Privacy & Security

Data Privacy on BoodleBox

BoodleBox does not train AI models, so your data will never be used by boodleAI to train an AI model.

If you use a boodleAI controlled model (such as LLAMA 2 & 3), then your data never leaves the control of boodleAI.

If you use a third party model (such as one by OpenAI or Anthropic or Google), then your prompts are provided to the third party API, but anonymized so they cannot be connected to you as an individual or to your organization.

Unlike individual accounts with model providers, where the model provider can directly connect prompts to the user and generally reserves the right to train models on data provided to them, boodleAI uses commercial/business APIs where the terms of services prohibit the use of provided data for model training.

Here are details about these specific APIs and their handling of data received through their commercial APIs:

• OpenAI API: Data provided to OpenAI’s API is not used to train OpenAI models and is not shared with any third parties beyond OpenAI. See OpenAI Business Terms and Enterprise Privacy Policy.

• Anthropic API: Data provided to Anthropic’s APIs is not used to train Anthropic models and is not shared with third parties beyond Anthropic. “Customer Content is Customer’s Confidential Information.” See Anthropic Commercial Terms of Service.

• Google Cloud API: Data provided to Google Cloud’s APIs is not used to train Google models and is not shared with third parties beyond Google. See Google Cloud Platform Terms of Service.

Uploaded documents are encrypted and secured by boodleAI on AWS and are never shared with third parties.

BoodleBox Security

BoodleBox employs industry-leading security practices like encryption in transit and at rest, access controls, audits, and SOC 2 Type 1 compliance to keep customer data secure. See full summary here.

boodleAI received a SOC 2 Type 1 certification in 2024. 

To read our full security policy go here: https://boodlebox.ai/security/

BoodleBox Terms & Policies

They are available here: Terms and Policies – BoodleBox.

BoodleBox FERPA Compliance Status

BoodleBox is committed to complying with the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99), a federal law that protects the privacy of student education records. To the extent that boodleAI has access to student education records, it is deemed a “school official” under FERPA and will comply with the Act’s requirements regarding the use and redisclosure of personally identifiable information from education records. boodleAI will use education records only for the purpose of fulfilling its duties and providing services to the educational institution. It will not share such data with or disclose it to any third party except as provided for in the agreement with the educational institution, as required by law, or as authorized in writing by the educational institution or the student. boodleAI will provide appropriate training to its employees regarding their responsibilities under FERPA and will maintain appropriate safeguards to protect the security, confidentiality, and integrity of education records.

Administering, Maintaining, and/or Auditing Role-Based Access Control

BoodleBox has an admin console that allows workspace and team management. The admin can designate which other team members have admin access.

Identity & Access Management Controls (i.e. multifactor)

The main identity and access management controls that can be set up in BoodleBox are:

• User profiles and authentication via passwords – Users can create profiles and set passwords to control access to their accounts.
• Granular content permissions – Box creators can set visibility as private, unlisted, or public and assign view only or collaborate permissions to limit access.
• Administrative controls – The admin console allows management of team membership.
  MFA is on the product roadmap.

So in summary, BoodleBox supports core identity management via user profiles and passwords as well as access management through both content permissions and administrative team/resource settings.

Knowledge Storage & Maintenance

The files are stored both in their raw format and their embedded format in an encrypted boodle-controlled cloud server.

Third-Party Information Access

Raw files are never provided to third parties in their totality.

If you use a third party model (such as one by OpenAI or Anthropic) and attach knowledge to a chat, then select relevant portions of the files are provided to the third party API, but anonymized so they cannot be connected to you as an individual nor used to train a model.

Secured Integration / Open Integration

Yes. All data on our platform is encrypted at rest and all of our external APIs are via encrypted endpoints.

Compliance Documentation

BoodleBox is committed to providing an accessible, secure, and privacy-focused platform for responsible collaboration with AI. 

BoodleBox is FERPA compliant and has a SOC 2 Type 1. We can provide a HECVAT and/or VPAT upon request.Please complete this form to request access to our security, privacy, and accessibility compliance documentation.

Contact Us

If you have any questions, comments or concerns or if you wish to report a potential security issue, please contact [email protected].