Skip to main content
All CollectionsPolicies
Scispot AI Security and Privacy Policy
Scispot AI Security and Privacy Policy

Scibot policies

S
Written by Satya Singh
Updated over 5 months ago

Introduction

Scispot AI (Scibot) is built with a strong focus on security, compliance, and privacy. Our policies ensure that customer data remains confidential and is protected at all times. This document outlines the principles and measures we uphold to maintain these standards.

1. Customer Data Never Leaves Your Scispot Instance

Data Usage and Privacy

  • Customer Data Isolation: Customer data is isolated and segmented, ensuring each customer's data is kept separate and secure.

  • No Global Training: Customer data is never used to train our global models. All data processing and model training are confined to the customer's instance.

  • Cloud AI Controls: Robust security controls, including data encryption, access management, and compliance with industry standards, are utilized to manage and process data securely.

Data Handling Practices

  • Data Storage: All customer data is stored securely in a segmented customer database, complying with all relevant security and compliance standards.

  • Data Processing: Data processing is performed on secure Scispot servers, ensuring data transformations and embedding generation remain within the secure cloud environment.

  • Data Access: Access to customer data is strictly controlled and monitored. Only authorized personnel have access, and all access is logged and audited.

2. We Do Not Train Any Models on Customer Data

Off-the-Shelf Models and Statelessness

  • Retrieval Augmented Generation (RAG): We use off-the-shelf models in a stateless way by employing RAG. This means the model does not retain any data. For example, when summarizing a labspace page, the LLM receives a prompt containing the message to be summarized, along with instructions for how to do so.

  • Privacy Benefits: The statelessness of RAG ensures that all results are grounded in your company’s knowledge base, making them more relevant and accurate without the risk of data retention.

3. Scispot AI Upholds Enterprise-Grade Security and Compliance

Adherence to Standards

  • SOC 2 and HIPAA Compliance: Scibot AI adheres to SOC 2 and HIPAA controls, ensuring all data handling processes meet these rigorous standards. We also comply with any additional data commitments stipulated in our client contracts.

  • Regulatory Compliance: Our data handling practices comply with all relevant regulations and standards, including 21 CFR Part 11 compliance, HIPAA, and others as applicable.

  • Advanced Security Measures: We implement advanced security measures to protect customer data, including encryption, access controls, and regular security audits.

4. Customer Rights and Control

Data Ownership and Control

  • Data Ownership: Customers retain full ownership of their data. Scibot processes data solely on behalf of the customer and in accordance with their instructions.

  • Personalized Experience: Customers can opt for a personalized experience with Scibot or choose to remove the service from their account if they do not wish to use it.

  • Data Deletion: Customers can request the deletion of their data at any time. Upon such requests, all customer data will be permanently deleted from our systems.

5. Customers Can Choose to Switch Off Scispot AI Functionalities

Opt-Out Option

  • Removal of Scibot: If customers prefer not to use the personalized features of Scibot, they can remove the service from their account through account settings or by contacting our support team.

Conclusion

Scispot AI is committed to maintaining the highest standards of security, compliance, and privacy. We ensure that customer data is protected and used responsibly, providing our users with control over their data and peace of mind. For further information or assistance, please contact our support team.

Did this answer your question?