How does Profit.co safeguard your data while delivering secure and compliant AI-powered solutions?

Introduction

• Profit.co integrates AI-powered solutions using OpenAI, Gemini, Azure GPT, and Claude, allowing customers to choose their preferred service provider through API Keys. AI technology transforms organizations' operations, offering intelligent automation, insights, and decision-making capabilities. However, as AI adoption grows, so do data security, privacy, compliance, and ethical AI usage concerns.
• This document provides a comprehensive guide to Profit.co's AI security practices, addressing key concerns related to security, data privacy, compliance, data confidentiality, and usage policies.

Security Measures

• AI-generated insights and predictions are processed within a secure environment to prevent unauthorized access.
• AI models and services are hosted in secure cloud environments with stringent security controls.
• Customers can use AI services provided by OpenAI, Gemini, Azure GPT, and Claude via API Keys.
• Customers who are concerned about cloud-hosted AI models can explore local deployment options, although Profit.co currently does not support on-premise AI hosting.
• Profit.co’s AI models do not retain or use customer-specific data for training, ensuring confidentiality.
• Regular audits and continuous monitoring are conducted to detect any security vulnerabilities or breaches, ensuring that data management practices remain secure and compliant with industry standards.

Data Privacy Policies

• AI modules in Profit.co only process data required for their intended functionality.
• No personal or sensitive customer data is used for AI model training.

Compliance & Regulatory Adherence

• Profit.co ensures compliance with GDPR by implementing privacy-by-design principles and providing data subject rights such as access, rectification, and erasure.
• Profit.co follows industry best practices for security controls and undergoes regular audits to maintain compliance with ISO 27001.
• AI models are designed to be fair, transparent, and unbiased.
• Profit.co follows ethical guidelines to ensure that models are fair, transparent, and unbiased, ensuring that the AI features do not produce discriminatory or inappropriate results.

AI Model Usage & Data Confidentiality

Note: Profit.co supports the following module providers OpenAI, Gemini, Azure GPT, and Claude.

1. Will confidential data become public or be used for training public models?

No, data sent through API calls to AI model providers is not used for training public models. These providers explicitly state in their terms of service that customer inputs and outputs remain private.

2. What type of data is sent in prompts when using AI models?

• AI features in Profit.co send structured textual prompts containing contextual input relevant to specific tasks (e.g., summarization, content generation, recommendations).
• No personally identifiable or sensitive customer data is included unless explicitly provided by users.

3. How Does Profit.co Enhance User Experience with AI-Powered Features?

Profit.co provides AI-powered features to enhance goal-setting, performance tracking, and collaboration. Users can enable or disable these AI capabilities based on their preferences.

4. What do the terms of service of module providers state regarding data usage and security?

OpenAI, Gemini, Azure GPT, and Claude provide AI services governed by their respective terms of service.

• OpenAI does not use API-submitted data to train models.
• Gemini's data policies prohibit using customer data for model improvement unless explicitly opted in.
• Azure AI follows Microsoft's Responsible AI principles, ensuring customer data is not used to train foundation models and maintaining strict data privacy policies.
• Claude AI ensures that customer data submitted via API is not used to train or improve models, and all data is encrypted in transit to protect privacy.

5. What are the options for locally hosted models compared to online subscription-based AI services?

• Clients may explore self-hosted AI models (such as open-source LLMs) for internal use.
• Currently, AI services in Profit.co integrate with hosted models (OpenAI, Gemini, Azure GPT, and Claude) and do not support local or on-premise deployments, though future enhancements may be considered based on customer needs.

6. What guarantees are in place to ensure that data is not used for training public models?

Module Providers have clear policies ensuring that data sent via their API Keys is not used for training models.

7. What do the terms of service of model providers say about data security?

AI service providers OpenAI, Gemini, Azure GPT, and Claude have strict policies to ensure data security and privacy. Below are their key commitments:

• OpenAI

• OpenAI does not use API-submitted data to train or improve its models.

• All API interactions are encrypted in transit using TLS, ensuring data security.

• OpenAI follows industry-standard security measures to prevent unauthorized access.

• Users retain ownership of their data and can manage data retention policies.

• Gemini (Google AI)

• Customer data is not used to improve models unless explicitly opted in by the user.

• Google enforces stringent encryption standards (TLS in transit and AES-256 at rest) to protect data.

• Access controls and logging mechanisms ensure secure AI interactions.

• Data is processed within Google's highly secure infrastructure, adhering to global compliance standards.

• Azure AI (Microsoft)

• Azure AI follows Microsoft’s Responsible AI principles to ensure data confidentiality.

• Customer data is not used to train foundation models.

• Microsoft provides enterprise-grade security with encryption at rest and in transit.

• Azure AI services comply with global regulations such as GDPR, HIPAA, and SOC 2.

• Customers retain full ownership of their data, and Microsoft does not store prompts or responses beyond necessary processing.
  

• Claude (Anthropic)

• Claude AI ensures customer data submitted via API is not used to train or improve models.

• Data is encrypted during transit using industry-standard TLS encryption to prevent unauthorized access.

• Customer data is processed within a secure infrastructure and not stored beyond necessary processing.

• Users retain full ownership of their data, with Claude AI not storing or repurposing data for public models.

• Claude AI follows best practices in data security and complies with global regulations to protect against data breaches.

8. What assurances back these guarantees on data confidentiality and security?

• Compliance with contractual obligations and adherence to industry security frameworks (ISO 27001, SOC 2) provide additional guarantees.
• Customers should review the Module Provider’s official policies for detailed assurance statements.

Conclusion

Profit.co prioritizes security, privacy, and compliance in all AI-driven functionalities. By implementing robust security frameworks, ensuring transparency, and adhering to global regulations, we provide customers with AI-powered features that are secure, reliable, and privacy-conscious. For further details, contact our compliance team at  [support@profit.co].