Launch position: This page is designed to reassure early clients. It is not a formal certification or legal opinion.
1. Data protection principles
Orchard Works aims to apply data minimisation, purpose limitation, storage limitation, confidentiality, access control and accountability to its services.
2. Client data in AI systems
For pilots and custom projects, client documents should be separated by client workspace. Access should be restricted to the minimum necessary team members and deleted when no longer needed.
Clients should avoid providing sensitive personal data unless a written agreement and appropriate safeguards are in place.
3. Processors and subprocessors
Depending on the service, Orchard Works may rely on hosting, payment, email, database, storage and AI infrastructure providers. A current subprocessors list can be provided to B2B clients on request.
4. Security baseline
- HTTPS for all public pages;
- client separation for knowledge bases;
- restricted API keys;
- basic logging for audit and support;
- human review for high-impact outputs;
- deletion/export process on request.
5. Data Processing Agreement
For B2B projects where Orchard Works processes personal data on behalf of a client, a Data Processing Agreement should be signed before production use.
6. AI transparency
Where end users interact with AI systems, Orchard Works recommends clear disclosure that the user is interacting with an AI assistant and that critical answers should be verified.
Contact: privacy@orchardworks.co
Last updated: 04/06/2026
