Frontline Copilot Governance FAQ
  • 07 May 2024
  • 3 Minutes to read
  • Contributors

Frontline Copilot Governance FAQ

Article summary


Understanding and addressing our customers' concerns about data privacy, security, and governance is paramount, especially when using advanced features like our Frontline Copilot® that leverages Large Language Models (LLMs) and interacts with external AI services. The questions listed in this document reflect potential inquiries from customers about how their data is handled and protected. Answering these questions transparently helps build trust, ensures regulatory compliance, and demonstrates our commitment to responsibly managing and protecting customer data. It's not just about meeting legal obligations; it's about fostering a culture of respect for customer data and showcasing our dedication to providing secure, reliable, and trustworthy services.

The full Frontline Copilot® Terms of service is available here.


How and where is the data entered into or used with Frontline Copilot® features stored within Tulip, how long is it retained, and can it be completely and securely deleted upon request?

Data used or created when using Frontline Copilot® features is covered by Tulip’s privacy policy and general terms of service like any other data in the Tulip platform. This means the same storage, deletion and retention policies as for the Tulip platform as a whole apply.

Is Tulip using external service providers as part of the Frontline Copilot® feature set?

Yes. Tulip is using the following external service providers for this purpose:

How is the data entered into the Frontline Copilot® features transmitted to external service providers?

All data transfers are using state-of-the-art secure connections. Where possible, connections are established via virtual private networks (Azure Vnet Peering, AWS PrivateLink, Site-to-site VPN). All public connections are using HTTPS, a widely-accepted standard for secure data transmission.

Is the data transmitted to external service providers for Frontline Copilot® features retained by them and/or used for training models?

Data transmitted to external service providers is only used by them to provide the core service it was transmitted for. No data is retained or used for training models. The service providers we work with either have appropriate policies by default or offer the ability to opt out of any data use beyond providing the core service. For the latter, Tulip has fully opted out of any such use. For details, see the policies listed below.

What data governance policies do the service providers for Frontline Copilot® features have in place to ensure the privacy and security of my data?

The following policies apply for the different service providers

  • AWS
    • Textract Data Protection: Link
    • General AI Opt Out Policies: Link
  • Azure
    • OpenAI Service - Data Privacy: Link
      • Tulip has also opted out of asynchronous abuse monitoring.
    • Speech Services - Data Privacy and Security: Link
  • DeepL
    • Data Security for Pro Subscribers: Link

We additionally have data processing agreements or addendums (DPAs) in place with all three providers. A DPA is a contract between a data controller and data processor under the EU general data protection regulation (GDPR) that sets out the respective rights and obligations of the controller and data processor with respect to the processing of the personal data being handled.

In which geographical regions is data processed by external service providers?

For Azure and AWS, the following regions are used:

Tulip Hosting RegionAWS Services RegionAzure Services Region
us-east-1 (AWS)us-east-1eastus
us-west-2 (AWS)us-west-2eastus
eu-central-1 (AWS)eu-central-1westeurope
eastus (Azure)us-east-1eastus
centralus (Azure)us-east-1eastus
westeurope (Azure)eu-central-1westeurope
eastjapan (Azure)ap-northeast-1westeurope

As per their policies, DeepL data processing happens in a data center in Finland. (Status: 9/26/2023)

Which Frontline Copilot® features are using which service providers?

Automation ActionsTranslateDeepL
Trigger ActionsAnswer question from documentAzure OpenAI Service OR AWS Bedrock Service, AWS Textract
Answer question from dataAzure OpenAI Service
Extract value(s) from imageAWS Textract
Extract value(s) from documentAWS Textract
Classify (DEPRECATED)Azure OpenAI Service
Translate Trigger action and Automation ActionDeepL
WidgetsSpeech to textAzure Speech Services
Frontline Copilot™ for Custom WidgetsAzure OpenAI Service
Operator chat widgetAzure OpenAI Service OR AWS Bedrock Service
AI App TranslationAI TranslationDeepL
TablesChat with TablesAzure OpenAI Service OR AWS Bedrock Service

Any other questions?

Ask Us! Email the team at with any other questions.

Was this article helpful?