Introducing CustomGPT Security And Privacy Principles – The Comprehensive Guide

In an era where data is the new oil, the importance of data privacy and security cannot be overstated. Every day, businesses and individuals generate vast amounts of data, much of which is sensitive and confidential. This data, if not properly protected, can fall into the wrong hands, leading to devastating consequences. Therefore, it is crucial to choose platforms and services that prioritize data privacy and security.

Enter CustomGPT, the industry’s best AI chatbot platform that places a high premium on data privacy and security. At CustomGPT, we understand the value of your data and the trust you place in us to protect it. That’s why we’ve implemented stringent measures to secure your data, including SOC 2 Type 2 certification, securely storing uploaded data in AWS, and using OpenAI’s public ChatGPT instance via APIs, which promises not to use any data passed as context for training its models.

But our commitment to data privacy and security doesn’t stop there. We’ve designed our service to be fully private by default, ensuring that only approved users can access it. We also offer the option to delete files immediately after processing, providing an added layer of protection for your data.

In this comprehensive guide, we will delve deeper into the measures we take to ensure data privacy and security at CustomGPT, and answer some of the most frequently asked questions about our data handling practices. These questions have been compiled based on conversations with hundreds of our 2000+ paying business customers. 

Sam Altman – CEO, OpenAI

Our goal is to provide you with a clear understanding of how we protect your data, so you can use our service with complete peace of mind. Let’s get started.

Understanding Data Privacy and Security in CustomGPT

A. Measures Taken by CustomGPT to Ensure Data Privacy and Security

At CustomGPT, we understand the importance of data privacy and security. That’s why we’ve implemented stringent measures to protect your data. We are SOC 2 Type 2 certified, after undergoing a widely recognized technical audit that ensures we follow the best practices in information security. 

Additionally, we securely store all uploaded data in Amazon Web Services (AWS), a leading cloud service provider known for its robust security features. You can find more details about our security principles at https://customgpt.ai/security

B. Use of APIs to Call into OpenAI’s Public ChatGPT Instance

CustomGPT does not use a private instance on Azure. Instead, we make use of APIs to call into OpenAI’s ChatGPT API. This approach allows us to leverage the power of OpenAI’s advanced AI models while ensuring that your data remains secure. 

OpenAI has made a commitment not to use any data passed as context for training its models, further enhancing the privacy of your data. As of March 1st 2023, OpenAI has now clarified that they do not use data from API calls in their training (aka: the infamous Samsung issue!).

C. Protection of Data During Processing

We take great care to protect your data during processing. All files uploaded for processing in CustomGPT are immediately deleted after processing if you choose the “Delete immediately after processing” option.

Privacy-First, Delete Files Immediately After Processing

The text from the file is processed, converted into vectors and chunks and used by the chatbot, and your chatbot is fully private by default. This means that the knowledge from your data is not only secure but also inaccessible to anyone but you.

D. Restricting CustomGPT Service to Approved Users Only

By default, our service is private and can only be accessed by approved users. This means that unless you choose to make your chatbot “Public”, only users approved by you can interact with it. This feature allows you to maintain control over who can access your chatbot, further enhancing the privacy and security of your data.

Moreover, the data from your chatbot is not inter-mixed with other chatbots – even within your own account. 

For example: You could have a chatbot for your HR department and any data uploaded to that chatbot will have no bearing on the chatbot from your sales department. There is no intermingling of data – or chat behaviour – or any form of cross-chatbot training. 

Data Collection and Storage in CustomGPT

A. Overview of the Type of Data CustomGPT Collects from Site Visitors

CustomGPT is designed to collect minimal user data required for service operation and improvement. This includes the IP address and session history of site visitors. The session history is crucial for maintaining the turn-by-turn conversations with the bot. 

It’s important to note that all collected data is accessible to you via the Dashboard and API, ensuring transparency in our data collection practices.

This also means that you have full access to see what users are asking the bot and the bot’s responses (Hint: This is a goldmine of information to understand customer behavior) 

B. How CustomGPT Handles User Data

At CustomGPT, we prioritize user data privacy and security. We collect minimal user data required for service operation and improvement, such as queries asked by users and session management. This data is securely stored and is not used for any other purposes, including model training. 

IMPORTANT: So unlike ChatGPT’s public interface at chat.openai.com , there is no machine learning happening based on the user conversations. This greatly reduces the risk of data leakage. 

Furthermore, each chatbot is siloed, meaning no data is shared between bots, even within your own account. This ensures that your data remains private and inaccessible to anyone but you.

C. Security Measures Around the Data Uploaded to CustomGPT

We take data security seriously at CustomGPT. The data you upload is securely saved in AWS, a leading cloud service provider known for its robust security features. 

We also offer the option to delete your files immediately after processing for added security. This means that once your files have been processed, they are immediately removed from our system, ensuring that your original files and data do not remain on our servers any longer than necessary.

D. Upholding the Confidentiality of Proprietary Information

At CustomGPT, privacy isn’t an afterthought — it’s at the core of what we do. We’re committed to maintaining the strictest standards of confidentiality for your proprietary information. Rest assured, any data you upload to a bot remains securely within that bot’s environment, insulated from other bots — even those within the same account. Likewise, any data loaded into CustomGPT via PDF or CSV files is kept entirely private.

Our platform is underpinned by a robust operational framework, which ensures a clear segregation of roles between our development and operations teams. This helps reinforce our stringent data security measures. As a result, only a limited number of carefully vetted employees have eyes-on access to chatbot data, solely for essential tasks such as debugging, quality assurance, and system improvements.


OpenAI will not use data submitted by customers via our API to train or improve our models, unless you explicitly decide to share your data with us for this purpose

— OpenAI

https://openai.com/policies/api-data-usage-policies

Furthermore, we’re in alignment with OpenAI’s practices, which clarify that data from API calls is not used for model training. This reinforces our commitment to you: your data will not contribute to the learning of other AI models. We’re steadfast in our pledge to uphold your privacy and data security, building a platform you can trust.

CustomGPT and OpenAI: A Clear Distinction

A. Clarification on the Use of Documents Loaded into CustomGPT and Its Relation to OpenAI

CustomGPT ensures the privacy of your data, even when it’s loaded via documents or CSV files. This data remains entirely private and is not used to train the public version of ChatGPT. 

OpenAI, the organization behind ChatGPT, has clarified that it does not use data from API calls for training their models. This means that the data you load into CustomGPT stays within CustomGPT and does not contribute to the learning of OpenAI’s models.

B. Explanation of How Data Used on CustomGPT Does Not Contribute to ChatGPT’s Learning

When you interact with CustomGPT, the data you use is confined to your specific bot. This ensures that your content remains local and private. It’s important to note that this data does not end up on OpenAI servers and does not contribute to ChatGPT’s learning. 

For example: When a user asks a question in the chatbot, relevant “chunks” from your content are included in the ChatGPT API call to allow ChatGPT to respond to the question based on the context. This context is NOT used for training OpenAI’s ML models, a commitment that OpenAI has publicly made. Do note that this is unlike the public ChatGPT interface where the prompts and responses are indeed used to train the modes. 

This is a key aspect of our commitment to data privacy and security, ensuring that your data is used solely for the purpose of enhancing your chatbot experience.

C. Assurance that Confidential Data Shared with CustomGPT Will Not Be Used to Learn for Other People

At CustomGPT, we respect the confidentiality of your data. Any data you share with us remains private and is not used to teach or provide insight for others. Each bot within CustomGPT is its own data silo, meaning that the data from one bot does not affect or influence other bots, even those within the same account. This ensures that the confidential data you share with us stays confidential and is used solely for the purpose of improving your specific bot.

CustomGPT’s Commitment to Data Privacy

A. How CustomGPT Handles Data Privacy and Ensures Business Data Safety

CustomGPT is built on a foundation of strong privacy principles. We prioritize data privacy and ensure that your business data is stored in isolated environments per bot. This data is not used for any other purposes, including model training. 

As we have achieved SOC 2 Type 2 certification, we have implemented stringent measures to secure data, which ensures that we follow the best practices in information security.

B. How Client’s Documents Uploaded to CustomGPT are Handled

When you upload documents to CustomGPT, including sensitive documents like an employee handbook, they are not used by OpenAI or contribute to its model training. Your documents remain strictly within the context of your specific CustomGPT bot. 

We also offer the option to delete your files immediately after processing for added security. This ensures that your files do not remain on our servers any longer than necessary, providing an extra layer of data protection.

C. Information on Data Automatically Collected from the User

CustomGPT ensures that we handle your data in compliance with privacy laws and regulations. We collect minimal user data required for service operation and improvement. This includes the IP address and session history, which is important for maintaining the turn-by-turn conversations with the bot. All collected data is accessible to you via the Dashboard and API, ensuring transparency in our data collection practices.

Trusting CustomGPT with Your Projects

A. Assurance of Project Security and Isolation in CustomGPT

CustomGPT is designed with a high level of security and ensures that every project is completely isolated from others, even under the same account. This means that each chatbot is siloed, so no data is shared between bots, even within your own account. 

This isolation extends to our infrastructure as well. CustomGPT operates within its private VPC instance in Amazon AWS US East, ensuring that your data and interactions are segregated and not mixed with other AWS accounts.

B. Explanation of the Option to Delete Files Immediately After Processing in CustomGPT

CustomGPT offers an option to immediately delete the original files after processing, providing added protection. This means that all files uploaded for processing in CustomGPT are immediately deleted after processing if the “Delete immediately after processing” option is chosen. 

How this works: The text from the file is processed and used by the chatbot, and your chatbot is fully private by default. But the original file (e.g. a PDF documents) is deleted from the systems after processing. This ensures that your files do not remain on our servers any longer than necessary, providing an extra layer of data protection.

C. Addressing Concerns Related to Privacy Incidents with Other Companies

In the wake of privacy incidents with other companies (e.g. Samsung) , it’s natural to have concerns about data privacy. However, CustomGPT takes data protection seriously and has strong security measures in place, including encryption, access controls, and a robust system architecture. 

Regular updates and improvements are made to ensure effective data protection. Furthermore, all data uploaded to a bot stays within that silo and is not shared with other bots in the same account. OpenAI has clarified that they do not use data from API calls in their training. This means that your data remains private and secure, providing you with peace of mind.

Frequently Asked Questions

This list of questions is based on conversations with hundreds of our 2000+ paying business customers. Over the last 5 months, we have addressed these questions and implemented systems and practices to allay any concerns. 

1. What measures are taken by CustomGPT to ensure data privacy and security?

CustomGPT follows stringent measures to secure data. We have implemented SOC 2 Type 2 standard, which ensures that we follow the best practices in information security. You can find more details about our security measures on our trust center.

2. Does CustomGPT use Azure OpenAI?

No, we currently do not use Azure OpenAI instances. We make use of the OpenAI APIs (“ada” embeddings and ChatGPT chat). 

3. Can CustomGPT provide siloed and isolated Azure based instances for each customer?

Currently, we do not have plans to provide completely siloed and isolated Azure based instances for each customer. If this is something that is important to you, we recommend using Microsoft’s new system for that. 

4. How does CustomGPT protect my data during processing?

All files uploaded for processing in CustomGPT are immediately deleted after processing if the “Delete immediately after processing” option is chosen. The text from the file is processed and used by the chatbot. Your chatbot is fully private by default.

5. Is Multi-Factor Authentication (MFA) available with CustomGPT?

At present, CustomGPT does not support MFA. However, it is in our pipeline to be implemented soon.

6. Can the CustomGPT service be restricted to approved users only?

Yes, by default, our service is private, and can only be accessed by approved users unless you choose to make it “Public”.

7. Where can I find the documentation for CustomGPT API?

You can find the documentation for the API here: https://docs.customgpt.ai/. You may also find the cookbook useful: https://github.com/Poll-The-People/customgpt-cookbook .

8. Does CustomGPT have an EU-based representative for GDPR purposes?

As of now, we do not have a EU-based representative. You can review our full security principles here: https://customgpt.ai/security .

9. What kind of data does CustomGPT collect from site visitors?

We collect minimal user data required for service operation and improvement, which includes the IP address and session history. The session history is important for maintaining the turn-by-turn conversations with the bot. All collected data is accessible to you via the Dashboard and the API.

10. Can AWS from a European location be used to store the documents uploaded by clients?

We currently have no plans to use AWS from a European location to store documents uploaded by clients. 

It is also important to note that ChatGPT itself does not offer EU data residency. So even if the documents are stored locally, it would not be possible to use ChatGPT until OpenAI enables EU data residency. Please refer to the OpenAI data usage policies for the latest details on that front. 

11. What data does CustomGPT collect from users?

We collect minimal user data required for service operation and improvement, such as IP address, browser headers and queries asked by users for session management.

12. How does CustomGPT differentiate from its competitors?

We differentiate on features like hallucinations, query relevancy, citations, document processing and 100+ other features that make CustomGPT the industry’s best chatbot platform. 

13. Is the data I feed into my CustomGPT protected and inaccessible to anyone but me?

Yes, your data is fully protected. To be extra sure, when uploading, use the “Delete immediately after processing” option. This will immediately delete your files after processing. Your chatbot is fully private by default.

14. Is the service restricted to approved users only?

Yes, as long as you don’t make the chatbot “Public” and share it with others, the default behavior is “Private”.

15. Is the data shared between different bots in my account?

No, each chatbot is siloed, so no data is shared between bots, even within your own account.

16. If I want no data to be collected, what are my options?

For no data to be collected, you would need to host a similar system in-house on-premise and build all the features we have one-by-one. That would be a rather painful option (in my opinion!) 

17. What are the security measures around the data I upload to CustomGPT?

The data you upload is securely saved in AWS. We also offer the option to delete your files immediately after processing for added security.

18. Does CustomGPT committed to the confidentiality of my proprietary information?

Absolutely. CustomGPT is built on strong privacy principles, ensuring that any information uploaded to a bot remains within that bot’s environment, not shared with other bots, even those in the same account.

19. Is data loaded via PDF or CSV completely private, and will it not be used to train the public version of ChatGPT?

Yes, the data loaded into CustomGPT via a PDF or CSV file remains entirely private. Furthermore, OpenAI has clarified that it does not use data from API calls for training their models.

20. Can I disable Citations if needed? 

Yes. Citations show you the source from which ChatGPT created the response. When the user clicks on the citation, the source is available. However, you have the option of disabling the citations so that the sources are not shown. 

21. Does data used on CustomGPT end up on OpenAI servers and contribute to ChatGPT’s learning?

No, any data you interact with on CustomGPT is not used to enhance the learning of ChatGPT. It’s confined to your specific bot, ensuring your content remains local and private. 

Do note though: OpenAI does keep the call data for 30 days for legal and quality purposes. Please refer to their data usage policies for exact policies related to that. 

22. Will the confidential data I share with CustomGPT be used to learn for other people?

No, the data you share with CustomGPT remains private and is not used to teach or provide insight for others. Each bot is its own data silo.

23. How does CustomGPT handle data privacy? Is our business data safe?

CustomGPT prioritizes data privacy. Your business data is stored in isolated environments per bot and not used for any other purposes, including model training.

24. Will the client’s employee handbook that I upload to CustomGPT be used by OpenAI?

No, any documents you upload, including an employee handbook, will not be used by OpenAI or contribute to its model training. Your documents remain strictly within the context of your specific CustomGPT bot.

25. Can I trust CustomGPT to keep my projects secure and isolated from other projects?

Yes, CustomGPT is designed with a high level of security and ensures that every project is completely isolated from others, even under the same account.

26. Can I delete the files immediately after processing?

Yes – there is an option to immediately delete the original files after processing, providing added protection.

27. I’ve heard of this privacy incident with Samsung. Do I need to be worried?

All data uploaded to a bot stays within that silo and is not shared with other bots in the same account. OpenAI has clarified that they do not use data from API calls in their training.

28. How can we be assured our business data will be protected and there are no data breaches?

CustomGPT takes data protection seriously and has strong security measures in place, including encryption, access controls, and a robust system architecture. Regular updates and improvements are made to ensure effective data protection.

29. Is our business data used to train the ChatGPT model?

No, your business data is not used to train the ChatGPT model. The information you provide when interacting with CustomGPT stays strictly within your specific bot instance and is not incorporated into any OpenAI model training. We use the ChatGPT API that does not incorporate prompt/response data in training ML models. 

30. Are you using the general ChatGPT? Or private instances on Azure?

CustomGPT operates within its private VPC instance in Amazon AWS US East, ensuring that your data and interactions are segregated. 

Still have questions? Drop us a note and we will be happy to help!

Build a Custom GPT for your business, in minutes.

Deliver exceptional customer experiences and maximize employee efficiency with custom AI agents.

Trusted by thousands of organizations worldwide

Related posts

Leave a reply

Your email address will not be published. Required fields are marked *

*

3x productivity.
Cut costs in half.

Launch a custom AI agent in minutes.

Instantly access all your data.
Automate customer service.
Streamline employee training.
Accelerate research.
Gain customer insights.

Try 100% free. Cancel anytime.