AI

Overview

Introduction

At Meaningful, we leverage advanced AI technologies to power our market research platform. Our commitment to data privacy and security extends to our use of AI services. Here's an overview of our AI infrastructure and security measures:

AI Providers

We use AI models from three reputable cloud providers:

  1. Anthropic Models: Hosted on AWS Bedrock in Frankfurt, Germany.
  2. Google's Vertex AI Model: Hosted in Europe.
  3. OpenAI Models: Deployed on Microsoft Azure in Europe.

Data Handling and Security

Our use of AI services adheres to strict data protection standards:

  • No Training on Customer Data: The AI models we use are not trained on any customer data, ensuring the privacy and confidentiality of all customer information.
  • Data Locality: All data processing occurs within European data centers, complying with data residency requirements.
  • No Data Transfer to US: Customer data is not sent to the United States or any other region outside of Europe for any purpose.
  • Secure API Connections: All communications with AI services use encrypted HTTPS connections.
  • Tokenization: Where applicable, sensitive data is tokenized before being processed by AI models.

Cloud Infrastructure Security

AWS, Google Cloud, and Microsoft Azure maintain instances of these AI models on their respective cloud infrastructures, offering enterprise-grade security:

  • AWS Bedrock:
    • Compliant with ISO 27001, SOC 2, and GDPR standards.
    • VPC endpoints for private network access.
    • AWS Key Management Service (KMS) for encryption key management.
  • Google Cloud Vertex AI:
    • Compliant with ISO 27001, SOC 2, and GDPR standards.
    • Private Google Access for enhanced network security.
    • Cloud Key Management Service for customer-managed encryption keys.
  • Microsoft Azure (for OpenAI models):
    • Compliant with ISO 27001, SOC 2, and GDPR standards.
    • Azure Private Link for secure, private connectivity.
    • Azure Key Vault for secure key management and encryption.

Additional Security Measures

  • Access Controls:
    • Role-Based Access Control (RBAC) implemented for AI service access.
    • Multi-Factor Authentication (MFA) required for all administrative access.
  • Audit Logging:
    • Comprehensive logging of all AI service interactions.
    • Regular audit log reviews to detect any unusual activities.
  • Data Encryption:
    • End-to-end encryption for data in transit and at rest.
    • Use of TLS 1.3 for all data transmissions.
  • Regular Security Assessments:
    • Periodic vulnerability scans on our infrastructure interfacing with AI services.

Incident Response and Data Protection

  • Incident Response Plan: We are developing a robust plan to address any potential AI-related security incidents promptly.
  • Data Deletion: Capability to immediately terminate AI processing and ensure data deletion if required.
  • Contractual Safeguards: Our agreements with AI service providers include strong data protection clauses.

Compliance and Certifications

While we are continuously working towards achieving formal certifications, we currently leverage the extensive compliance and certification frameworks of our cloud providers:

  • Cloud Provider Compliance: Our AI services run on AWS and Google Cloud infrastructures, which are compliant with major standards including GDPR, ISO 27001, and SOC 2.
  • GDPR Alignment: Our practices and processes are designed to align with GDPR requirements.
  • Ongoing Efforts: We are actively working towards achieving our own formal certifications to further enhance our security posture.

Transparency and Control

  • AI Usage Disclosure: We provide clear communication to customers about how and when AI is used in our services.
  • Opt-Out Options: Where feasible, we provide options for customers to opt out of AI-processed services.
  • Data Processing Agreements: We offer comprehensive DPAs that cover our AI usage.

Continuous Improvement

  • Technology Monitoring: We continuously monitor AI security advancements and implement best practices.
  • Feedback Loop: We maintain open channels for customer feedback on AI usage and security concerns.

For any questions or concerns regarding our use of AI services and related security measures, please contact our team at contact@meaningful.app.

Previous
Overview