Data Flow and Storage in SIA

What is SIA?

SIA (Simployer Intelligent Assistant) is an AI-powered assistant integrated into Simployer One HRM. SIA helps employees, managers, and HR administrators interact with HR data and company information through natural language. Users can ask questions about their own HR data, request and approve time off, access team insights, explore analytics, and get answers from company handbooks and Simployer Expert – all through a conversational interface.

SIA is available through three delivery channels:

  • Simployer One – the web and mobile interface

  • Microsoft Teams – as a bot in the customer’s Teams environment

  • Slack – as a bot in the customer’s Slack workspace

Regardless of the delivery channel, SIA connects to the same backend infrastructure and applies identical processing logic, security controls, and privacy safeguards. The choice of channel does not change the categories of personal data processed, the sub-processor chain, or Simployer’s role as data processor.

How does data flow in SIA?

When a user interacts with SIA, the following sequence takes place:

  1. The user sends a message through one of the available channels (Simployer One, Microsoft Teams, or Slack).

  2. The user is authenticated and mapped to their Simployer identity. SIA determines the user’s role and permissions within the customer’s Simployer One tenant.

  3. SIA interprets the user’s intent using the AI engine (Microsoft Azure OpenAI Services) and retrieves relevant information from the customer’s tenant data, handbook content, or Simployer Expert knowledge base.

  4. SIA generates a response and returns it to the user through the same channel. If the user requested an action (e.g., a leave request), SIA translates this into the appropriate HRM operation.

  5. The response is displayed in the user’s chosen channel. All AI outputs are assistive and require human review or confirmation for actions that modify data.

All processing in steps 2–4 occurs within Simployer’s infrastructure, hosted exclusively in the EU/EEA.

Where is data stored?

SIA uses two types of storage within Simployer’s infrastructure:

Storage

What is stored

Location

Simployer HRM database

All customer data processed by SIA is stored in the same database as Simployer One HRM. This includes any data SIA reads or writes as part of HRM operations.

Microsoft Azure and GCP, EU/EEA

Vector database (Qdrant)

Vectorised representations of content used for semantic search. Vectorised data is anonymised and does not contain directly identifiable customer data.

EU/EEA

 

Data is not mixed between customers. Each customer’s data is strictly isolated within their own tenant.

Important: Customer data is not used to train or modify the underlying AI models. User feedback (thumbs up or thumbs down) is collected solely by Simployer for statistical purposes to improve the solution.

AI infrastructure

SIA’s AI processing is powered by the following components:

Component

Provider

Purpose

Location

Large Language Model

Microsoft Azure OpenAI Services

Natural language understanding, intent interpretation, response generation

Microsoft Azure, EU/EEA (Microsoft Ireland)

Vector database

Qdrant

Semantic search over vectorised content

EU/EEA

Application APIs

Simployer (internal)

Authentication, data retrieval, HRM operations

Microsoft Azure, GCP, EU/EEA

 

The sub-processor for the AI inference is Microsoft Ireland. See the sub-processors page for the complete list.

What personal data does SIA process?

SIA can access and process the same categories of personal data available in Simployer One HRM, limited by the individual user’s role and permissions. Depending on the customer’s configuration, this may include:

  • Contact information (name, email, phone number)

  • National identification numbers

  • Employment information (position, department, manager, start date)

  • Absence and time management data

  • Financial information (salary data, where applicable)

  • Special categories of personal data (e.g., health-related absence data, where applicable)

SIA does not have broader access than the authenticated user. A user can only retrieve information they are already authorised to see in Simployer One.

Delivery channels

SIA is available through three channels. Each channel has a different responsibility model for the client-side infrastructure, while Simployer’s backend processing remains identical.

Simployer One (web and mobile)

This is the primary delivery channel. The user interacts with SIA directly within the Simployer One interface. All data – including chat history, prompts, and responses – is stored and managed within Simployer’s infrastructure, governed by the Data Processing Agreement between Simployer and the customer.

Microsoft Teams

SIA is available as a bot application in the customer’s Microsoft Teams environment. When a user sends a message to SIA in Teams, the message is routed from the customer’s Teams tenant to Simployer’s backend. The response is returned through the same path.

Scenario: Employee checks vacation balance via Teams

An employee opens the SIA bot in Microsoft Teams and asks: “How many vacation days do I have left?” The message travels from the customer’s Teams tenant to Simployer’s SIA backend. SIA authenticates the user, queries the absence data in their Simployer One tenant, and returns the answer to Teams. The vacation balance data is retrieved from and stored in Simployer’s HRM database. The chat message in Teams is stored in the customer’s Microsoft 365 environment.

Responsibility model: Microsoft Teams is the customer’s own infrastructure, governed by the customer’s agreement with Microsoft. Simployer is not a sub-processor for the Teams environment. Simployer’s processing responsibility begins when the query reaches Simployer’s infrastructure and ends when the response is returned.

Aspect

Responsibility

Teams tenant security

Customer

Bot installation and user access

Customer (controls which users can interact with SIA)

Chat history in Teams

Customer (subject to customer’s M365 retention and compliance policies)

Microsoft DPA

Customer’s own agreement with Microsoft

SIA backend processing

Simployer (data processor under the Simployer DPA)

AI model training

No customer data is used for model training

 

Slack

SIA is available as a bot application in the customer’s Slack workspace. The data flow is similar to the Teams integration: user messages are routed from the customer’s Slack workspace to Simployer’s backend, and responses are returned through the same path.

Scenario: Manager requests a team absence overview via Slack

A manager sends a direct message to the SIA bot in Slack: “Who on my team is on leave next week?” The message is routed from the customer’s Slack workspace through Slack’s infrastructure to Simployer’s SIA backend. SIA authenticates the manager, verifies their permissions, queries the team’s absence data, and returns a summary. The absence data is retrieved from Simployer’s HRM database. The chat message in Slack is stored in the customer’s Slack workspace.

Responsibility model: Slack (operated by Salesforce) is the customer’s own infrastructure, governed by the customer’s agreement with Salesforce/Slack. As with the Teams integration, Simployer is not a sub-processor for the Slack environment. The same responsibility boundary applies: Simployer is responsible for what happens within its own backend infrastructure.

Aspect

Responsibility

Slack workspace security

Customer

Bot installation and user access

Customer (controls which users can interact with SIA)

Chat history in Slack

Customer (subject to customer’s Slack retention policies)

Salesforce/Slack DPA

Customer’s own agreement with Salesforce/Slack

SIA backend processing

Simployer (data processor under the Simployer DPA)

AI model training

No customer data is used for model training

 

Channel comparison

The following table summarises how data is handled across the three delivery channels.

 

Simployer One

Microsoft Teams

Slack

Client infrastructure

Simployer

Customer (Microsoft 365)

Customer (Salesforce/Slack)

Backend processing

Simployer (EU/EEA)

Simployer (EU/EEA)

Simployer (EU/EEA)

AI sub-processor

Microsoft Ireland (Azure OpenAI)

Microsoft Ireland (Azure OpenAI)

Microsoft Ireland (Azure OpenAI)

HRM data storage

Simployer (EU/EEA)

Simployer (EU/EEA)

Simployer (EU/EEA)

Chat history storage

Simployer

Customer’s M365 tenant

Customer’s Slack workspace

Chat retention control

Simployer DPA

Customer’s M365 policies

Customer’s Slack policies

Role-based access

Yes

Yes

Yes

Tenant isolation

Yes

Yes

Yes

Model training on data

No

No

No

 

Security and privacy safeguards

The following safeguards apply to all SIA interactions, regardless of the delivery channel:

  • Role-based access control: SIA enforces the same role and permission model as Simployer One. Users only receive information they are authorised to access.

  • Tenant isolation: Data is strictly isolated between customer tenants. SIA cannot access data belonging to other customers.

  • No model training: Customer data is not used to train, fine-tune, or modify the underlying AI models.

  • EU/EEA processing: All AI processing occurs exclusively within the EU/EEA.

  • Encryption in transit: All communication between the delivery channels and Simployer’s backend is encrypted using TLS/HTTPS.

  • Assistive AI only: SIA does not make autonomous decisions. All outputs are assistive and require human review or confirmation.

  • Audit logging: Interactions with SIA are logged for security and compliance purposes.

Related pages

How can we help?

We’re here for every step of your employee journey. From intuitive software for people management to hands-on learning programs and expert support from our legal team — we've got you covered.

Vector Get HR news straight to your inbox

Stay updated on HR, leadership, and work life. Choose between our Norwegian and Swedish newsletters.
Get HR updates

Vector Need a hand? We’re here to help!

Find FAQs, release notes, and more in our Support Center. We're here for you!
Go to support