4><h4>Purpose-Bound Collection</h4></td><td>Each data point is tied to a defined processing purpose and not collected for hypothetical uses</td></tr><tr><td><h4><i class="fa-key">:key:</i></h4><h4>Least-Privilege Access</h4></td><td>Role-based access ensures users see only the data their role requires</td></tr><tr><td><h4><i class="fa-magnifying-glass">:magnifying-glass:</i></h4><h4>Routine Review</h4></td><td>Stored data is reviewed regularly and removed if no longer necessary</td></tr><tr><td><h4><i class="fa-trash-can">:trash-can:</i></h4><h4>Automatic Deletion</h4></td><td>Retention windows enforce removal without relying on manual cleanup</td></tr></tbody></table>

### Data Flows to Third Parties

Conversations sometimes need data to leave the Helvia platform, whether to generate a response with a language model or to update an external system. Every transfer is protected by the same controls applied across the platform.

<details>

<summary><i class="fa-lock">:lock:</i> <strong>Encrypted in transit</strong></summary>

All data leaving the platform travels over TLS-encrypted channels, so it stays protected end-to-end between Helvia and the destination.

</details>

<details>

<summary><i class="fa-user-secret">:user-secret:</i> <strong>Anonymization available before export</strong></summary>

Personal data can be detected and replaced before any of it is sent to a language model or downstream system, using the same anonymization rules configured per agent.

</details>

<details>

<summary><i class="fa-circle-check">:circle-check:</i> <strong>Vetted providers only</strong></summary>

Every third-party provider Helvia integrates with is reviewed against recognized security standards such as ISO 27001 and SOC 2 before being added.

</details>

{% hint style="info" %}
All third-party integrations, LLM providers included, run through your own provider account and credentials. This means two things:&#x20;

* the relationship is governed directly by your contract with that provider, including any data-use and training terms
* the processing region follows the credentials you supply, which can be configured to be inside or outside the EU.
  {% endhint %}

### Best Practices

* **Configure anonymization per agent:** match the rules to the data each agent actually handles, rather than applying one set across every agent
* **Use a custom service for domain identifiers:** the built-in entities are broad; plug in your own service when you need medical IDs, account numbers, or other domain-specific patterns recognized
* **Tune data retention per agent:** adjust the per-agent retention for agents handling more sensitive conversations according to your contractual obligations
* **Audit which provider your LLM calls use:** customer-owned accounts give you direct control over training opt-outs and data-use terms

{% hint style="success" %}
You now know where your data lives, how Helvia anonymizes and retains it, and what reaches third parties at each step of the lifecycle.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.helvia.ai/security/data-privacy-and-handling.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.