Contents
1. Executive summary
DPO Agent is an AI-powered legal advisory service for data protection officers and compliance professionals. The service is built on Microsoft Azure infrastructure in Sweden Central (EU) and is designed from the ground up to minimise the processing of personal data.
Key security posture: DPO Agent stores no conversation data. Every query is processed in memory and discarded immediately after the response is generated. Authentication is handled exclusively by Microsoft Entra ID — DPO Agent never handles or stores passwords or identity credentials.
The service is designed to meet the requirements of GDPR Article 25 (data protection by design and by default), Article 32 (security of processing), and Article 28 (processor obligations). A full Data Processing Agreement is available at dpoagent.dk/dpa.
2. Architecture overview
| Component | Technology | Location | Purpose |
|---|---|---|---|
| Web application | Azure Functions (Node.js) | Sweden Central | Serves HTML, handles chat API requests, routes traffic |
| AI model | Azure OpenAI GPT-4o | Sweden Central | Generates legal guidance responses |
| Knowledge base | Azure AI Search | Sweden Central | Semantic search over legislation, guidelines, and decisions |
| Document storage | Azure Blob Storage | Sweden Central | Stores knowledge base source documents (public legislation only) |
| Authentication | Microsoft Entra ID | Microsoft global | SSO authentication and access control |
| Email delivery | SendGrid (Twilio) | USA (SCCs) | Transactional email for contact form confirmations only |
All primary processing components are deployed in Sweden Central — within the European Union. No conversation data leaves the EU at any point.
3. Data flow and processing
Query processing flow
When a user submits a query, the following sequence occurs entirely in memory:
- User authenticates via Microsoft Entra ID SSO.
- Query is transmitted over HTTPS to the Azure Function App.
- Azure AI Search performs a semantic search over the knowledge base and returns relevant document excerpts.
- The query and retrieved context are sent to Azure OpenAI GPT-4o for response generation.
- The response is returned to the user's browser over HTTPS.
- All in-memory data is discarded. Nothing is written to storage.
Visual data flow
Data retained by the service
| Data type | Retained? | Location | Retention period |
|---|---|---|---|
| Conversation content | No | — | — |
| Query text | No | — | — |
| Authentication tokens | Session only | Browser | Until tab is closed |
| Technical telemetry | Yes | Azure Monitor | 30 days (response times, error codes — no content) |
| Contact form data | Yes | Email only | Per email retention policy |
| Knowledge base documents | Yes | Azure Blob Storage | Indefinite (public legislation only) |
4. Security controls
TLS 1.2+ everywhere
All traffic between clients and the service is encrypted. HTTP is redirected to HTTPS. No unencrypted communication is possible.
SSO via Entra ID
All authentication is delegated to Microsoft Entra ID. DPO Agent never handles passwords or stores identity credentials.
No conversation storage
Azure OpenAI Stored Completions is explicitly disabled. Queries and responses are never written to disk or logs.
Managed Identity
Service-to-service authentication uses Azure Managed Identity. No credentials are stored in code or configuration files.
Secrets management
All API keys are stored as encrypted Azure environment variables. No secrets appear in source code or configuration files.
EU data residency
All primary processing takes place in Microsoft Azure Sweden Central. No personal data leaves the European Union.
5. Privacy by design principles
Data minimisation (GDPR art. 5(1)(c))
DPO Agent processes only the data strictly necessary for the service to function. Conversation history exists solely in the browser's memory during the active session. When the user closes the tab, all conversation data is permanently deleted from the client side.
Purpose limitation (GDPR art. 5(1)(b))
Each query is processed for the sole purpose of generating a legal guidance response. The system has no mechanism for secondary processing. Microsoft Azure OpenAI contractually guarantees that customer data is not used to train or improve Microsoft's models.
Storage limitation (GDPR art. 5(1)(e))
No conversation data is retained beyond the immediate processing required to generate a response. The Azure OpenAI Stored Completions feature is explicitly disabled, ensuring prompts and responses are not retained by Microsoft beyond in-memory processing.
Integrity and confidentiality (GDPR art. 5(1)(f))
All data in transit is encrypted via TLS 1.2+. Authentication is handled by Microsoft's enterprise identity platform. Infrastructure-to-infrastructure communication uses Managed Identity — no shared secrets.
Accountability (GDPR art. 5(2))
DPO Agent maintains documentation of all technical and organisational measures. A Data Processing Agreement is available at dpoagent.dk/dpa. Sub-processor agreements are in place with Microsoft and Twilio/SendGrid.
6. AI model security
Model deployment
DPO Agent uses Azure OpenAI Service with GPT-4o deployed in Sweden Central. The model is accessed via a private Azure resource endpoint. No public OpenAI API endpoints are used.
No training on customer data
Microsoft's Azure OpenAI terms of service explicitly prohibit the use of customer prompts and completions for model training. This is enforced contractually and technically — Stored Completions is disabled at the deployment level.
Knowledge base architecture (RAG)
DPO Agent uses Retrieval Augmented Generation (RAG). Before each response, Azure AI Search performs a semantic search over a curated knowledge base of public legislation, guidelines, and enforcement decisions. The model is instructed to answer only from this retrieved context — not from general training knowledge.
The knowledge base contains only publicly available legal documents — legislation, regulatory guidelines, and published enforcement decisions. No personal data is stored in the knowledge base.
Output controls
Every response includes a mandatory disclaimer clarifying that the guidance is not legal advice. The system prompt instructs the model never to use general training knowledge and to explicitly state when information cannot be found in the knowledge base.
7. Regulatory compliance
| Framework | Relevant requirements | DPO Agent implementation |
|---|---|---|
| GDPR | Art. 25 (privacy by design), Art. 28 (processor), Art. 32 (security) | Privacy by design architecture, DPA available, security controls documented |
| Databeskyttelsesloven | Danish implementation of GDPR | Governed by Danish law. DPA references LBK nr. 289 af 15/03/2024 |
| EU AI Act | Risk classification, transparency obligations | DPO Agent is a general-purpose AI tool used for legal guidance — assessed as limited risk. Disclaimer included in all responses. |
| NIS2 Directive | Cybersecurity measures for digital service providers | Infrastructure hosted on Microsoft Azure, which maintains NIS2-compliant security controls |
| ISO 27001 | Information security management | Microsoft Azure is ISO 27001 certified. DPO Agent aligns with Azure's security baseline. |
8. Sub-processors and third parties
| Sub-processor | Purpose | Location | Legal basis for transfer |
|---|---|---|---|
| Microsoft Azure | Cloud infrastructure, AI model, authentication, storage, search | Sweden Central (EU) | EU territory — no transfer |
| SendGrid (Twilio Inc.) | Transactional email for contact form confirmations | USA | EU Standard Contractual Clauses (2021/914) |
DPO Agent will notify customers of any changes to sub-processors with a minimum of 30 days' notice, in accordance with GDPR Article 28(2).
9. Incident response
Detection
DPO Agent relies on Microsoft Azure's built-in security monitoring, including Microsoft Defender for Cloud and Azure Monitor, for detection of security incidents affecting the infrastructure layer.
Notification
In the event of a personal data breach affecting customer data processed under the DPA, DPO Agent will notify affected customers within 48 hours of becoming aware of the breach, in accordance with GDPR Article 33.
Notifications will be sent to the registered contact email address. Customers are responsible for notifying their relevant supervisory authority within 72 hours of receiving notification from DPO Agent.
Scope limitation
Because DPO Agent stores no conversation data, the impact of any potential breach is significantly limited. The primary data at risk would be authentication data managed by Microsoft Entra ID and contact form submissions.