Security & Privacy

Updated May 1, 2024

 

How private is my data on BoodleBox?

BoodleBox does not train AI models, so your data will never be used by boodleAI to train an AI model.

If you use a boodleAI controlled model (such as LLAMA 2 & 3), then your data never leaves the control of boodleAI.

If you use a third party model (such as one by OpenAI or Anthropic or Google), then your prompts are provided to the third party API, but anonymized so they cannot be connected to you as an individual or to your organization.

Unlike individual accounts with model providers, where the model provider can directly connect prompts to the user and generally reserves the right to train models on data provided to them, boodleAI uses commercial/business APIs where the terms of services prohibit the use of provided data for model training.

Here are details about these specific APIs and their handling of data received through their commercial APIs:

  • OpenAI API: Data provided to OpenAI’s API is not used to train OpenAI models and is not shared with any third parties beyond OpenAI. See OpenAI Business Terms and Enterprise Privacy Policy.
  • Anthropic API: Data provided to Anthropic’s APIs is not used to train Anthropic models and is not shared with third parties beyond Anthropic. “Customer Content is Customer’s Confidential Information.” See Anthropic Commercial Terms of Service.
  • Google Cloud API: Data provided to Google Cloud’s APIs is not used to train Google models and is not shared with third parties beyond Google. See Google Cloud Platform Terms of Service.

Uploaded documents are encrypted and secured by boodleAI on AWS and are never shared with third parties.

 

How secure is BoodleBox?

BoodleBox employs industry-leading security practices like encryption in transit and at rest, access controls, audits, and SOC 2 compliance to keep customer data secure. See full summary here.

boodleAI received a SOC 2 Type 1 certification in 2022. boodleAI is currently undergoing a recertification for SOC 2 Type 1.

 

What are BoodleBox’s terms and policies regarding data?

They are available here: Terms and Policies - BoodleBox.

 

Does Boodlebox have the capability to administer, maintain, and/or audit role-based access control?

BoodleBox has an admin console that allows workspace and team management. The admin can designate which other team members have admin access.

 

Are there any identity & access management controls that can be set up? (i.e. multifactor)

The main identity and access management controls that can be set up in BoodleBox are:

  • User profiles and authentication via passwords - Users can create profiles and set passwords to control access to their accounts.
  • Granular content permissions - Box creators can set visibility as private, unlisted, or public and assign view only or collaborate permissions to limit access.
  • Administrative controls - The admin console allows management of team membership.
    MFA is on the product roadmap.

So in summary, BoodleBox supports core identity management via user profiles and passwords as well as access management through both content permissions and administrative team/resource settings.

 

If you post a contract or a quote to a group chat, where is that document stored/maintained?

The files are stored both in their raw format and their embedded format in an encrypted boodle-controlled cloud server.

 

What third-party systems can get that information?

The raw files are never provided to third parties in their totality.

If you use a third party model (such as one by OpenAI or Anthropic) and attach knowledge to a chat, then select relevant portions of the files are provided to the third party API, but anonymized so they cannot be connected to you as an individual nor used to train a model.

 

If you are using one of Boodlebox's 1,000 bots like ChatGPT, is the integration/open integration secured using encryption for data at rest and in transit?

Yes. All data on our platform is encrypted at rest and all of our external apis are via encrypted endpoints.