Compliance FAQ: Retention, model control & admin functions

This page answers the most common questions we receive from IT, data protection, and compliance teams about innoGPT—in a concise and honest way. If you can’t find what you’re looking for, please contact the innoGPT team

Retention Periods & Storage Locations

What happens to uploaded files, embeddings, monitoring, and security logs after the retention period?

Security and monitoring logs These are not affected by the retention period. However, they do not contain any chat data or user content, but only technical information about the system (errors, performance metrics, security events).

Uploaded files — the important distinction It depends on where the file was uploaded:

⚠️ Important for data protection assessments: Project and wizard uploads are not subject to the retention period. To delete this content, delete the respective project or wizard—the files will be deleted along with them.

Can retention periods be configured by the customer?

For chats and their attachments: yes. For files in projects and assistants: no — their lifecycle is tied to the respective container (project/assistant), not to a time limit.

Time limits can be deleted under Settings - Workspace Settings - General

Model Availability & Region Control

Can models be enabled or disabled per team, department, or workspace?

Yes. Control is managed at the user role level. This allows sensitive workspaces to be easily restricted to EU-only models, while other teams can use the full model catalog, including global providers.

Typical setups:

• Standard workspace: all models enabled

• Sensitive workspace (HR, Legal, Finance): EU-hosted models only

• Research/Pilot Team: explicitly enabled global models such as Sonar

Subprocessor list, SCIM, audit logs & admin reporting

Related articles

• Zero retention policy

• The data flow explained

• Our data protection guarantee