The heyCASEy.io chat based large language model pays particular attention to privacy and security. This article discusses how we have secured your data.
Who runs the model?
Currently the model is hosted by openAI.com. We utilize their API specifically designed to allow third-party companies to embed the GPT models into applications. We make secure calls to their API and securely manage the results when they return. Specifically, the OpenAI API privacy agreement for enterprise and API customer is detailed here and their general privacy policy here.
In a nutshell, they state -
We (openAI or CASEy, Inc.) do not train on your business data (data from ChatGPT Team, ChatGPT Enterprise, or our API Platform)
You own your inputs and outputs (where allowed by law)
You control how long your data is retained
We’ve (openAI) been audited for SOC 2 compliance (ChatGPT Enterprise and API)
Data encryption at rest (AES-256) and in transit (TLS 1.2+)
Do you save our prompts or responses?
No. They are one time calls and responses that we do not store on any servers or databases. Even if you click the "Good Response" or "Bad Response" button below the responses in the heyCASEy panel, we just log a Good or Bas but NOT the prompt or responses.
Can we opt out of these features?
We are working on an administrative setting to control access to these features within app.heycasey.io. At the moment if you are concerned, open a support ticket and we'll work with you. We hope you don't, as the benefits of these features are enormous.
What data do you send?
It varies, in the Strategy pages we typically send the company background. We've designed our features so that a lot more data comes IN from the language model than goes out. For example, when setting Vision, typically we send the company background from a public website for your company, but you get back visions. We don't need proprietary information at this level, so we don't ask.
Here is a general guide -
Vision prompts: Name and Company background. The content of the value proposition, customer segments and competitors are only sent if populated (often they get filled in by the response)
Strategic Challenges: Vision data (name, background, value prop, customers and competitor data if available).
Ideas: The vision and strategic challenge data.
If privacy and secrecy is a concern, we suggest limiting what data you enter. heyCASEy doesn't need detailed information about your plans to offer innovative suggestions of challenges, ideas, and prioritization. We suspect there is more danger in emails than the data you capture in heyCASEy.io
We take privacy seriously. And welcome any concerns. Reach out to us if you want to talk with our technical teams about specifically how these features are secured and work.