Addressing GPT and Data Privacy Concerns
Scope of GDPR with GPT: GDPR primarily governs GPT when personal data is processed.
Our use cases
1. AI-based Email Extraction: limited to extracting information from emails and signatures.
2. Email Enhancement: generalized email drafting for candidates, doesn't involve personal data. Hence, GDPR concerns are minimal here.
Data Safeguards
Private GPT Instance: We utilize a private GPT instance via Microsoft Azure. This ensures:
- Your data is not available to other customers or OpenAI and are not used to improve OpenAI models or Azure OpenAI models - please see MS dedicated webpage.
- Data storage exclusively within our Azure environment - the Azure OpenAI Service is fully controlled by Microsoft; Microsoft hosts the OpenAI models in Microsoft’s Azure environment and the Service does NOT interact with any services operated by OpenAI (e.g. ChatGPT, or the OpenAI API).
A distinct advantage over US services that might use OpenAI indirectly, as we can opt out from storing prompts and completions, ensuring enhanced data privacy.
Signature Data Trimming
We actively remove personal data from email signatures. While not foolproof, it's rare for personal data to be present in the main email content.
Future Considerations
We're exploring the deployment of a self-hosted model (like LLama 2) in a cloud. This guarantees that only we can access and manipulate user-generated prompts and parsed emails, further enhancing data privacy.