EasyAI Security Standards

Last updated July 3rd, 2024

Introduction

At Easygenerator we are committed to achieving the highest levels of security to protect client data across all our functionalities.

We follow an end-to-end approach to data security and privacy with everything from internal processes, external agreements, leading standards such as ISO 27001, and international regulations such as the GDPR.

Our EasyAI features are no different and are designed and operated adhering to the same standards.

EasyAI Features:

Chat

Description: An AI powered chatbot that Easygenerator users can converse with to resolve queries regarding their courses or otherwise.

AI functionality provided by: OpenAI

Quick Actions

Description: AI powered features designed to streamline your course creation on the Easygenerator tool by helping you brainstorm ideas, summarize ideas and turning your ideas into questions if needed.

AI functionality provided by: OpenAI

Course Builder

Description: Course Builder enables authors to generate comprehensive e-learning courses with a user-friendly interface that offers step-by-step guidance throughout the course creation process.

AI functionality provided by: OpenAI, Pinecone

Text-to-speech

Description: The feature uses a Neural Network-based algorithm where it takes a text input and returns an output in one of the banks of Amazon “voices” available.

AI functionality provided by: Amazon Polly

Automatic Translation (optional paid add-on)

Description: Amazon Translate is a Neural Machine Translation (MT) service for translating text between supported languages. The Automatic translation feature provides support for the translation of 75 languages.

AI functionality provided by: Amazon Translate

Partners:

OpenAI: OpenAI is a US research lab aiming to develop safe and powerful artificial intelligence, like the text-generating GPT-3. They focus on responsible AI advancement for the benefit of humanity.

Pinecone: Pinecone is a company specializing in vector databases, a powerful tool for AI applications. They’re headquartered in New York City. Their platform helps developers simplify building and deploying complex AI features by offering a user-friendly vector database solution.

AWS: Amazon Web Services, apart from offering our data storage and hosting services, is a major player in the AI service provider landscape, offering a comprehensive suite of tools and resources.

Ensuring data privacy

All of the data in transit from the Easygenerator platform to OpenAI is encrypted in transit and all data stored with Easygenerator and OpenAI is also encrypted at rest.

OpenAI ensures GDPR compliance and Easygenerator has a GDPR compliant DPA signed with them

All the data stored by Easygenerator with AWS is also safeguarded under ISO 27001 controls, of which both parties are certified

Contact Us

All queries regarding security and privacy at Easygenerator, EasyAI related or otherwise can be sent to [email protected]. Existing Easygenerator users can use our support chat on the tool to raise any queries as well.

FREQUENTLY ASKED QUESTIONS

Amazon Translate

How does it work in general?+

We use Amazon Translate for our translation. Details of the process can be found here:
https://help.easygenerator.com/en/articles/7966357-security-in-auto-translation-functionality

Is it transcribed and only the text will be transferred / processed?+

Only text content input to the Easygenerator tool can be translated at this point

Are photographs / pictures and videos excluded in the transfer / processing?+

Are graphs excluded in the transfer / processing?+

Will our data be used to train any large language models (if yes: which one, are these public or your private models, which safeguards do you have around these)+

No, we have opted out of Easygenerator data being used to train the language models. So no client data is used for model training.

How is the dataflow in all these cases protected?+

When we talk about the dataflow Easygenerator and AWS Translate service – in order to achieve that we establish a private connection between our VPC and AWS Translate so all the traffic is within the Amazon network. To encrypt data in transit, Amazon Translate uses TLS 1.2 with AWS certificates. We do not use document translation from the Amazon S3 buckets, so all the translated data is stored in our DBs, and the regular Easygenerator policies for the data protection are applied here.

OpenAI

About Easy AI, it is a module for content creation, which uses Open AI for the generation. From a Data Privacy perspective, does the access to all the associates posses any risk?+

No data of Easygenerator clients is used to train OpenAI algorithms. OpenAI does store all data input to it for thirty days and processes it to provide the outputs.All associates can refer to the AI Addendum to be aware of what kind of information to upload to the EasyAI features.

All personal information (included personal data) that will be enter into the module will be stored and processed by Easygenerator and Open AI for various purposes, among others machine learning. Can you please confirm if this is the case?+

The data will be stores and processed but not used for machine learning. This applies to all our AI functionalities. We opt-out of using client data to train any machine learning models.

Please can you also provide clarification as to why the data cannot be requested to be removed or deleted?+

Since the data processing is done by our sub-processor OpenAI, there is not currently a process in place where they can be requested to delete specific outputs in the one month duration they store the user inputs for content moderation.

Will you take any responsibility or have any controls/checks in place to restrict collection of sensitive data or is it solely the responsibility of end users which id recorded once users click on the opt-in consent pop-up.+

We do not explicitly collect any sensitive data via the Easy AI features. We store and process whatever input is put into the features, if that includes sensitive information, we do not have visibility into that as the data flow is encrypted and we do not access customer data unless there is an urgent issue. The personal information collected remains the same on the EG platform with or without using EasyAI

The AI Addendum does not clearly states How the data is handled by OpenAI – just a contract with OpenAI is not be sufficient – What about the technical controls+

The technical controls used by OpenAI can be found here: https://openai.com/security
As a consumer taking OpenAI’s services it is not within our control to dictate their technical measures

What does it take to qualify for requesting data deletion before 30 days or even completely opt-out of storage of this data?+

We have already reached out to OpenAI to explore the specific plan Easygenerator can purchase to qualify for opting-out of misuse monitoring. Their response is still pending and at present we do not know the exact metrics required for this opting-out.

Can EasyAI feature be explicitly disabled if requested by the Client?+

Yes, it can be disabled anytime for the client

Feedback data is shared with OpenAI or it’s only retained at EasyGenerator? How long this data will be retained?+

Feedback data is only retained by us at Easygenerator. We retain it until a client’s license expires.

Could you please summarize the different data collection channels that you would use for improving the service and how long it will be stored? Refer below.+

The data channels are the usage metrics and feedback given for the AI functionalities i.e. AskAI and EasyAI. This can include for example the frequency of use of use of the AI features or which quick action function they use etc.