In an era where data is the new oil, ensuring its security is not just a regulatory requirement but a fundamental responsibility. At 913.ai, we recognize that trust is built on transparency and robust security measures. As a leading AI startup specializing in agentic automation, we are committed to providing our clients with services that are not only innovative but also secure. This article delves into how we handle data security, our use of Azures and Googles services, and our compliance with international standards like GDPR and ISO 27001.

Our Commitment to Data Security

Data security is at the core of our operations at 913.ai. We understand that our clients entrust us with sensitive information, and we take this responsibility seriously. Our commitment is reflected in our ongoing efforts to achieve ISO 27001 certification, an internationally recognized standard for information security management. Moreover, we are proud to say that we are already GDPR compliant, ensuring that all data processing activities adhere to the strict regulations set forth by the European Union.

Leveraging Azures and Google Enterprise Services Securely

To deliver AI solutions, we utilize Microsoft’s Azure and GCP Enterprise Solutions. These providers operate their services within its secure enterprise environment within the EU, and they do not interact with any services operated by OpenAI, such as ChatGPT or the OpenAI API.This separation ensures that your data remains within a controlled and secure environment.

Data Isolation and Privacy

One of the key advantages of using this infrastructure services is the stringent data isolation it offers:

• Exclusive Data Access: Your prompts (inputs), completions (outputs), embeddings, and training data are not available to other customers.

• No External Sharing: This data is not available to OpenAI and is not used to improve OpenAI models.

• Controlled Model Training: Your data is not used to train, retrain, or improve AI foundation models, ensuring that your proprietary information remains confidential.

• No Unauthorized Use: The data is not used to improve any Microsoft, Google or third-party products or services without your explicit permission.

Types of Data Processed

Azure OpenAI processes various types of data to provide and enhance its services:

• Prompts and Generated Content: These are the inputs you provide and the outputs generated by the service.

• Uploaded Data: Data you supply for features like fine-tuning models or batch processing.

• Stateful Entities Data: Information stored when using features that require maintaining state, such as conversation threads.

• Augmented Data: Data retrieved from connected sources to enhance prompts and provide more grounded responses.

Data Storage and Encryption

Certain features necessitate data storage within the service:

• Secure Storage: Data is stored at rest within our own infrastructure in the EU

• Double Encryption: Data is encrypted using Microsoft’s AES-256 encryption by default.

• Data Deletion: You have the autonomy to delete your stored data at any time.

This stored data supports features such as:

• Customized Model Creation: Training data you provide is used exclusively for your use.

• Batch Processing: Enables efficient processing of large datasets.

Preventing Abuse and Ensuring Compliance

913.ai incorporates robust measures to prevent misuse and the generation of harmful content:

• Content Filtering: Real-time evaluation of prompts and responses to filter out harmful content.

• Safety Evaluations: Fine-tuned models undergo assessments to ensure they do not produce inappropriate outputs.

• Abuse Monitoring: Prompts and generated content are securely stored for up to 30 days to detect patterns of misuse, adhering to strict access controls and regional data storage policies.

For clients with stringent data handling policies, there’s an option to modify abuse monitoring features. Upon approval, prompts and completions are not stored, enhancing privacy while acknowledging the trade-off with reduced monitoring capabilities.

GDPR Compliance and ISO 27001 Certification

Being 100% GDPR compliant means that we:

• Lawful Data Processing: Process personal data lawfully, fairly, and transparently.

• Purpose Limitation: Collect data for specified, explicit purposes and not process it beyond these intentions.

• Data Minimization: Ensure that data collected is adequate, relevant, and limited to what is necessary.

• Accuracy: Keep personal data accurate and up to date.

• Storage Limitation: Retain data only as long as necessary.

• Integrity and Confidentiality: Process data securely to maintain its integrity and confidentiality.

Our pursuit of ISO 27001 certification in our stage is a testament to our dedication to maintaining and continually improving our information security management system (ISMS). This certification will validate our systematic approach to managing sensitive company and customer information, ensuring it remains secure.

Conclusion

At 913.ai, data security isn’t just a box to tick—it’s an integral part of our identity. By leveraging the secure infrastructure of Azure and Google services and adhering to stringent data protection regulations like GDPR, we ensure that your data is handled with the utmost care and security. Our ongoing efforts to achieve ISO 27001 certification further solidify our commitment to providing a secure, reliable, and trustworthy service.

Your trust is our priority, and we will continue to uphold the highest standards of data security to support your business needs in the realm of agentic automation.

For more information on our data security practices or to discuss how we can support your business securely, please contact us at contact@913.ai.