How do you handle Personally Identifiable Information (PII)?
We take the privacy and security of your data very seriously. When it comes to PII, we have a multi-layered approach to protect it:
- We have an option to enable data redaction to scrub PII data from being passed around our servers. If this option is enabled, we’ll take phone numbers, emails, social security numbers, usernames, passwords, bank account numbers, and many other pieces of information and redact them from the text that is sent to our underlying models. We use Amazon Comprehend to ensure data scrubbing is done with the highest industry standards available. to scrub all PII data from being passed around. Learn more about our process here: Personally Identifiable Information (PII) Redaction via Amazon Comprehend.
- All message data is encrypted when it's being transferred around our systems and protected when stored as well. We use industry-standard encryption protocols and best practices to ensure that your data is safe.
- We're SOC-2 certified. SOC-2 is a widely recognized auditing standard that verifies that a company has established and follows strict information security policies and procedures.
If you copy/paste an email with PII in it to Cal, the data will be scrubbed by Evervault before being passed around.
How much data gets sent to downstream vendors like OpenAI and Anthropic?
We use OpenAI and Anthropic as our downstream providers of generative AI models. We don’t store more information than necessary with these underlying models, but we do sometimes send contextual information about a ticket (for example the historical of previous conversations in a ticket). We have the ability to redact Personally Identifiable Information (PII) from hitting our downstream vendors should you want to enable this (see Personally Identifiable Information (PII) Redaction via Amazon Comprehend).
Do you train your models on our data and use it for other customers?
We do not train our models on multiple users' data, so you don’t have to be worried about having your data appear for other customers. We have implemented strict protocols to keep data separate from other customers' information. Each customer is provided with their own sandboxed environment, which is completely isolated from other users' data.