Who is this article for?

Users exploring the capabilities of Mazlan.

Mazlan is required.

When teams hear that AI is being introduced to their compliance system, your teams will have questions. This article addresses the most common ones on data residency, access controls, encryption, and governance so you have what you need.

Frequently asked questions

Does Mazlan send our data outside the organisation?

No. All data stays inside your existing Ideagen environment, within your chosen region — UK, US, or Australia. Nothing is shared externally or sent to public AI tools. The AI models used are hosted within AWS in the same region. Data does not leave that region at any point, including during processing.

Is our data used to train AI models?

No. Your data is never used to train or fine-tune any models. All AI model providers operate under contractual Data Processing Agreements that explicitly prohibit the use of customer data for model training or improvement.

Who can see our data?

Only users with the appropriate permissions within your organisation. Mazlan inherits your existing role-based access controls from the Ideagen platform. If a user cannot see a record manually, Mazlan cannot see it either. A small number of Ideagen staff may access data for support purposes only, under strict controls.

How is the data protected technically?

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Every data access event is logged with a user ID and timestamp. Full audit trail data — including inputs, model reasoning, and outputs — is retained for 30 days. User queries and final responses are retained for 90 days.

Is Mazlan GDPR compliant?

Yes. Mazlan operates within Ideagen's existing Data Processing Agreements. Personal data is handled in line with your regional privacy requirements. Ask your CSM for the Mazlan Security FAQ for detailed assurance documentation.

Will this need additional InfoSec approvals?

In most cases, no. Mazlan does not introduce a new vendor, a new integration, or a new data processor. It runs inside the same secure platform you already use, with the same permissions and protections. This simplifies internal sign-off considerably compared to standalone AI tools.

Can we turn it off?

Yes, at any time, without affecting the core platform. Disabling Mazlan has no impact on your data or your existing Policy Logic workflows.

Built to the international standard

Mazlan is governed under a formal AI governance framework covering content filtering, usage logging, data privacy, transparency, and bias detection. Ideagen operates under ISO 27001 and SOC 2 frameworks, and is working towards ISO 42001 certification — the world's first international standard for AI management systems.

Mazlan never acts autonomously. Every recommendation requires explicit human approval before any action is taken.

Looking for more information on Mazlan security? Visit our dedicated Ideagen Mazlan AI governance guide for more information.