I have read some of the posts regarding GDPR but could not find an answer to my specific case. Imagine I create a studio/form/chatbot in Pickaxe where users share information or upload files. Since in the background I may be using certain LLMs (e.g., OpenAI), I would like to know if this processing is still fully covered under Pickaxe.ai GDPR compliance.
I understand that I can delete user information if needed, but to properly adapt to GDPR policy and inform my users correctly, I would appreciate your guidance on:
Whether user data shared in Pickaxe and processed through OpenAI remains under Pickaxe’s GDPR compliance.
What exact information I should communicate to my users regarding data flow, storage, and deletion.
Alongside Pickaxe’s GDPR compliance, please review the model provider’s terms, since using those models on Pickaxe means you agree to their policies. For a quick overview of provider commitments, see section 17 “Model Training” in our Terms of service | Pickaxe .
I will share additional resources to help you better understand our compliance.
For UK users to be able to share data with a US based organisation, they need to be registered on the UK Extension to the EU-U.S. Data Privacy Framework (as far as I can tell).
Is there a list, please, of Pickaxe’s processors/subprocessors so we can check that they are ‘safe’ under UK GDPR?