Data security is a top priority for CustomGPT.ai. This blog outlines the importance of protecting user data, the measures we take to ensure its security, and how users can further safeguard their information.
The Importance of Data Security and Measures
Data security is essential for safeguarding sensitive information from unauthorized access, which could lead to breaches and misuse. Here’s why robust security measures are critical for CustomGPT.ai users:
- Protection from Unauthorized Access: Prevents unauthorized parties from accessing sensitive data.
- Maintaining Confidentiality: Ensures that only authorized personnel can access critical information.
- Preventing Data Leakage: No user data is used for model training, and each chatbot operates in a siloed environment.
- Building Trust: Strong security measures reinforce user trust by demonstrating that their data is managed securely and privately.
What measures does CustomGPT.ai take to ensure data security?
CustomGPT.ai employs several stringent measures to protect user data:
- SOC 2 Type 2 Compliance: We are thrilled to announce that CustomGPT.ai has achieved SOC 2 Type 2 compliance. This certification is a testament to our commitment to upholding the highest standards of data security, particularly benefiting customers in regulated industries.
- Secure Data Storage: Utilizes Amazon Web Services (AWS) for secure cloud storage with robust security features.
- Data Isolation: Each chatbot is completely isolated, ensuring user data does not mix with others’.
- Encryption and Access Controls: Implements strong security protocols to protect data from unauthorized access.
- Regular Updates and Improvements: Continuously enhances security measures to address evolving threats.
- Immediate Data Deletion Option: Offers users the option to delete their data immediately after processing.
Compliance with Regulations
CustomGPT.ai adheres to international data protection laws, including GDPR and SOC 2 standards. We integrate stringent security measures and privacy protocols to ensure compliance and protect user data.
How does CustomGPT.ai comply with GDPR?
CustomGPT.ai ensures GDPR compliance through several key strategies:
- User Consent for Data Collection: Consent is obtained transparently at the onset of user interaction, with clear communication about the type of data collected and its use.
- Protecting User Data: Implements robust security measures to protect data from unauthorized access and leaks, adhering to data minimization principles.
- Data Anonymization and Encryption: All data, whether in transit or at rest, is fully encrypted.
- Minimal Data Collection: Only essential data necessary for service operations is collected.
- In-Built Anonymization: Sensitive data such as Personally Identifiable Information (PII) is anonymized during processing.
- Rights to Access and Deletion: Users can easily access their data and request its deletion, underscoring the platform’s commitment to data ownership and privacy.
- Data Breach Notifications: Quick detection systems for data breaches are in place, with mechanisms to notify users and guide them on securing their data, alongside mandatory reporting to authorities.
- Third-Party Sharing: CustomGPT.ai is dedicated to maintaining the highest standards of data security and privacy. We do not share any user data, including anonymized data, with third parties.
- Interactive Engagement with GDPR: Users are encouraged to manage their privacy settings actively, including viewing and deleting their data as they see fit.
What is SOC 2 Compliance and how does CustomGPT.ai meet its requirements?
SOC 2 is an auditing standard developed by the AICPA that focuses on five trust principles: security, availability, processing integrity, confidentiality, and privacy. CustomGPT.ai meets these requirements through:
- SOC 2 Type 2 Compliance: CustomGPT.ai has achieved SOC 2 Type 2 compliance, ensuring continuous protection and security of customer data.
- Security Measures: Employs comprehensive security programs and uses tools like Sprinto for continuous control monitoring.
- Independent Audit: Security practices and compliance are rigorously audited by an independent third party.
New Features Enhancing Security and Usability: Single Sign-On (SSO) Authentication
SSO is a user authentication process that allows access to multiple applications with a single set of login credentials. This feature enhances security and simplifies the login process. CustomGPT.ai provides SSO for:
- Organizations and Teams: Available on Enterprise plans, enabling secure login using popular Identity Providers (IdPs).
- Chatbot Users: Coming soon for specific user groups like internal teams and students.
What are the advantages of using SSO?
Here are some of the benefits of using SSO:
- Enhanced Security: Minimizes the number of passwords users need to manage.
- Streamlined Access: Provides a smoother and faster sign-in process.
- Centralized Management: Easier management of user access and credentials, particularly for large organizations.
How can users set up SSO?
Here’s how to set up a Single Sign-On (SSO) for your domain with CustomGPT.ai through various identity providers.
Step 1: Sign In
Sign in to CustomGPT.ai
Step 2: Access Your Profile
Click on your user icon located at the top right corner of the dashboard, and then select My Profile from the dropdown menu.
Step 3: Navigate to Single Sign On
Locate and click the Single Sign On (SSO) tab available in the top menu bar of your profile.
Step 4: Add your domain
a) Under the “Add Your Domain” section, enter the domain for which you wish to activate SSO.
b) Follow the provided instructions to update your DNS records via your DNS provider’s website.
Domain verification status will update automatically to “Verified” once the DNS settings have propagated, which typically takes between 15 to 20 minutes. However, it may take up to 72 hours in extreme cases.
If status doesn’t change to “verified” after 72 hours, please contact our support.
Step 5: Set up your Identity Provider
Follow the guide to make necessary configurations on your Identity Provider’s website. Set up your Identity Provider by following the relevant guide:
During setup, you will need to provide your ACS URL and Entity ID, which are accessible on the page.
Step 6: Set up SAML Integration
Complete the SAML integration by providing details from your Identity Provider which can be:
a) Imported via URL
b) Imported via XML
c) Entered manually
Step 7: Configure Advanced Settings
Once your domain is verified and SAML is configured, you can access the “Advanced Settings” to customize your SSO setup:
a) Email Authentication Options:
Capture company emails – Choose how we should authorize company emails. Available options are:
- Allow login only using SSO – your team members will be able to login only via SSO route
- Allow login via SSO and email/password keypair – your team members will be able to login both via SSO and via traditional email & password route
b) User Role Configuration:
Choose a role for new members based on the Roles set up in your Team Settings page.
c) SCIM Integration:
Enable SCIM integration. Once enabled, SCIM will automatically synchronize with your Identity Provider. Available options are:
- SCIM integration disabled.
- SCIM integration enabled: User data in CustomGPT.ai will automatically update when changes are made in your Identity Provider and create/update/delete settings should be configured on your Identity Provider.
d) Email Deletion Handling:
- Projects will be Deleted with the user
- Projects will be transferred to your account – this action can impact your storage credits
Security Protocols and Responses
CustomGPT.ai has robust processes in place to detect and respond to data breaches. Strict access controls limit data access to authorized personnel only, and all operations are private by default, safeguarding user data. Strong security measures are employed to prevent breaches, and users can report suspicions of security issues via email to ops@customgpt.ai. Any reported breaches are thoroughly investigated to understand their scope and impact.
To further enhance security, CustomGPT.ai implements Two-Factor Authentication (2FA). This crucial security measure adds an extra layer of protection to online accounts by requiring not only a password and username but also something that only the user has, such as a physical token.
What are the benefits of Two-Factor Authentication (2FA)?
Here are some of the benefits of 2FA:
- Enhanced Security: By requiring an additional layer of verification, 2FA significantly reduces the risk of unauthorized access.
- Data Privacy: Ensures that even if a password is compromised, the account remains secure.
- Protection Against Phishing: Adds a barrier against phishing attacks, as the attacker would need the second factor to gain access.
How to enable 2FA
Here’s how to enable 2FA:
Step 1: Sign in
a) Sign in to CustomGPT.ai
Step 2: Access My Profile
a) Click on “My Profile“.
Step 3: Access Security
a) Click on “Security“.
Step 4: Enable Two Factor Authentication (2FA)
a) Locate the Two Factor Authentication section.
b) Click on “Enable“.
c) Input your Password.
d) Click on “Confirm“.
Step 5: Set Up in Authentication App
a) Open your authenticator app (e.g., Google Authenticator, Authy) on your smartphone or add the extension to your browser.
b) If using “Google Authenticator Extension,” open the extension and click on “Scan QR Code” or choose to insert the “Manual Key” directly.
c) Scan the QR Code displayed in your CustomGPT.ai profile.
d) Once the code is generated, you can edit a nickname to this account by clicking the “Edit” icon.
e) Input the 6-digit code generated by the authenticator into the “Code” section of your CustomGPT.ai profile.
f) Click on “Confirm.”
Step 6: Save Your Recovery Codes
Store your recovery codes in a secure location (e.g., a password manager). These codes can be used to regain access to your account if your two-factor authentication device is lost.
Securing Your Future with CustomGPT.ai
At CustomGPT.ai, we are committed to ensuring the highest standards of data security and privacy. Through stringent security measures, compliance with international regulations, and giving users control over their data, we strive to create a secure and trustworthy platform. Our robust protocols, including SOC 2 Type 2 compliance, data encryption, and Two-Factor Authentication, ensure that your information is always protected. We continuously update our security practices to stay ahead of potential threats and maintain the integrity of your data.Try our free trial today and see how CustomGPT.ai can safeguard your information while delivering exceptional performance.