
BoodleBox does not train AI models, so your data will never be used by boodleAI to train an AI model.
If you use a boodleAI controlled model (such as LLAMA 2 & 3), then your data never leaves the control of boodleAI.
If you use a third party model (such as one by OpenAI or Anthropic or Google), then your prompts are provided to the third party API, but anonymized so they cannot be connected to you as an individual or to your organization.
Unlike individual accounts with model providers, where the model provider can directly connect prompts to the user and generally reserves the right to train models on data provided to them, boodleAI uses commercial/business APIs where the terms of services prohibit the use of provided data for model training.
Here are details about these specific APIs and their handling of data received through their commercial APIs:
Uploaded documents are encrypted and secured by boodleAI on AWS and are never shared with third parties.
BoodleBox employs industry-leading security practices like encryption in transit and at rest, access controls, audits, and SOC 2 Type 1 compliance to keep customer data secure. See full summary here.
boodleAI received a SOC 2 Type 1 certification in 2024.
To read our full security policy go here: https://boodlebox.ai/security/
They are available here: Terms and Policies - BoodleBox.
BoodleBox is committed to complying with the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99), a federal law that protects the privacy of student education records. To the extent that boodleAI has access to student education records, it is deemed a “school official” under FERPA and will comply with the Act’s requirements regarding the use and redisclosure of personally identifiable information from education records. boodleAI will use education records only for the purpose of fulfilling its duties and providing services to the educational institution. It will not share such data with or disclose it to any third party except as provided for in the agreement with the educational institution, as required by law, or as authorized in writing by the educational institution or the student. boodleAI will provide appropriate training to its employees regarding their responsibilities under FERPA and will maintain appropriate safeguards to protect the security, confidentiality, and integrity of education records.
BoodleBox has an admin console that allows workspace and team management. The admin can designate which other team members have admin access.
The main identity and access management controls that can be set up in BoodleBox are:
So in summary, BoodleBox supports core identity management via user profiles and passwords as well as access management through both content permissions and administrative team/resource settings.
The files are stored both in their raw format and their embedded format in an encrypted boodle-controlled cloud server.
Raw files are never provided to third parties in their totality.
If you use a third party model (such as one by OpenAI or Anthropic) and attach knowledge to a chat, then select relevant portions of the files are provided to the third party API, but anonymized so they cannot be connected to you as an individual nor used to train a model.
Yes. All data on our platform is encrypted at rest and all of our external APIs are via encrypted endpoints.
BoodleBox is committed to providing an accessible, secure, and privacy-focused platform for responsible collaboration with AI.
BoodleBox is FERPA compliant and has a SOC 2 Type 1. We can provide a HECVAT and/or VPAT upon request.Please complete this form to request access to our security, privacy, and accessibility compliance documentation.
If you have any questions, comments or concerns or if you wish to report a potential security issue, please contact security@boodle.ai.
Learn more about the ins and outs of the BoodleBox workspace from our team of experts.
Schedule a meetingLooking for more information?