Your Data Management

A didactic overview of how ATG protects your organization’s data: minimal retention, EU-first processing, and controlled external AI usage.

2 min read

Why your data protection matters

Your organization’s data is critical. It can include confidential documents, customer information, internal knowledge, and sensitive business context.

ATG is designed to prevent this data from being exposed to unauthorized third parties, foreign jurisdictions, or uncontrolled “shadow AI” usage.

Key risks, and how ATG addresses them

Loading diagram…

1) Public AI training & shadow AI leakage

Many public AI systems can use consumer usage to improve models. Put simply: if an employee pastes confidential information into a public chatbot, it may end up contributing to a future model version, with no reliable traceability.

Our guarantee: ATG only uses AI providers through APIs that contractually guarantee they do not train models on your data.

2) Minimal retention by design

We follow a minimal retention approach: ATG keeps only what is necessary to operate the service.

  • We avoid storing raw files when they are not needed.
  • We do not store your data with third-party “hosted data” features (some AI providers offer this, we deliberately do not use it).

3) EU-only policy means no US transfers

If your AI policy is set to EU-only, ATG does not transfer anything to US providers.

Learn more: AI Policy

Data transit: two distinct phases

ATG handles data in two separate phases:

  1. Document preparation (turning documents into an internal knowledge base)
  2. User answers (answering questions using internal retrieval + controlled LLM calls)

The AI policy has the biggest impact in phase 2 (LLM providers used for generation).

Phase 1 — Document preparation (ingestion & RAG prep)

ATG performs a full RAG preparation pipeline: text and images are extracted, processed, split into chunks, vectorized, and indexed.

Learn more: How is my company’s data processed? What is RAG?

Loading diagram…

What may be sent to external services in phase 1

Some calls to external AI services can happen during preparation, strictly controlled by the backend:

  • Image understanding: European providers only
  • Vectorization: European providers only
  • Full-document OCR: the only time a whole document can be sent to a third party is for conversion to text, via Mistral OCR

What is stored after preparation

After preparation, ATG primarily stores:

  • the extracted text, split into chunks
  • vectors (embeddings) for search
  • selected images when they are kept

ATG does not keep original files unless it is necessary:

  • Uploaded files can be kept only if an admin explicitly wants end users to be able to download them later
  • If documents come from an external drive/connector, ATG does not keep raw files (it is not needed)

Phase 2 — Answering users (chat & search)

ATG never sends your organization’s documents to LLM providers.

The information retrieval happens internally (on OVHCloud ATG servers). What is sent to an AI provider is:

  • the user query
  • the small set of relevant snippets (chunks) selected by ATG as useful context
Loading diagram…

Where AI policy matters

The AI policy determines which external providers can be used in phase 2:

  • EU-only: European providers only
  • Worldwide: EU providers plus selected worldwide providers

See: AI providers management