Skip to content

GDPR

This document describes how AI Agents handle personal data and what considerations you should make to ensure GDPR compliance.

What Is Done with Personal Data

AI Agents might process personal data by:

  1. Transmitting to LLM - Personal data from Lime CRM objects is sent to Large Language Models (LLMs) for analysis
  2. Processing - The LLM analyzes the data according to your agent's instructions
  3. Returning Results - Structured output is returned to Lime CRM
  4. Logging - Complete requests and responses are logged in your solution's database via Lime CRM's data trails feature

Important: Prompts and responses are not logged or stored outside the Lime CRM database. No CRM data is shared with LLM providers or used for model training.

Why Personal Data Is Needed

Personal data may be needed for AI agents to perform their analysis functions. The specific personal data required depends entirely on how you configure each agent.

Examples where personal data may be necessary:

  • Lead qualification - Analyzing contact names, email addresses, and phone numbers to assess completeness
  • Customer segmentation - Processing customer demographics and purchase history
  • Risk assessment - Evaluating deal-specific information that may include personal identifiers
  • Assignment recommendations - Matching customers to representatives based on territories or specializations

However, many agent use cases do not require personal data at all (e.g., analyzing company information, categorizing organizations, scoring opportunities based on non-personal criteria).

What Personal Data

The personal data sent to AI agents is entirely controlled by your agent configuration. Personal data may be included if:

  1. Input Object Properties - You configure the agent to receive personal data fields from the input object (e.g., name, email, phone number)
  2. Additional Input Data queries - Your supplementary Lime Queries fetch objects containing personal data
  3. Text Fields - Free-text fields (descriptions, comments, notes) may contain personal data that is not automatically filtered

You have full control - You select what data is sent to the agent during configuration. Only the properties you explicitly include are transmitted.

Logging of Personal Data

What Is Logged

AI Agents logs complete LLM requests and responses through Lime CRM's data trails feature. This includes:

  • All input data sent to the LLM (including any personal data from input properties and queries)
  • The complete prompt (system and user prompts)
  • The LLM's response
  • Metadata (timestamps, credit usage, model used)

Where Logs Are Stored

Logs that might include personal data are stored in the Lime CRM database of the application where the agents are executed.

Log Retention Period

Logs are retained for 7 days, after which they are automatically deleted.

Recommendations for GDPR Compliance

Best Practices:

  1. Data Minimization - Only include fields necessary for the agent's specific function
  2. Regular Audits - Review agent configurations to ensure minimal personal data use
  3. User Awareness - Inform users that agents may process personal data from CRM records
  4. Documentation - Maintain records of which agents process personal data and why
  5. Access Control - Restrict agent configuration to administrators who understand GDPR implications
  6. Testing - Use the agent testing feature to review exactly what data is sent to LLMs before deploying agents