Security and Privacy Principles – The Trust Center

Security & Privacy Are Our Top Priorities

Your data is fully encrypted & files never stored

Encrypted in transit and rest

SSL encryption during transit. Industry-standard 256-bit AES encryption at rest.

No data sharing

Fully-self contained bots with no data sharing between bots, even within the same account.

SOC 2

CustomGPT.ai is SOC 2 Type II compliant, ensuring our platform meets the highest security, availability, confidentiality, and privacy standards.

GDPR

We ensure transparency, control, and protection of personal data in alignment with EU regulations.

Privacy First

We never store your files, unless you choose to see them in responses. By default, your chatbot is private, which means only authorized users can query your chatbot.

Protected

Data and logs are untraceable back to an individual user.

Secure Vendors

Best practices from secure vendors like AWS and Stripe.

Frequently Asked Questions

Absolutely. CustomGPT is built on strong privacy principles, ensuring that any information uploaded to a bot remains within that bot’s environment, not shared with other bots, even those in the same account. Please visit our security principles at https://customgpt.ai/security/

It’s important to note that your data will not be incorporated into OpenAI training sets. For more details, please see their announcement and data usage policy : https://openai.com/policies/api-data-usage-policies.

Yes, the data loaded into CustomGPT via CSV file remains entirely private. Furthermore, OpenAI has clarified that it does not use data from API calls for training their models. You can read more about this at https://techcrunch.com/2023/03/01/addressing-criticism-openai-will-no-longer-use-customer-data-to-train-its-models-by-default/.

No, any data you interact with on CustomGPT is not used to enhance the learning of ChatGPT. It’s confined to your specific bot, ensuring your content remains local and private. For further information, you can review OpenAI’s data usage policies at : https://openai.com/policies/api-data-usage-policies

No, the data you share with CustomGPT remains private and is not used to teach or provide insight for others. We have stringent data handling practices in place to ensure your data’s security and confidentiality. In fact, the data from one bot within your account has no effect on other bots within even your own account. Each bot is its own data silo.

CustomGPT prioritizes data privacy. We ensure that your business data stays safe by storing it in isolated environments per bot and not using it for any other purposes, including model training. You can find more about our data privacy policies at https://customgpt.ai/security/

No, any documents you upload, including an employee handbook, will not be used by OpenAI or contribute to its model training. Your documents remain strictly within the context of your specific CustomGPT bot. 

Yes, CustomGPT operates under a DPA. As for data collection, CustomGPT collects minimal user data required for service operation and improvement, in compliance with privacy laws and regulations. Detailed information can be found in our privacy policy : https://www.iubenda.com/privacy-policy/45263214

Yes, CustomGPT is designed with a high level of security and ensures that every project is completely isolated from others. This isolation applies even to multiple projects under the same account. You can read more about our security measures at : https://customgpt.ai/security/

Yes – there is an option to immediately delete the original files after processing. This gives you added protection.

All data uploaded to a bot stays within that silo. It is not even shared with other bots in the same account. You can see our security principles here: https://customgpt.ai/security/

Also, OpenAI has now clarified that they do not use data from API calls in their training (aka: the infamous Samsung issue!). You can see:

  1. The announcement here: https://techcrunch.com/2023/03/01/addressing-criticism-openai-will-no-longer-use-customer-data-to-train-its-models-by-default/
  2. OpenAI’s data usage page: https://openai.com/policies/api-data-usage-policies

We take data protection seriously at CustomGPT. Our security measures include strong encryption, access controls, and a robust system architecture designed to prevent unauthorized access or data breaches. For an in-depth understanding of how we ensure data protection, please refer to our security principles at https://customgpt.ai/security/. We are committed to regularly updating and improving our security practices to protect your business data effectively.

No, your business data is not used to train the ChatGPT model. The information you provide when interacting with CustomGPT stays strictly within your specific bot instance and is not incorporated into any OpenAI model training. See OpenAI’s data usage policy: https://openai.com/policies/api-data-usage-policies.

CustomGPT, while built on top of the OpenAI’s ChatGPT API, operates within its private VPC instance in Amazon AWS US East. This ensures that your data and interactions are segregated and not mixed with the general ChatGPT usage or with other users. 

The infrastructure specifics, like the usage of AWS or another cloud service are laid out in our privacy policy: https://www.iubenda.com/privacy-policy/45263214

CustomGPT supports the GDPR by having policies in place that protect your privacy and data rights. CustomGPT is also SOC 2 Type 2 certified, ensuring compliance to data security and privacy measures.

CustomGPT complies with the GDPR by getting user consent for data collection, protecting user data, allowing users to access or delete their data, notifying users of data breaches, and ensuring third-party vendors also follow GDPR rules.

Customers on our Enterprise plan may complete our DPA Form to execute our Data Privacy Addendum. This agreement is only available for Enterprise customers. Non-enterprise customers are unable to enter into a DPA with CustomGPT. Additionally, CustomGPT cannot customize DPAs for individual cases.

Complete our Privacy Request Form to request to download or delete all of your data.

CustomGPT keeps your data until you decide what to do with it. You can use CustomGPT’s capabilities to delete your documents immediately after processing. If you choose to keep the documents to benefit from features like citations and links, they’ll stay with CustomGPT until you choose to remove them.

If you believe there’s a security issue or that someone might have gotten unauthorized access to data on CustomGPT, send us an email at ops@customgpt.ai. Don’t worry, we won’t share your email with others. We promise to take your concern seriously and will thoroughly investigate the matter.

Yes, CustomGPT is SOC 2 Type II compliant. See our trust center here.

Launch custom AI agents with full confidence.