AllHub is an AI-powered platform. This page explains which AI systems we operate, how they work, what data they process, and your rights under GDPR and the EU AI Act.
AllHub operates as a Downstream Provider under Regulation (EU) 2024/1689 (EU AI Act). This means we build AI-powered applications on top of foundation models provided by third parties, and we deploy those applications to online store owners (Deployers) who use them to serve their shoppers (End Users).
AllHub
Downstream Provider
Builds and operates the AI platform and pipeline.
Store Owners
Deployers
Configure and deploy AllHub agents in their stores.
Shoppers
End Users
Interact with the AI agent inside the store.
We operate four AI systems. None are classified as High Risk under the EU AI Act.
agent-sales-v1
Generative AI — Conversational
Conversational AI assistant deployed in online stores. Answers buyer questions, recommends products and guides shoppers to checkout.
Transparency disclosure (Art. 50)
“You are being assisted by an AI agent.”
Known limitations
Not designed for
store-brain-v1
Generative AI — Knowledge Retrieval
Internal knowledge system that synthesizes store data — conversations, catalog gaps and funnel signals — to answer store-owner questions.
Transparency disclosure (Art. 50)
“Internal tool for store owners only. Not visible to shoppers.”
Known limitations
Not designed for
demand-simulator-v1
Predictive AI
Simulates how buyers will react to store changes (price updates, product launches, campaigns) using historical store data and AI reasoning.
Transparency disclosure (Art. 50)
“Simulation output is advisory only. Final decisions are made by the store owner.”
Known limitations
Not designed for
decision-extractor-v1
Generative AI — Analysis
Analyzes buyer conversation turns to extract purchase intent signals and decision patterns. Used to improve the store's AI responses.
Transparency disclosure (Art. 50)
“Conversation analysis is performed on pseudonymised session data only.”
Known limitations
Not designed for
GDPR Art. 35 — Privacy by Design
L0 Shield DLP
All buyer input is scanned for personal data (email, phone, ID numbers, payment data) before reaching the AI. Detected PII is blocked — never processed by the model.
SHA-256 Session Pseudonymisation
Session identifiers are hashed with SHA-256 before storage. The raw session ID is never persisted in any database.
6-Month Data TTL
Conversation audit logs and decision traces are automatically deleted after 6 months. No long-term retention of buyer interaction data.
Tenant Isolation
Each store's data is fully isolated under its own tenant namespace. No cross-tenant data access is possible by design.
Decision Trace Audit Log
Every AI response is logged with the reasoning path (intent matched, layers invoked, confidence score) for full EU AI Act Art. 14 traceability.
Kill Switch per Agent
Each AI agent can be disabled instantly by the store owner or platform administrators without any code deployment.
Fairness · Accountability · Security · Transparency
We assess our AI pipeline monthly against four pillars. Current score: 9.75 / 10 — COMPLIANT
10/10
Fairness
10/10
Accountability
9/10
Security
10/10
Transparency
GDPR Chapter III — Rights of the data subject
To exercise any of these rights, contact us at privacy@allhub.io. We respond within 30 days.
Regulatory basis: EU AI Act (Regulation 2024/1689) · GDPR (Regulation 2016/679) · Deeploy AI Governance Framework v2.0.
AllHub operates in the EU (europe-west1). Data is not transferred outside the European Economic Area.
Last updated: April 2026. Next review: July 2026.