Regulatory compliancy with Rasa and RasaX

When using RasaX, does any of the conversation data reside anywhere apart from the self-hosted server? That is, will it be sending any of the data to RasaX for feedback, analytics, training or any such purpose? Are there any third parties that Rasa or RasaX sends its data to?

This is important to know to assess the compliancy with GDPR, HIPAA, etc.

Hi @sidkgp, by default, Rasa X (but not Rasa Enterprise) tracks some usage anonymously and sends it to Rasa. However this can be disabled; see the Docs

Otherwise, it says completely on the server.