Assurance

GDPR, Data Protection and AI Assurance

Page date: June 9, 2026

Cian AI Ltd is building AI software, workflow automation and digital services for organisations that need safe, auditable and human-reviewed use of AI.

This page explains how Cian approaches data protection, GDPR readiness, customer data, AI processing, sub-processors, security controls and public-sector pilot deployments.

The aim is to give customers, pilot partners and procurement teams confidence that Cian is designed with privacy, security, auditability and accountability in mind.

Our data protection position

Cian AI Ltd is registered with the Information Commissioner's Office as a data protection fee payer.

Cian is not currently required to appoint a statutory Data Protection Officer. Data protection responsibility sits with the company director.

Data protection contact
Euros Evans
Director, Cian AI Ltd
Email: sion@outlook.com

Our typical role under UK GDPR

For most customer pilots and deployments:

  • the customer will usually be the Data Controller;
  • Cian AI Ltd will usually act as the Data Processor;
  • Cian will process personal data only to provide, support, secure and improve the agreed service;
  • Cian will process customer data in accordance with the customer's documented instructions and agreed contract terms.

The customer will usually decide:

  • the purpose of the processing;
  • the lawful basis;
  • which users can access the service;
  • what categories of data may be processed;
  • the required retention period;
  • whether a Data Protection Impact Assessment is required.

Cian may act as an independent Data Controller for its own business administration, including enquiries, supplier registration, billing, procurement correspondence and account management.

What Cian is designed to support

Cian is being developed to support organisations with AI-enabled workflows such as:

  • human-reviewed AI drafting;
  • bilingual Welsh/English workflows;
  • knowledge-base assistants;
  • workflow automation;
  • citizen or customer query handling;
  • translation workflow support;
  • review and approval processes;
  • audit trails;
  • internal productivity support;
  • public-sector service improvement.

Cian is intended to support people, not remove appropriate human judgement.

Where decisions, risk, safeguarding, equality, Welsh-language quality, legal obligations or public accountability matter, Cian is designed around human-in-the-loop review.

Welsh and English public-service workflows

Cian has a particular focus on bilingual Welsh/English public-service workflows.

Where relevant, Cian can support customers' Welsh-language duties by helping organisations manage, review and record Welsh and English content consistently.

Cian can be configured to record:

  • the original query or request;
  • the Welsh draft response;
  • the English translation;
  • reviewer edits;
  • who reviewed the content;
  • who authorised the content;
  • when the review or authorisation happened.

This supports auditability, consistency and the principle that Welsh should be treated no less favourably than English.

AI processing and customer data

Cian uses AI to assist with tasks such as:

  • drafting;
  • summarising;
  • classifying;
  • translating;
  • organising information;
  • suggesting responses;
  • supporting workflow automation;
  • improving access to internal knowledge.

Cian's approach is based on controlled use of AI with appropriate human oversight.

Cian does not use customer data to train generalised public AI models unless this has been expressly agreed with the customer in writing.

For public-sector pilots, Cian recommends clear agreement before launch on:

  • what data may be entered into Cian;
  • whether personal data is required;
  • whether special category data is excluded;
  • who can access the system;
  • what AI providers or sub-processors are involved;
  • how long data is retained;
  • how outputs are reviewed before use.

Data Cian may process

Depending on the pilot or deployment, Cian may process:

  • user account details;
  • organisation and workspace information;
  • citizen or customer queries;
  • inbound and outbound messages;
  • Welsh draft responses;
  • English translations;
  • reviewer edits;
  • approval and authorisation records;
  • knowledge-base content;
  • workflow metadata;
  • technical logs;
  • security records.

Cian should not be used for highly sensitive, special category, safeguarding, clinical or criminal offence data unless this has been expressly agreed, risk assessed and documented with the customer.

Human-in-the-loop controls

Cian is designed to support human oversight.

Depending on configuration, this may include:

  • AI-assisted draft generation;
  • reviewer queues;
  • Welsh-language review;
  • English translation review;
  • edit history;
  • named reviewers;
  • named approvers;
  • timestamped approval;
  • approved response records;
  • audit logs.

Cian should not be configured to make final decisions about citizens, service users or customers without appropriate human review, governance and customer approval.

Auditability

A key reason for using Cian instead of uncontrolled generic AI tools is auditability.

Cian can support workflows that show:

  • what information was submitted;
  • what AI-assisted draft was generated;
  • what Welsh or English response was produced;
  • what edits were made;
  • who reviewed the response;
  • who approved or authorised the response;
  • when the action took place.

This helps organisations understand how AI-assisted outputs were created, reviewed and approved.

Email archive integrity and verification

Cian is designed to support auditable customer communications. When an approved reply is sent, Cian records the outbound email after the email provider accepts the send. Cian can then create a verified thread archive containing the relevant thread, message, draft, approval and participant records.

The archive is converted into canonical JSON and hashed using SHA-256. This creates a tamper-evident archive hash that can be used later to check whether the downloaded archive matches the version stored by Cian at the time of archiving.

The archived record may include:

  • inbound and outbound message details;
  • sender and recipient information;
  • subject and message content;
  • Welsh body sent;
  • English review translation;
  • approver email;
  • approval timestamp;
  • provider message ID;
  • thread and company details;
  • message counts;
  • archive timestamp;
  • SHA-256 archive hash.

A matching hash helps demonstrate that the archived thread record has not changed since it was stored. This supports auditability, accountability and later verification of the stored record.

The archive hash verifies the integrity of Cian's stored thread archive. It does not, by itself, prove that the recipient opened the email, that final inbox delivery occurred, or that a raw provider-signed SMTP/MIME message has been preserved. Delivery and provider events are tracked separately where available.

Cyber Essentials certificate

Cian has achieved Cyber Essentials certification.

Certificate registry

The certificate widget below is provided by the BlockMark registry and displays the current certificate record.

Retention and deletion

Retention periods should be agreed with each customer before a pilot or deployment begins.

Cian supports short, proportionate retention by default unless the customer requires longer retention for audit, service improvement, legal or operational reasons.

Suggested pilot defaults may include:

Data category Suggested pilot retention
User account data Duration of pilot plus up to 90 days
Organisation/workspace data Duration of pilot plus up to 90 days
Citizen or customer queries Duration agreed with customer; default up to 90 days after pilot end
Welsh draft responses Duration agreed with customer; default up to 90 days after pilot end
English translations Duration agreed with customer; default up to 90 days after pilot end
Reviewer edits Duration agreed with customer; default up to 90 days after pilot end
Approval and authorisation records Duration agreed with customer; default up to 12 months if required for audit
Technical logs Normally up to 90 days unless needed for security or debugging
Security logs Normally up to 12 months where required for audit or security review
Billing and contract records Up to 6 years where required for accounting, tax or legal reasons

At the end of a pilot or contract, Cian will delete or return customer data in accordance with the agreed contract terms and the customer's documented instructions.

Data Protection Impact Assessment support

Some Cian deployments may require the customer to complete a Data Protection Impact Assessment.

Where a customer determines that a DPIA is required, Cian can provide information to support that assessment, including:

  • description of the AI-assisted workflow;
  • data categories processed;
  • user roles and access controls;
  • human review and approval steps;
  • sub-processors used;
  • hosting and infrastructure overview;
  • security controls;
  • retention and deletion approach;
  • auditability features;
  • data subject rights support;
  • breach notification process;
  • risks and mitigations.

Cian does not replace the customer's own DPIA obligations, but can help customers assess and document how the service will be used.

Data subject rights

Where Cian acts as a Data Processor, the customer is usually responsible for responding to data subject rights requests.

Cian will provide reasonable assistance to the customer where required, including support with:

  • locating relevant records;
  • exporting data;
  • correcting records;
  • deleting records where instructed;
  • explaining audit records;
  • supporting investigation of an objection, complaint or access request.

Personal data breaches

If Cian becomes aware of a suspected personal data breach affecting customer data, Cian will notify the customer without undue delay.

Cian will provide reasonable information to help the customer assess the incident, including:

  • nature of the incident;
  • data potentially affected;
  • systems involved;
  • likely impact;
  • mitigation steps taken;
  • recommended next actions.

Where the customer is the Data Controller, the customer is responsible for determining whether notification to the ICO or affected individuals is required, unless otherwise agreed.

Early pilot safeguards

For early pilots, Cian recommends:

  • using test or representative data where possible;
  • avoiding special category data unless expressly agreed;
  • avoiding safeguarding, clinical or high-risk legal decision-making data;
  • using a small group of named users;
  • enabling human review before any citizen-facing response;
  • agreeing clear retention periods;
  • agreeing success criteria before scaling;
  • reviewing AI outputs before operational use.

GDPR support documents

Cian can provide or agree the following documents for customer pilots and deployments:

  • Privacy Policy;
  • Terms of Service;
  • Data Processing Agreement or processor terms;
  • sub-processor list;
  • retention policy;
  • DPIA support note;
  • security controls summary;
  • AI data handling statement;
  • data subject rights support process;
  • breach notification process;
  • pilot data processing summary.

Contact

For data protection, GDPR, information governance or security questions, contact:

Cian AI Ltd
Email: sion@outlook.com