How does Profit.co safeguard your data while delivering secure and compliant AI-powered solutions?

Introduction

• Profit.co integrates AI-powered solutions using OpenAI, Gemini, and Azure GPT, allowing customers to choose their preferred service provider through API Keys. AI technology transforms organizations' operations, offering intelligent automation, insights, and decision-making capabilities. However, as AI adoption grows, so do data security, privacy, compliance, and ethical AI usage concerns.
• This document provides a comprehensive guide to Profit.co's AI security practices, addressing key concerns related to security, data privacy, compliance, data confidentiality, and usage policies.

Security Measures

• AI-generated insights and predictions are processed within a secure environment to prevent unauthorized access.
• AI models and services are hosted in secure cloud environments with stringent security controls.
• Customers can use AI services provided by OpenAI, Gemini, and Azure GPT via API Keys.
• Customers who are concerned about cloud-hosted AI models can explore local deployment options, although Profit.co currently does not support on-premise AI hosting.
• Profit.co’s AI models do not retain or use customer-specific data for training, ensuring confidentiality.

Data Privacy Policies

• AI modules in Profit.co only process data required for their intended functionality.
• No personal or sensitive customer data is used for AI model training.

Compliance & Regulatory Adherence

• Profit.co ensures compliance with GDPR by implementing privacy-by-design principles and providing data subject rights such as access, rectification, and erasure.
• Profit.co follows industry best practices for security controls and undergoes regular audits to maintain compliance with ISO 27001.
• AI models are designed to be fair, transparent, and unbiased.
• Ethical AI governance ensures that models do not discriminate based on gender, race, or other sensitive attributes.

AI Model Usage & Data Confidentiality

Note: Profit.co supports the following module providers OpenAI, Gemini, and Azure AI.

1. Will confidential data become public or be used for training public models?

No, data sent through API calls to AI model providers is not used for training public models. These providers explicitly state in their terms of service that customer inputs and outputs remain private.

2. What type of data is sent in prompts when using AI models?

AI features in Profit.co send structured textual prompts containing contextual input relevant to specific tasks (e.g., summarization, content generation, recommendations).

No personally identifiable or sensitive customer data is included unless explicitly provided by users.

PPP Review

Data Sent:

• Check-in comments entered by users during their PPP updates.
• Contextual data related to the check-in (e.g., OKR name, progress percentage, or any associated metadata, if included in the prompt).

Purpose:

• To analyze, summarize, or generate insights from the check-in comments.
• To provide structured feedback or suggestions based on the content of the comments.

Task Summarization

Data Sent:

• Task descriptions, titles, and status updates.
• Contextual data related to the task (e.g., assigned user, priority level, due date, progress percentage, or any associated metadata, if included in the prompt).

Purpose:

• To analyze, summarize, or generate insights from task updates.
• To provide structured feedback or suggestions based on the task details.
• To identify patterns in task completion and optimize workflow efficiency

3. What do the terms of service of module providers state regarding data usage and security?

OpenAI, Gemini, and Azure AI provide AI services governed by their respective terms of service.

• OpenAI does not use API-submitted data to train models.
• Gemini's data policies prohibit using customer data for model improvement unless explicitly opted in.
• Azure AI follows Microsoft's Responsible AI principles, ensuring customer data is not used to train foundation models and maintaining strict data privacy policies.

4. What are the options for locally hosted models compared to online subscription-based AI services?

• Clients may explore self-hosted AI models (such as open-source LLMs) for internal use.
• Currently, AI services in Profit.co integrate with hosted models (OpenAI, Gemini, Azure GPT) and do not support local or on-premise deployments, though future enhancements may be considered based on customer needs.

5. What guarantees are in place to ensure data is not used for training public models?

Module Providers have clear policies ensuring that data sent via their API Keys is not used for training models.

6. What do the terms of service of model providers say about data security?

AI service providers OpenAI, Gemini, and Azure AI have strict policies to ensure data security and privacy. Below are their key commitments:

1. OpenAI

• OpenAI does not use API-submitted data to train or improve its models.
• All API interactions are encrypted in transit using TLS, ensuring data security.
• OpenAI follows industry-standard security measures to prevent unauthorized access.
• Users retain ownership of their data and can manage data retention policies.

2. Gemini (Google AI)

• Customer data is not used to improve models unless explicitly opted in by the user.
• Google enforces stringent encryption standards (TLS in transit and AES-256 at rest) to protect data.
• Access controls and logging mechanisms ensure secure AI interactions.
• Data is processed within Google's highly secure infrastructure, adhering to global compliance standards.

3. Azure AI (Microsoft)

• Azure AI follows Microsoft’s Responsible AI principles to ensure data confidentiality.
• Customer data is not used to train foundation models.
• Microsoft provides enterprise-grade security with encryption at rest and in transit.
• Azure AI services comply with global regulations such as GDPR, HIPAA, and SOC 2.
• Customers retain full ownership of their data, and Microsoft does not store prompts or responses beyond necessary processing.

7. What assurances back these guarantees on data confidentiality and security?

• Compliance with contractual obligations and adherence to industry security frameworks (ISO 27001, SOC 2) provide additional guarantees.
• Customers should review the Module Provider’s official policies for detailed assurance statements.

Conclusion

Profit.co prioritizes security, privacy, and compliance in all AI-driven functionalities. By implementing robust security frameworks, ensuring transparency, and adhering to global regulations, we provide customers with AI-powered features that are secure, reliable, and privacy-conscious. For further details, contact our compliance team at  [support@profit.co].