Question 1

Where is my data hosted and processed?

Accepted Answer

Donna hosts its cloud environment in Microsoft Azure. Your data is hosted and processed in secure Azure regions across the United States, Australia, and Europe. For enterprise customers with data localisation requirements, we offer processing in custom regions.

Question 2

How does Donna define customer data?

Accepted Answer

Donna defines "customer data" as documents uploaded into Donna by your firm or your clients. This does not include queries or AI responses. We define "customer content" as the queries submitted to Donna's AI and the responses it returns. AI responses may be derived from uploaded documents, but the raw documents themselves are treated separately. While these are distinct terms in Donna's agreements, we typically discuss customer data and content together when talking about your privacy rights.

Question 3

How does Donna keep my data private and secure?

Accepted Answer

Donna encrypts all data at rest and in transit, enforces strict access controls, and never trains on your data. Your documents are accessible only to the users you authorise, and every access event is logged.

Question 4

How do you respect access controls for client data?

Accepted Answer

Donna enforces access controls at the Space level. Each Space is scoped to a single matter, and only the users you invite can see what is inside it. Firm members and client members have distinct roles, with permissions set by the firm. Data in one Space is never visible to users of another. You decide what gets uploaded, how long it is retained, and who has access to it.

Question 5

How does Donna handle AI transparency?

Accepted Answer

Every AI output in Donna can be traced back to the source data that produced it. You can always review the reasoning, examine the sources, and verify conclusions.

Question 6

What happens to our data when we stop using Donna?

Accepted Answer

Once your contract ends, you'll have the opportunity to export your data. After the export window, all data and associated storage is permanently deleted.

Question 7

Does Donna train AI on my data?

Accepted Answer

Donna will never use your data to train or fine-tune any AI models. We also contractually prohibit our model providers from training on customer data.

Security is not a feature.It's the architecture.

Data sovereignty

No model training

Full data ownership

Security

Encrypted in transit and at rest

Isolated agent runtime

Zero-trust architecture

Customer-controlled access

Enterprise-grade protection

Dedicated security expertise

Enterprise security controls

Enforceable commitments

Compliance

Frequently asked questions

Serious about security?