Learn about the privacy and security features of our implementation below so your organization can make accurate decisions with your legal teams about whether to adopt the feature.
ActionBot is provided by a third party service. This service itself uses third party AI in its operations.
Your instance of ActionBot only has access to your group’s data, so it is impossible for ActionBot to accidentally access data you are not allowed to query. This goes for other ActionBot users, they cannot access your data either. This is enforced in code, not via AI, so hallucinations and other similar mistakes in data access are not possible.
When using ActionBot, the service uses third party AI to transform your natural language question into SQL, and then runs that SQL query against your group’s data itself. AI never sees any data from the database, only database schema definitions. Your data is never sent to an LLM or other AI model, or accessed by any third party besides the one we use for this service.
Our security team has reviewed this third party’s security documentation and processes and we are comfortable with its implementation. Data is encrypted in transit and at rest, access to production systems is well secured, access is logged as it should be for auditing, and audits are regularly reviewed.
This third party has terms of service, privacy, and security policies in place that prevent it from sharing data with anyone beyond what is necessary to run the service (e.g. their own hosting service providers). And they are data law compliant and a subprocessor of ours, which means your data is covered by the same GDPR/CCPA and similar guarantees that we make to you, similar to the many other third parties we use to run our service.
The decision to use ActionBot is one that you will have to make for yourself and your organization, in consultation with your legal team. While we are satisfied with our third party’s security and privacy controls, both technical and legal, and have taken steps to enforce controls and separation of data in our end as well, your legal context and risk appetite may be different. We are happy to answer questions as we can, and get answers from the third party service as we are able, should you need further information.