AI Service: Security, Compliance & Data Protection

Our goal is to deliver powerful AI without compromising the trust that makes enterprise service management possible. Legal, HR, Security, and IT teams can be confident: our AI respects boundaries—technical, legal, and ethical.

No Generative Training on Customer Data: We use multiple trusted pre-trained models (like GPT-4, Gemini, AWS models or Llama) but we never train those models on your information. If someone types a phone number or sensitive info into a ticket, it is never used to "teach" the model.
Isolated, Encrypted Storage: All data within our system—including responses—is stored in isolated databases with ciphered storage, meaning it's never public, shareable, or accessible to third parties.
Training of customer-specific models: Some non-generative AI capabilities need customer specific data. In those cases (like for classifier models or regression models) when we do train models on customer data, we do it on a per customer basis, only with the data of that customer, and serving that customer only. For example, we train an escalation suggestions model that considers configured SLAs and historical resolution times for different types of tickets.

Frequently Asked Questions

Yes, InvGate adheres to relevant data privacy laws and regulations, including GDPR, in alignment with industry best practices. Our AI services operate on Azure, Google Cloud, and AWS infrastructure, all of which are certified for handling data under GDPR and similar frameworks. For detailed information on our data privacy compliance and AI-powered features, please refer to the following documents:

AI Service - Security and Data Protection

Frequently Asked Questions

Can you confirm adherence to relevant data privacy laws and regulations (e.g., GDPR, EU AI Act)?

What data security measures have you implemented to protect sensitive information?

Who owns the AI algorithm and model used in the tool?

Can you provide documentation verifying the intellectual property rights of the AI algorithm and model?

Are there any third-party components (e.g., libraries, frameworks) used in the AI solution?

Can you provide details on the licensing terms of these third-party components and confirm compliance?

What is the training methodology used for the large language models (LLMs)?

What bias mitigation strategies have been implemented during the training process?

How do you manage model drift effectively?

What types of training data are used (e.g., text, images, numerical data)?

What are the sources of the training data (e.g., internal datasets, publicly available data, third-party sources)?

Is my dat data used to train the AI models?

What kind of data protection measures are in place (e.g. standard encryption at rest and in transit, enhanced encryption protocols, robust data isolation between tenants ...)?

What policies do you have in place for monitoring and complying with AI-related regulations?

Can you provide documentation on how these policies are implemented and maintained?

Can you provide all relevant documentation, including compliance certificates, intellectual property rights, and licensing agreements?

How do you ensure transparency in the AI development process, including data handling practices and model training methodologies?

What cybersecurity measures have you implemented to protect AI systems and data?

How do you address ethical considerations, including bias mitigation and fairness in AI models?

What additional information would you like to provide that is relevant to our AI service?