Frontline Copilot Governance FAQ
- 07 May 2024
- 3 Minutes to read
- Contributors
- Print
Frontline Copilot Governance FAQ
- Updated on 07 May 2024
- 3 Minutes to read
- Contributors
- Print
Article Summary
Share feedback
Thanks for sharing your feedback!
Intro
Understanding and addressing our customers' concerns about data privacy, security, and governance is paramount, especially when using advanced features like our Frontline Copilot® that leverages Large Language Models (LLMs) and interacts with external AI services. The questions listed in this document reflect potential inquiries from customers about how their data is handled and protected. Answering these questions transparently helps build trust, ensures regulatory compliance, and demonstrates our commitment to responsibly managing and protecting customer data. It's not just about meeting legal obligations; it's about fostering a culture of respect for customer data and showcasing our dedication to providing secure, reliable, and trustworthy services.
The full Frontline Copilot® Terms of service is available here.
FAQ
How and where is the data entered into or used with Frontline Copilot® features stored within Tulip, how long is it retained, and can it be completely and securely deleted upon request?
Data used or created when using Frontline Copilot® features is covered by Tulip’s privacy policy and general terms of service like any other data in the Tulip platform. This means the same storage, deletion and retention policies as for the Tulip platform as a whole apply.
Is Tulip using external service providers as part of the Frontline Copilot® feature set?
Yes. Tulip is using the following external service providers for this purpose:
- AWS:
- Responsible AI Policy
- Terms of Service
- Bedrock Service
- Claude3 Haiku
- Titan Embedding
- Specific models subject to change
- Textract Service
- Azure:
- Code of Conduct
- OpenAI Service
- Gpt3.5 turbo
- Specific models subject to change
- Speech Services
- DeepL:
- Pro License
- Pro subscription translation service
How is the data entered into the Frontline Copilot® features transmitted to external service providers?
All data transfers are using state-of-the-art secure connections. Where possible, connections are established via virtual private networks (Azure Vnet Peering, AWS PrivateLink, Site-to-site VPN). All public connections are using HTTPS, a widely-accepted standard for secure data transmission.
Is the data transmitted to external service providers for Frontline Copilot® features retained by them and/or used for training models?
Data transmitted to external service providers is only used by them to provide the core service it was transmitted for. No data is retained or used for training models. The service providers we work with either have appropriate policies by default or offer the ability to opt out of any data use beyond providing the core service. For the latter, Tulip has fully opted out of any such use. For details, see the policies listed below.
What data governance policies do the service providers for Frontline Copilot® features have in place to ensure the privacy and security of my data?
The following policies apply for the different service providers
- AWS
- Azure
- DeepL
- Data Security for Pro Subscribers: Link
We additionally have data processing agreements or addendums (DPAs) in place with all three providers. A DPA is a contract between a data controller and data processor under the EU general data protection regulation (GDPR) that sets out the respective rights and obligations of the controller and data processor with respect to the processing of the personal data being handled.
In which geographical regions is data processed by external service providers?
For Azure and AWS, the following regions are used:
| Tulip Hosting Region | AWS Services Region | Azure Services Region |
|---|---|---|
| us-east-1 (AWS) | us-east-1 | eastus |
| us-west-2 (AWS) | us-west-2 | eastus |
| eu-central-1 (AWS) | eu-central-1 | westeurope |
| eastus (Azure) | us-east-1 | eastus |
| centralus (Azure) | us-east-1 | eastus |
| westeurope (Azure) | eu-central-1 | westeurope |
| eastjapan (Azure) | ap-northeast-1 | westeurope |
As per their policies, DeepL data processing happens in a data center in Finland. (Status: 9/26/2023)
Which Frontline Copilot® features are using which service providers?
| Category | Feature | Services |
|---|---|---|
| Automation Actions | Translate | DeepL |
| Trigger Actions | Answer question from document | Azure OpenAI Service OR AWS Bedrock Service, AWS Textract |
| Answer question from data | Azure OpenAI Service | |
| Extract value(s) from image | AWS Textract | |
| Extract value(s) from document | AWS Textract | |
| Classify (DEPRECATED) | Azure OpenAI Service | |
| Translate Trigger action and Automation Action | DeepL | |
| Widgets | Speech to text | Azure Speech Services |
| Frontline Copilot™ for Custom Widgets | Azure OpenAI Service | |
| Operator chat widget | Azure OpenAI Service OR AWS Bedrock Service | |
| AI App Translation | AI Translation | DeepL |
| Tables | Chat with Tables | Azure OpenAI Service OR AWS Bedrock Service |
Any other questions?
Ask Us! Email the team at copilot@tulip.co with any other questions.
Was this article helpful?
