A quick guide to understanding Data Security.
At AutogenAI, protecting your information is a top priority, and we have implemented robust safeguards to ensure it remains secure at every stage. Here’s how we protect it every step of the way.
How your data is processed
AutogenAI handles your data as a data processor, only processing it with your informed consent and strictly for providing our services. We ensure that your IP, confidential, and sensitive information is never shared with third-party subprocessors. Your data is never used to train our AI and Language Models. We have implemented strict "eyes-off" confidentiality agreements to guarantee this.
Data storage
External AI services do not store any data by special agreement with AutogenAI. We store and process customer data on cloud infrastructure, which is currently hosted in the UK but can be hosted in any region to suit client needs.
Security measures
Our platform architecture and security operations are designed to keep your data safe at all times. We utilize state-of-the-art encryption, which is FIPS 140 compliant, conduct regular security reviews, and have 24/7 onsite security to ensure maximum protection.
Facility security clearance
To gain clearance, we need backing from either a current approved contractor who plans to use our services on a classified contract or directly from the government. As highlighted in our FAQ section, it's important to remember that many procurement documents are not considered classified. Furthermore, client data would be inaccessible to us regardless of on-premise or cloud deployment.
NIST compliance
Yes, our security is NIST compliant, and we comply with the NIST Cybersecurity Framework. We are planning to demonstrate compliance with NIST 800-171 for handling Controlled Unclassified Information. If we were to host classified data, we would need to comply with NIST 800-53 or obtain a FedRAMP authorization. Alternatively, we could provide the software for a client to run themselves, i.e., on-prem or their-cloud deployment, with no access from us. In these cases, they take on the responsibility for implementing appropriate controls.
External certification
External Certifications: We undergo regular external audits to maintain globally recognized certifications, including ISO 27001:2022, Cyber Essentials Plus, CSA STAR, TX-RAMP, SOC 2, and other compliances. At AutogenAI, safeguarding your data is a top priority, and we're dedicated to providing you with the utmost confidentiality and privacy protection.
Well-trained team
Every member of the AutogenAI team is committed to maintaining the highest security standards. We provide regular security training to ensure everyone is equipped to uphold privacy and security. We have processes in place for continuous monitoring of our environment, incident response, and thorough risk management to promptly address any potential security issues.
Internet search safeguards
AutogenAI implements several measures to safeguard against data leakage and maintain traceability during internet searches. Although it's theoretically possible for third parties to log search activity, they can only identify AutogenAI as the source of the request. They can't trace the request back to an individual user, machine, IP address, or organisation. Additionally, the likelihood of user queries appearing on platforms like Google Trends is negligible, unless entered billions of times. The risk associated with using AutogenAI for internet searches is comparable to conducting a standard Google search, as the text chosen by the user is what is transmitted to Google.
Privacy rights
We respect your privacy rights and comply with global regulations like GDPR and CCPA. We continually review and enhance our data protection program to keep up with evolving privacy requirements.