Your data. Your control.

Thinklio is designed to meet the requirements of the General Data Protection Regulation (GDPR), the EU AI Act, and applicable data protection frameworks worldwide. Data minimisation, purpose limitation, and the right to erasure are architectural decisions, not afterthoughts.

Our infrastructure runs in the EU under EU jurisdiction. Data residency, processing, and storage are all subject to European data protection standards by default.

Every user has full control over their personal data within Thinklio. At any time, you can:

• ·Export a complete backup of your personal data, including knowledge facts, conversation history, and preferences.
• ·Delete your personal knowledge facts, document history — including tokenised representations and metadata — and any other personal data stored by the platform.

Deletion is permanent and immediate. Once deleted, personal data cannot be recovered by Thinklio, your organisation, or any other party.

Organisation administrators have full control over their organisation's data. At any time, an administrator can:

• ·Export the entire organisation's data set — knowledge layers, agent configurations, audit trails, and all associated metadata.
• ·Delete individual users or teams and all their associated data.
• ·Delete the entire organisation and all data associated with it.

All data exports are provided in standard, machine-readable formats. Every export includes a companion guide that documents the file structure, data formats, primary and foreign key relationships, and how to interpret each component of the exported data set — so your data is genuinely usable outside the platform, not just technically available.

Your data is yours to take with you — we will never hold it hostage or make it difficult to leave. This is a right under GDPR, and it is how we think every platform should operate regardless of regulation.