Executive Summary
The Spacewell AI Assistant brings natural language capabilities to Spacewell products, enabling users to find information, complete tasks, and interact with workplace and facility data more efficiently.
Because the assistant processes customer data, security, privacy, and compliance are fundamental design principles. The AI Assistant has been built according to the same enterprise-grade standards that govern all Spacewell cloud services.
Key Facts
| Topic | Summary |
|---|---|
| Data residency | All AI processing takes place within the European Union |
| AI providers | Google Vertex AI with enterprise-grade models from Google and Anthropic |
| Model training | Customer data is never used to train or fine-tune AI models |
| Access control | The AI Assistant fully inherits Spacewell's existing permissions and RBAC model |
| Data isolation | Customer environments remain fully isolated |
| GDPR | Processing is covered by Spacewell's GDPR framework and Data Processing Agreement |
| Retention | Operational logs follow Spacewell's standard retention policies (currently 24 months) |
| Additional licensing | No separate AI consumption charges for customers |
| Fine-tuning required | No customer-specific training or fine-tuning required |
| Customer-managed AI infrastructure | Not required |
| Autonomous decision making | Not supported, users remain in control |
AI Models & Architecture
Which AI models power the Spacewell AI Assistant?
The Spacewell AI Assistant uses enterprise-grade Large Language Models (LLMs) accessed through Google Vertex AI.
Depending on the use case and product capability, Spacewell may utilize models from Google and Anthropic.
The underlying model providers may evolve over time as AI technology advances. Regardless of the model used, the same privacy, security, and compliance commitments described in this article remain applicable.
How does the AI Assistant generate responses?
Unlike public AI tools that rely heavily on general internet knowledge, the Spacewell AI Assistant is designed to operate on customer-specific business data.
When a user submits a request:
- The assistant interprets the user's question.
- Relevant information is retrieved from the user's authorized Spacewell environment.
- The AI model generates a response based on that information.
- The answer is returned to the user.
The assistant is designed to be grounded in customer data rather than generating responses from external sources.
Data Processing & Data Residency
What data can the AI Assistant access?
The AI Assistant can only access information that the current user is already authorized to access within Spacewell.
Depending on the product, this may include:
- Reservations
- Occupancy information
- Locations, buildings and floors
- Spaces and resources
- Contact groups
- Asset information
- Maintenance information
- Other product-specific data available to the user
The assistant never receives broader access than the user already has.
What data cannot be accessed?
The AI Assistant cannot access:
- Data hidden by role or permission settings
- Information outside the user's scope
- Data protected by tenant-level restrictions
- Information that has been anonymized according to customer policies
If a user cannot access information through the standard application, they cannot access it through the AI Assistant.
Where is the AI Assistant hosted?
The AI Assistant operates entirely within the European Union on Google Cloud infrastructure.
All AI-related processing remains within EU-hosted environments.
No customer data is transferred outside the European Union for AI processing.
Is customer data stored by the AI Assistant?
The AI Assistant processes information required to answer a user's request but does not create a separate customer database.
Conversation content is not retained as a knowledge source for future responses.
Operational logs are maintained for security, support, audit, and service improvement purposes in accordance with Spacewell's standard retention policies.
How long is data retained?
Operational logs are currently retained for up to 24 months.
Customers may request deletion of AI-related operational data through their Spacewell Customer Success representative, subject to contractual and legal obligations.
Privacy & Model Training
Is customer data used to train AI models?
No.
Customer data is never used to train, fine-tune, or improve any AI model.
This includes:
- Prompts submitted by users
- Conversation content
- Reservation data
- Asset data
- Maintenance data
- Occupancy data
- Metadata processed during AI interactions
This restriction is contractually enforced with Spacewell's AI infrastructure and model providers.
Is customer data shared with other customers?
No.
Customer environments remain fully isolated.
There is:
- No cross-customer data sharing
- No shared knowledge base between customers
- No shared AI training
- No shared search index
Data from one customer environment is never exposed to another customer environment.
Does the AI Assistant build user profiles?
No.
The AI Assistant does not create behavioral profiles, track users across sessions, infer personal characteristics, or build long-term preference models.
Each interaction is processed independently and only uses information required to fulfill the immediate request.
Security & Access Control
How is access controlled?
The AI Assistant inherits Spacewell's existing security model in its entirety.
The same permissions, roles, and restrictions that apply within the standard application also apply within AI interactions.
There is no separate AI-specific privilege model.
Does the AI Assistant support Role-Based Access Control (RBAC)?
Yes.
The assistant fully respects all existing RBAC rules.
Examples include:
- A user who cannot see a colleague's reservations cannot retrieve them through the assistant.
- Building-level restrictions remain enforced during AI interactions.
- Anonymized records remain anonymized.
- Asset visibility restrictions continue to apply.
Can the AI Assistant bypass permissions?
No.
There is no privilege escalation path through the AI interface.
Users cannot access information through the AI Assistant that would otherwise be unavailable to them through the standard application.
Can administrators control AI access?
Yes.
Organizations maintain full control over AI functionality.
Administrators can:
- Enable or disable AI functionality
- Restrict access to specific user groups
- Govern AI availability through existing user management controls
Enterprise AI Governance & Risk Management
Many enterprise customers conduct formal AI risk assessments before enabling AI functionality. The following questions address common requirements from security, compliance, architecture, procurement, and governance teams.
Does the AI Assistant require customer-specific model training or fine-tuning?
No.
The Spacewell AI Assistant is delivered as a standard SaaS capability and does not require customer-specific model training, fine-tuning, or model customization.
Customer data is never used to train or improve the underlying AI models.
Does the AI Assistant require a customer-managed Retrieval-Augmented Generation (RAG) platform?
No.
Customers do not need to deploy, configure, or manage vector databases, retrieval systems, machine learning infrastructure, or AI platforms.
The AI Assistant is delivered as a fully managed cloud service operated by Spacewell.
Does the AI Assistant require customer-specific data preparation or preprocessing?
No.
The AI Assistant operates directly on the data already available within the customer's Spacewell environment.
Customers are not required to create separate AI datasets, perform data labeling, transform information, or maintain dedicated AI data pipelines.
Can customers modify system prompts or AI instructions?
No.
Core system prompts, safety controls, governance policies, and operational instructions are managed by Spacewell and are not configurable by end users.
Customer administrators retain full control over application configuration, user permissions, and access management, but cannot modify the underlying AI governance framework.
Does the AI Assistant have access to enterprise data beyond what is available in Spacewell?
No.
The AI Assistant only accesses information that is already available to the user through the Spacewell application.
It does not automatically connect to other enterprise systems, cloud platforms, databases, file shares, email systems, collaboration tools, or external knowledge repositories unless explicitly provided as part of a supported Spacewell integration.
Does the AI Assistant have privileged access to customer data?
No.
The AI Assistant inherits the permissions of the user who initiates the interaction.
There is no separate AI access path, privileged service account, or bypass mechanism that grants broader access to information.
Can the AI Assistant make decisions on behalf of users?
No.
The AI Assistant is designed as a decision-support tool.
Users remain responsible for reviewing information, validating recommendations, and confirming actions before they are executed.
The assistant does not independently approve transactions, enforce policies, override workflows, or make autonomous business decisions.
Can AI-generated output be accessed by other customers?
No.
Customer environments are fully isolated.
There is no cross-customer sharing of prompts, conversations, responses, business data, or AI-generated content.
Is customer data protected from being used to train other customers' AI models?
Yes.
Customer data, prompts, conversations, and generated outputs are never used to train, fine-tune, or improve models for other customers.
This protection is enforced through Spacewell's architecture, operational controls, and contractual agreements with its AI providers.
How transparent is the AI Assistant's decision-making process?
The AI Assistant generates responses based on information retrieved from the customer's authorized Spacewell environment.
Responses are grounded in structured business data rather than external internet sources, enabling users to understand the business context behind the information returned.
Does the AI Assistant introduce additional information security risks compared to the standard application?
No.
The AI Assistant operates within the same security boundaries, permissions model, hosting environment, compliance framework, and governance controls as the underlying Spacewell application.
It does not introduce a separate data repository, separate identity store, or alternative access mechanism.
Can the AI Assistant be enabled or disabled at customer level?
Yes.
Organizations retain full control over the availability of AI functionality.
Administrators can enable or disable the AI Assistant at tenant level and restrict access to specific user groups in accordance with internal governance and security policies.
Hallucination & Quality Controls
How does Spacewell reduce hallucinations?
Spacewell applies multiple safeguards to minimize the risk of inaccurate responses.
Grounded Responses
The assistant retrieves information directly from structured customer data rather than relying on open-ended internet knowledge.
Limited Scope
The assistant operates within clearly defined business domains and product capabilities.
Graceful Refusal
When relevant information cannot be found, the assistant is designed to indicate this rather than generate speculative content.
System-Level Guardrails
The assistant is instructed to operate only within its intended functional boundaries.
Continuous Validation
Automated testing and evaluation processes are used to monitor response quality across releases and identify regressions before deployment.
Can hallucinations still occur?
As with any system based on Large Language Models, responses are probabilistic and should be reviewed before action is taken.
However, because the assistant operates on structured business data within a constrained domain, hallucination risk is significantly lower than with general-purpose AI tools.
GDPR & Compliance
The AI Assistant is designed and operated in alignment with the principles of the European General Data Protection Regulation (GDPR).
| Requirement | How it is addressed |
|---|---|
| Lawful basis | Processing occurs under the existing controller-processor relationship governed by the signed DPA |
| Data minimization | Only information required to fulfill a user's request is retrieved and processed |
| Storage limitation | Operational logs follow defined retention policies |
| Data subject rights | Requests are managed through Spacewell's standard GDPR processes |
| EU data residency | Processing and storage remain within the European Union |
| Subprocessor management | Subprocessors operate under contractual safeguards, including EU Standard Contractual Clauses where applicable |
| Audit rights | Available under the terms of the Data Processing Agreement |
| Breach notification | Managed in accordance with GDPR Articles 33 and 34 |
Is a Data Processing Agreement available?
Yes.
Spacewell provides a Data Processing Agreement (DPA) based on EU Standard Contractual Clauses (SCCs).
Customers requiring compliance documentation may contact their Spacewell representative or Customer Success Manager.
Frequently Asked Questions
Does the AI Assistant use internet searches?
No. The assistant operates on information available within the customer's Spacewell environment and does not retrieve information from public internet sources when responding to customer data questions.
Does Spacewell monitor conversations?
Spacewell does not use customer conversations to train AI models.
Operational logging may be used for security, support, troubleshooting, and service improvement purposes in accordance with applicable contractual and privacy obligations.
Is the AI Assistant included in my subscription?
Unless otherwise specified in your subscription agreement, AI functionality is not included within the applicable Spacewell product subscription without separate consumption-based charges.
Will the AI Assistant become available in additional Spacewell products?
Yes.
Spacewell is gradually introducing AI capabilities across its product portfolio. While functionality may differ between products, the same privacy, security, compliance, and governance principles apply consistently across all Spacewell AI services.
Does the AI Assistant connect to internet sources or public websites?
No.
The AI Assistant is designed to operate on information available within the customer's authorized Spacewell environment. It does not perform open internet searches when responding to customer data requests.
Enterprise Security Reviews
Spacewell regularly supports customer security assessments, vendor risk reviews, privacy impact assessments (PIAs), AI governance reviews, and procurement processes.
Additional documentation, including Data Processing Agreements and compliance-related materials, can be provided through your Spacewell representative upon request.