CustomGPT.ai Blog

Enhancing Data Security and Compliance at CustomGPT.ai

Data Security

Data security is a top priority for CustomGPT.ai. This blog outlines the importance of protecting user data, the measures we take to ensure its security, and how users can further safeguard their information.

The Importance of Data Security and Measures

Data security is essential for safeguarding sensitive information from unauthorized access, which could lead to breaches and misuse. Here’s why robust security measures are critical for CustomGPT.ai users:

  • Protection from Unauthorized Access: Prevents unauthorized parties from accessing sensitive data.
  • Maintaining Confidentiality: Ensures that only authorized personnel can access critical information.
  • Preventing Data Leakage: No user data is used for model training, and each chatbot operates in a siloed environment.
  • Building Trust: Strong security measures reinforce user trust by demonstrating that their data is managed securely and privately.

What measures does CustomGPT.ai take to ensure data security?

CustomGPT.ai employs several stringent measures to protect user data:

  • SOC 2 Type 2 Compliance: We are thrilled to announce that CustomGPT.ai has achieved SOC 2 Type 2 compliance. This certification is a testament to our commitment to upholding the highest standards of data security, particularly benefiting customers in regulated industries.
  • Secure Data Storage: Utilizes Amazon Web Services (AWS) for secure cloud storage with robust security features.
  • Data Isolation: Each chatbot is completely isolated, ensuring user data does not mix with others’.
  • Encryption and Access Controls: Implements strong security protocols to protect data from unauthorized access.
  • Regular Updates and Improvements: Continuously enhances security measures to address evolving threats.
  • Immediate Data Deletion Option: Offers users the option to delete their data immediately after processing.

Compliance with Regulations

CustomGPT.ai adheres to international data protection laws, including GDPR and SOC 2 standards. We integrate stringent security measures and privacy protocols to ensure compliance and protect user data.

How does CustomGPT.ai comply with GDPR?

CustomGPT.ai ensures GDPR compliance through several key strategies:

  • User Consent for Data Collection: Consent is obtained transparently at the onset of user interaction, with clear communication about the type of data collected and its use.
  • Protecting User Data: Implements robust security measures to protect data from unauthorized access and leaks, adhering to data minimization principles.
  • Data Anonymization and Encryption: All data, whether in transit or at rest, is fully encrypted.
  • Minimal Data Collection: Only essential data necessary for service operations is collected.
  • In-Built Anonymization: Sensitive data such as Personally Identifiable Information (PII) is anonymized during processing.
  • Rights to Access and Deletion: Users can easily access their data and request its deletion, underscoring the platform’s commitment to data ownership and privacy.
  • Data Breach Notifications: Quick detection systems for data breaches are in place, with mechanisms to notify users and guide them on securing their data, alongside mandatory reporting to authorities.
  • Third-Party Sharing: CustomGPT.ai is dedicated to maintaining the highest standards of data security and privacy. We do not share any user data, including anonymized data, with third parties.
  • Interactive Engagement with GDPR: Users are encouraged to manage their privacy settings actively, including viewing and deleting their data as they see fit.

What is SOC 2 Compliance and how does CustomGPT.ai meet its requirements?

SOC 2 is an auditing standard developed by the AICPA that focuses on five trust principles: security, availability, processing integrity, confidentiality, and privacy. CustomGPT.ai meets these requirements through:

  • SOC 2 Type 2 Compliance: CustomGPT.ai has achieved SOC 2 Type 2 compliance, ensuring continuous protection and security of customer data.
  • Security Measures: Employs comprehensive security programs and uses tools like Sprinto for continuous control monitoring.
  • Independent Audit: Security practices and compliance are rigorously audited by an independent third party.

New Features Enhancing Security and Usability: Single Sign-On (SSO) Authentication

SSO is a user authentication process that allows access to multiple applications with a single set of login credentials. This feature enhances security and simplifies the login process. CustomGPT.ai provides SSO for:

  • Organizations and Teams: Available on Enterprise plans, enabling secure login using popular Identity Providers (IdPs).
  • Chatbot Users: Coming soon for specific user groups like internal teams and students.

What are the advantages of using SSO?

Here are some of the benefits of using SSO:

  • Enhanced Security: Minimizes the number of passwords users need to manage.
  • Streamlined Access: Provides a smoother and faster sign-in process.
  • Centralized Management: Easier management of user access and credentials, particularly for large organizations.

How can users set up SSO?

Here’s how to set up a Single Sign-On (SSO) for your domain with CustomGPT.ai through various identity providers.

Step 1: Sign In

Sign in to CustomGPT.ai 

customgpt sign in

Step 2: Access Your Profile

Click on your user icon located at the top right corner of the dashboard, and then select My Profile from the dropdown menu.

My Profile

Step 3: Navigate to Single Sign On

Locate and click the Single Sign On (SSO) tab available in the top menu bar of your profile.

SSO

Step 4: Add your domain

a) Under the “Add Your Domain” section, enter the domain for which you wish to activate SSO.

Add your domain

b) Follow the provided instructions to update your DNS records via your DNS provider’s website.

Instruction To update DNS Records

Domain verification status will update automatically to “Verified” once the DNS settings have propagated, which typically takes between 15 to 20 minutes. However, it may take up to 72 hours in extreme cases.

If status doesn’t change to “verified” after 72 hours, please contact our support.

Verified Domain

Step 5: Set up your Identity Provider

Follow the guide to make necessary configurations on your Identity Provider’s website. Set up your Identity Provider by following the relevant guide:

During setup, you will need to provide your ACS URL and Entity ID, which are accessible on the page.

ACS URL & Entity ID

Step 6: Set up SAML Integration

Complete the SAML integration by providing details from your Identity Provider which can be:

a) Imported via URL

AD 4nXdT3RGJ03QI5Z1RsDRaMc9uE a0of lanXutBYsVqDQbqVFGAG FqlOMSYaOcoNK9u9F10xXJR1fMrj2IEFcgS CzYywuQcugCmrYHjfx3Zz

b) Imported via XML

Imported via XML

c) Entered manually

Enter manually

Step 7: Configure Advanced Settings

Once your domain is verified and SAML is configured, you can access the “Advanced Settings” to customize your SSO setup:

AD 4nXc4uuI2Y8NAMPQ3acLYtgDw7WuHl xWj 0xgpOGw9aHlWhwDnrDTGV4j7

a) Email Authentication Options:

Capture company emails – Choose how we should authorize company emails. Available options are:

  1. Allow login only using SSO – your team members will be able to login only via SSO route
  2. Allow login via SSO and email/password keypair – your team members will be able to login both via SSO and via traditional email & password route
Email Authentication Options

b) User Role Configuration:

Choose a role for new members based on the Roles set up in your Team Settings page.

AD 4nXd8o20KG55 0FBtnZdi4q g2h5h3KV hXE0jVVWSEE592xfzmuMr9qjr 89e9Dh6cPKHyTkLVrIAHuTnu5cQZfDhYLAHZtkQUUwQ6dtPnRqNY0KuQ59cbpOnF7Vf0LEXFMZdG1UzbY7XKub

c) SCIM Integration:

Enable SCIM integration. Once enabled, SCIM will automatically synchronize with your Identity Provider. Available options are:

  1. SCIM integration disabled.
  2. SCIM integration enabled: User data in CustomGPT.ai will automatically update when changes are made in your Identity Provider and create/update/delete settings should be configured on your Identity Provider.
SCIM integration

d) Email Deletion Handling:

  1. Projects will be Deleted with the user
  2. Projects will be transferred to your account – this action can impact your storage credits
Email Deletion Handling

Security Protocols and Responses

CustomGPT.ai has robust processes in place to detect and respond to data breaches. Strict access controls limit data access to authorized personnel only, and all operations are private by default, safeguarding user data. Strong security measures are employed to prevent breaches, and users can report suspicions of security issues via email to ops@customgpt.ai. Any reported breaches are thoroughly investigated to understand their scope and impact.

To further enhance security, CustomGPT.ai implements Two-Factor Authentication (2FA). This crucial security measure adds an extra layer of protection to online accounts by requiring not only a password and username but also something that only the user has, such as a physical token.

What are the benefits of Two-Factor Authentication (2FA)?

Here are some of the benefits of 2FA:

  • Enhanced Security: By requiring an additional layer of verification, 2FA significantly reduces the risk of unauthorized access.
  • Data Privacy: Ensures that even if a password is compromised, the account remains secure.
  • Protection Against Phishing: Adds a barrier against phishing attacks, as the attacker would need the second factor to gain access.

How to enable 2FA

Here’s how to enable 2FA:

Step 1: Sign in

a) Sign in to CustomGPT.ai 

customgpt sign in

Step 2: Access My Profile

a) Click on “My Profile“.

My Profile

Step 3: Access Security

a) Click on “Security“.

Security

Step 4: Enable Two Factor Authentication (2FA)

a) Locate the Two Factor Authentication section.

AD 4nXfEGVyatMwsjWUbnyvHUeGzRXNbLnXxbe8ZkrK 7oNw2AxG3G1HCAqfYniYkHwI9CuGl Ep

b) Click on “Enable“.

AD 4nXdHI7qRaW0w4UDni4nPA00yQqw3HCWog69qJmElJwdwK gx0ThZSfoB7xhCAqmtHxsMHu8Z7Ax1hvrEhS QfnJrOdEgoyQzsdqQJ0MZpocaifBGQRVHy

c) Input your Password.

AD 4nXdvz4 obGPZEOgLrQZLAMUH8iv11Q lcr7Y bzJRVYZ7KhvEiVqIsQ4vlB8jl0rlwM8v mvp0KTr2YYpW VanINMp 3qKUx75U6CvrDWVN 098DHt F

d) Click on “Confirm“.

AD 4nXfbtMI9D0ssi3YaYmT3wrQf6JKSsExvGjuyvm98kPgrjAh5rRHOvZ8ymRGWkdiRHO9MJdQeTL5Qw D zFmlj9qby9VBxZY0YJ5 3vNwjlq7uDtxhXAA

Step 5: Set Up in Authentication App

a) Open your authenticator app (e.g., Google Authenticator, Authy) on your smartphone or add the extension to your browser.

b) If using “Google Authenticator Extension,” open the extension and click on “Scan QR Code” or choose to insert the “Manual Key” directly.

AD 4nXdneY hlxVTd SsvX6duVJB5KVOokmvHSliruJsQJ6r

c) Scan the QR Code displayed in your CustomGPT.ai profile.

d) Once the code is generated, you can edit a nickname to this account by clicking the “Edit” icon.

AD 4nXdOUPTUFqGGkeTSTeLtRMO9134gT9bU6iYl7bkVwDpDq8N5JjU5umVkmMOkBYjbh9yaRXrWMEPdzFryydfl6ZOT vS7mngWkO22kQrxn7mDtct5WEIFwg kDxhR9LsGOqhtNIZ0oDevhhzaOg

e) Input the 6-digit code generated by the authenticator into the “Code” section of your CustomGPT.ai profile.

AD 4nXfx YifzA7pgG5Y3TAM60aub cF2nGMz7 zVOhPt9POS0WV yM1k2eQoSvCRHQn674YXytvFgQ1xoeWWO2AWFNcsxqEpAGgLHn32tIHzkMHFP pzCOlu8s2DPx3D4YzQpooZb6hU0xcS7YwPfQsPcIwkEy

f) Click on “Confirm.”


Step 6: Save Your Recovery Codes

Store your recovery codes in a secure location (e.g., a password manager). These codes can be used to regain access to your account if your two-factor authentication device is lost.

AD 4nXfIDEfG7E7lH0Tpo0MezIIJKubOhAmxYV1eTtskbvwkNgHVXO DZqsvEBPDkFoQVpZ CVqXmebxtHcz FVHpLYXQK fDk VLUtXmqkDrO8nMIf4XeyUcuweZ9S

Securing Your Future with CustomGPT.ai

At CustomGPT.ai, we are committed to ensuring the highest standards of data security and privacy. Through stringent security measures, compliance with international regulations, and giving users control over their data, we strive to create a secure and trustworthy platform. Our robust protocols, including SOC 2 Type 2 compliance, data encryption, and Two-Factor Authentication, ensure that your information is always protected. We continuously update our security practices to stay ahead of potential threats and maintain the integrity of your data.Try our free trial today and see how CustomGPT.ai can safeguard your information while delivering exceptional performance.

Build a Custom GPT for your business, in minutes.

Deliver exceptional customer experiences and maximize employee efficiency with custom AI agents.

Trusted by thousands of organizations worldwide

Related posts

Leave a reply

Your email address will not be published. Required fields are marked *

*

3x productivity.
Cut costs in half.

Launch a custom AI agent in minutes.

Instantly access all your data.
Automate customer service.
Streamline employee training.
Accelerate research.
Gain customer insights.

Try 100% free. Cancel anytime.