Skip to main content
Responsible handling of data is of central importance to VARIOS AI.
Our customers entrust us with information that is often business-critical or particularly sensitive. To live up to this trust, we have integrated data protection into the platform not only as a legal obligation but as a fundamental principle. VARIOS AI supports organizations in consistently protecting sensitive information—regardless of the use case:
  • through optional and complete local hosting within their own infrastructure,
  • through encryption of all user data (at rest and in transit),
  • through integrated DLP features to best protect data even when using public AI models.
At its core, the data protection module of VARIOS AI includes three protection mechanisms:
  • GDPR Protection – detects personal data in chats and documents and anonymizes it automatically or based on user decision.
  • Sensitive File Protection – prevents classified files (e.g., with Microsoft Purview labels) from being passed to models.
  • Enterprise DLP Integration – connects external enterprise DLP systems via an ICAP interface.
Together, these features form a strong foundation to minimize data protection risks and enable the secure use of AI within the enterprise.

1. GDPR Protection

GDPR Protection detects personal data in chats or documents and anonymizes it before it is transmitted to the AI model.

Supported data types (individually toggleable)

TypeDescription
PERSONNames
EMAILEmail addresses in standard formats
PHONEPhone numbers in international and local formats
IBAN_CODEInternational Bank Account Numbers (IBAN)
CREDIT_CARDCredit card numbers (including common checksum methods)
CRYPTOCrypto wallet addresses (e.g., Bitcoin, Ethereum)
IP_ADDRESSAn Internet Protocol (IP) address (either IPv4 or IPv6)
NRPA person’s Nationality, religious or political group
LocationName of politically or geographically defined location

Configuration in VARIOS AI

1

Enable GDPR Protection

In the Model Settings (Admin → Models), GDPR Protection can be enabled per model.
The following options are available:
  • Enabled: All detected data is automatically anonymized (no user prompt).
  • Optional (recommended): The user is warned and decides whether data is anonymized or sent unchanged.
  • Disabled: Content is transmitted without inspection.
Important: The detection of personal data by the DLP module in VARIOS AI serves risk minimization and achieves high detection rates in practice. As with all comparable technologies, however, absolute security cannot be guaranteed. Therefore, we recommend using DLP as part of a holistic data protection and compliance concept.
Important: DLP changes affect the model’s response. Example: Research on a public figure would not be possible with the Enabled setting, as the model would not see the name.
Tip: The Optional setting actively promotes awareness when handling sensitive data through warnings, while still allowing the override of false detections.
2

[Optional] Configure Deny List

In the Admin portal under “Settings → Data Protection → Deny List” you can add your own regular expressions (regex) to detect additional data types.
  • Syntax: PCRE
  • Example: Detection of national identification numbers
3

[Optional] Configure Allow List

In the Admin portal under “Settings → Data Protection → Allow” you can define words that should always be allowed.
This reduces false positives (e.g., a company name that also occurs as a surname).

2. Sensitive File Protection

Sensitive File Protection prevents classified files from being passed to an AI model. The basis is sensitivity labels (classification labels) that are assigned to files or emails by data governance systems such as Microsoft Purview Information Protection or Forcepoint DLP.

What are sensitivity labels?

Sensitivity labels are metadata that describe the protection level or confidentiality of a file. Example (Microsoft Purview standard labels):
  • Public – no restrictions
  • General (Internal) – for internal use only
  • Confidential – confidential, limited sharing
  • Highly Confidential – strictly confidential, strong restrictions

Configuration in VARIOS AI

1

Create labels

In the Admin area under “Settings → Data Protection → File sensitivity labels” add the confidentiality labels to be blocked.
2

Enable Sensitive File Protection

In the Model Settings (Admin → Models), Sensitive File Protection can be enabled. Under “Classifications to block” you can select the labels that must not be sent to the model.
  • Example: Highly Confidential = blocked
Note: Sensitive File Protection works both when directly uploading documents to VARIOS AI and when accessing documents via the Microsoft365 connector.

Process

1

Upload

The user uploads a file to VARIOS AI.
2

Label detection

VARIOS AI reads the sensitivity label from the file metadata.
3

Policy check

The label is compared with the policies stored in the model settings.
4

Decision

Depending on the configuration, the file is allowed or blocked.

3. Enterprise DLP Integration

Enables integration of existing enterprise DLP systems via a standardized ICAP interface (e.g., Forcepoint or Skyhigh DLP).
The external solution evaluates the content and returns a decision:
  • Send (allowed)
  • Discard (blocked)
Note: All actions are recorded in the audit log.
Note: Combining multiple protection mechanisms is possible.