Privacy Statement

Last updated September 2023

Private AI’s raison d’être is to render personal data safe when put to use for the many beneficial purposes it can serve. While our products are built to protect your customers’ data, this Privacy Statement is for you, our customer. This Privacy Statement explains to you how Private AI collects, uses, stores, and discloses your personal data. It is our commitment to live up to our name by not only respecting your privacy, but by acknowledging the fact that you have the right to remain in control of your data which you permit us to process in particular ways. Hence, you have a right to full transparency and to hold us accountable to what we say we will do with your data.

Depending on which of our products you use, different sections of our Privacy Statement will be of relevance to you. As concerns our Redact and PrivateGPT Headless product suites, which are deployed on your premises, Private AI has no access whatsoever to your data. We explain this in detail under Redact and PrivateGPT Headless. Our web demo and the PrivateGPT Chatbot solutions rely on data retained for a few seconds for the purpose of processing in the Microsoft Azure infrastructure. Find details under PrivateGPT Chatbot and Web Demo.   

Accountability

At Private AI, our CEO is the designated Privacy Officer and as such responsible for protecting your personal data. 

Private AI’s Data Privacy Designate

Email

info@private-ai.com

Mailing Address

428-192 Spadina Ave., Toronto, ON M5T 2C2

Webform

https://www.private-ai.com/contact-us/

What is Personal Data?

Different privacy laws and regulations define personal data differently. At Private AI we hold ourselves to the highest standard and protect any data that is considered personal under any privacy law applicable to us. 

Hence, we understand the term very broadly when we define it as information that relates to an individual and that can be used, directly or indirectly, to identify that individual. 

How do we Collect your Personal Data?

We collect your personal data directly from you, with the exception of your journey and activity on our website, as described in more detail below. This information is collected from you automatically, but only if you provide your consent upon visiting our website. 

Personal Data of Children

This website and our products and services are not directed, marketed, or meant to be used by persons under the age of eighteen (18). If you think your child might have created an account with us without your consent, you may request the deletion of the account and the data that we have about your child by writing to us at info@private-ai.com.

What Personal Data do we Collect and for What Purpose?

Personal Data we Collect

Purpose

Family and given name

  • – Create and maintain your account

Billing information

  • – Process a purchase

E-mail address

  • – Create, validate, and maintain your account
  • – Send notifications and confirmations
  • – Send subscribed marketing materials
  • – Send electronic receipts/invoices
  • – Communicate with you
  • – If submitted through a form on our website, trace your journey through the website from that form

Last four digits of your credit card

  • – Fraud detection
  • – Address payment processing issues with our payment processing service provider

Technical

  • – IP address
  • – Device ID
  • – Operating system
  • – Type of browser
  • – Browsing behaviour
  • – Other device specifications such as memory availability
  • – Information about how you interact with our Website, viewed pages, access dates and times, IP address, and the internet browser you use

 

  • – Collect information about the devices that visit our website  and the registered accounts to which it is linked
  • – Improve our website by creating more relevant content and make it more intuitive
  • – Improve our products and services upon analyzing what content receives the most attention 

Marketing consents and preferences

  • – Meet our legal obligations
  • – Send marketing and promotional materials that you have agreed to or requested to receive

With Whom and for what Purpose do we Share Your Personal Data?

Category of Third Party 

Data we Disclose

Purpose

Planning and documentation platforms

Company and customer names

  • – Allows our team to organize, discuss and complete shared work

Cloud service providers

Company and customer names, as well as email addresses

  • – Host our customer portal
  • – Customer names are required to organize, categorize and serve our customers with their own data
  • – Cloud-hosted API key management system references company names

API metering tool

Customer profile incl. company name and email address; detected entities upon explicit opt-in

  • – Allows us to meter the API usage of our customer, which we use to determine pricing

Payment platform

Last four digits of your credit card

  • – Fraud detection
  • – Address payment processing issues with our payment processing service provider
  • – Enable automatic payments

Software development tool

Company names 

  • – We have company names in the codebase to document certain functionality that is specifically implemented for them

Website analytics and lead identification

  • – IP address
  • – Device ID
  • – Operating system
  • – Type of browser
  • – Browsing behaviour
  • – Other device specifications such as memory availability
  • – Company name
  • – Comprehensive company profile
  • – Information about how you interact with our Website, viewed pages, access dates and times, IP address and the internet browser you use 
  • – Collect statistical information on the number of product downloads via the container registry we use as well as our customer portal
  • – Collect information about the devices that have downloaded our licensed software and the registered accounts to which it is linked
  • – Identify the company of our website visitors
  • – Improve our website and services

Software providing online surveys and marketing services ?

Marketing consents and preferences

  • – Meet our legal obligations
  • – Send marketing and promotional materials that you have agreed or requested to receive

Redact and PrivateGPT Headless

Our Redact and PrivateGPT Headless solutions are deployed on-prem, meaning that Private AI does not store or have access to the data our customers sent to the tool at any time. In fact, the container by means of which we deploy our solutions is stateless; it has no components that store data. When you send a request, the data gets processed and sent back to you right away. For purposes of processing, the data lives in memory for a few seconds and is then removed right away. 

PrivateGPT Chatbot and Web Demo

When using our PrivateGPT Chatbot solution or our web demo, your prompt will be sent for processing to the Microsoft Azure environment. Similar to the Redact and PrivateGPT Headless solutions, the data contained in the prompt lives in memory in the Azure infrastructure for a few seconds and gets purged immediately after the compute is completed and the data is sent back to the customer. 

The only data we retain are analytical data: usage metrics, entity types found in the prompts, and the categories of data we find the PII in. We have opted out of allowing Microsoft Azure to share this data with OpenAI. Microsoft Azure is furthemore prohibited from using and sharing with OpenAI model derivative output. This means that neither Microsoft nor OpenAI are  able to use model enhancements that were made as a result of fine tuning. 

The location of the Microsoft Azure data server on which you data is processed for a few seconds is in North Carolina by default. If you have a concern about this location, you can request for your data to be processed on an alternative server in a different region. As long as there is an Azure server instance in your preferred region, we can accommodate your request. 

Private AI has taken all reasonable measures to protect against any access to the data at that moment of processing by using the Azure framework, including ID access management, permission policies based on least privileged access, 2-factor authentication, and access logging and monitoring. All of our processes are thus SOC2 compliant (certification coming soon!).

Subservice Providers

Some of the third-party service providers listed here may be located outside of the Province of Québec and Canada, including the United States, Germany or elsewhere in the European Union. As a result, your personal data may be accessible to law enforcement, courts, and regulatory authorities in accordance with the laws of these jurisdictions.

Even if our third-party service providers are not themselves located outside of Québec and Canada, they may have sub-service providers to whom they disclose your personal data in the course of the services they provide to us, which may in turn be located elsewhere. 

We as the controller of your personal data require our third-party service providers to disclose to us whether they subcontract their services and to give us the opportunity to object. We are therefore in the position to, and we in fact do, carefully assess the subcontractors of our service providers, particularly with regard to their location and the privacy laws in place there. 

Our third-party service providers are furthermore obligated to include in the contract with their subcontractor obligations under the GDPR and other privacy laws that protect your data, while they remain fully liable to us for the performance of their subcontractors. 

How do we Share your Personal Data?

Before we share your personal data with any third-party service provider, and annually thereafter, we perform our due diligence on them to ensure that your data is safe. We take the following steps, where applicable and feasible:

  • – Verifying the service provider is aware of the key requirements of data protection;
  • – Researching whether high-profile data breaches recently occurred;
  • – Checking whether the service provider is currently or has been under investigation for any breaches of data protection law;
  • – Identifying other clients;
  • – Clarifying whether the processor is accredited under ISO 27001, CBEST, PCI DSS, or any comparable regime for information security;
  • – Reviewing the service provider’s policy framework for security and data protection;
  • – Identifying the place of establishment;
  • – Carrying out site visits and inspections;
  • – Carrying out audits; and
  • – Understanding the supply chain and subcontracting

We may be obliged to share your personal data with a court of law or other person(s) or entity / entities with jurisdiction to compel production of such information. We will not share your personal data with such authorities unless we are required by law to do so.

Where do we Store Your Personal Data?

We store personal data that we collect from you or about you on Google and Amazon Web Services Cloud Platform servers in the US. (Please see also the ‘PrivateGPT Chatbot and Web Demo’ section above for the location of the data contained in your prompt when you use these services.)

As noted, your personal data may be transferred to third parties outside of Canada to facilitate or provide certain services on our behalf. These (sub)service providers have access to your personal data only to perform the tasks we have instructed them to complete and are contractually bound not to disclose or use it for any other purpose.

Where personal data are transferred to and stored in a country not determined by the European Commission as providing adequate levels of protection for personal data, we take steps to provide appropriate safeguards to protect your personal data, including entering into standard contractual clauses approved by the European Commission, obliging recipients to protect your personal data as permitted under Article 46(2)(c) of the GDPR.

In the absence of an adequacy decision by the European Commission or of appropriate safeguards as referenced above, we will only transfer personal data to a location outside the EEA where one of the following applies (as permitted under Article 49 of the GDPR):

  • – the transfer is necessary for the performance of our contractual engagement with you;
  • – the transfer is necessary for the establishment, exercise or defense of legal claims; or
  • – you have provided explicit consent to the transfer.

Your Legal Rights to Your Personal Data

Right

Description

Right to know

You have the right to request the categories and specific pieces of personal data we collect including:

  • – Categories of personal data collected;
  • – Categories of sources from which personal data is collected;
  • – Business or commercial purposes for collecting your personal data;
  • – Categories or names of third parties with whom we share personal data; and
  • – Specific pieces of personal data we have collected about you.

Right to request access to your personal data

You have a right to request a copy of the personal data that we hold about you. To do so, please contact us at info@private-ai.com.

Right to request the erasure of your personal data

You have the right to request that we delete or remove personal data where there is no good reason for us continuing to process it.

Erasure requests are subject to certain limitations, for example, we may retain personal data as permitted by law.

Right to request we transfer your personal data to you

Subject to certain limitations, you have the right to request that the personal data we hold about you is transferred to you or to a third party. We will provide you, or the third party you have chosen, your personal data in a machine-readable format.

Right to request correction of your personal data

You have the right to request that we correct the personal data we hold about you, although we may need to verify the accuracy of the new information you provide us. We may refuse to comply with a request for rectification if the request is manifestly unfounded, excessive or repetitive in nature.

Right to request restrictions on the processing of your personal data

You have the right to request that we suspend the processing of your personal data in the following scenarios:

  • – If you contest the accuracy of the personal data we hold about you and we are verifying the accuracy of that information;
  • – Where it has been determined that the processing of your personal data is unlawful but you do not want us to erase it;
  • – Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
  • – For other legal purposes.

We may refuse to comply with a request for restriction if the request is manifestly unfounded, excessive, or repetitive in nature.

Right to object to the processing of your personal data

In some circumstances, as an EU citizen, you have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party). We will tell you when we rely on legitimate interest as the basis for the processing of your personal data. We will inform you when we rely on a legitimate interest for the processing of your personal data. If you wish to object to the processing on this basis, you must provide specific reasons for why you object to the processing of your personal data.

EU citizens have an absolute right to object to the processing of personal data for direct marketing purposes if we rely on legitimate interest for that. However, we will usually rely on consent to use your data for direct marketing purposes, and we will tell you otherwise if that is the case.

Right to withdraw consent

You have the right to withdraw your consent at any time.

The withdrawal of consent will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent

Right to non-discrimination

Exercising your right to privacy does not result in different treatment by us or different quantities or qualities of product or service that we offer. Where we request your personal data in exchange for a valuable product or service, we will let you know at the time of the exchange.

Cookies and Similar Technologies

A cookie is a small text file which our website may place on your computer as a tool to remember your preferences and display more relevant information next time you visit. You may refuse to use cookies by selecting appropriate settings on your browser, however, please note that if you disable cookies, you may not be able to use the full functions of our service.

In addition, our website uses Google analytics services to help us understand non-personal facts and figures about users of the website such as:

  • – Website traffic;
  • – Number of visitors;
  • – Location of visitors;
  • – Information about the browser version and device type;
  • – Referral sources to the website;
  • – Demographics of visitors; and
  • – Website usage.

Personal Data Retention

We will generally retain your personal data for as long as is necessary to meet our contractual obligations to you, to satisfy the purposes stated above, or as otherwise required by law.

When determining the relevant retention period, we consider:

  • – Our contractual obligations and rights in relation to the information involved;
  • – Legal obligation(s) under applicable law to retain data for a certain period of time;
  • – Statute of limitations under applicable law(s);
  • – Guidelines issued by relevant data protection authorities; and
  • – Other legal purposes.

In addition to the above, your personal data may be anonymized and used in aggregate. Once it is determined that your personal data is no longer necessary to achieve the purposes we collected it for, we will securely erase your personal data.

You may also request the deletion of your profile by sending an e-mail to info@private-ai.com. It may take up to twenty (20) business days to respond to your request.

Protection of Your Personal Data

We take appropriate technical, physical, and organizational security measures to protect personal data in our custody and control against unauthorized access, use, modification and disclosure, and accidental loss, destruction, and damage.

We are currently in the process of obtaining a SOC2 Type II Audit Report which we will provide upon request, and which will detail our security measures and their effectiveness from an independent party’s perspective. Stay tuned!

As mentioned above, the third-party vendors with whom we engage for specific tasks are required to have certain safeguards in place that comply with industry standards.

That having been said, we cannot guarantee the security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. Any transmission of information from you to Private AI is at your own risk. Where you have chosen a password that allows you to access our Website you are responsible for keeping this password confidential.

Updates To This Privacy Statement

This Privacy Statement and other service specific policies may change from time to time, in accordance with applicable laws. We will notify you of these changes by posting the updated Statement on our website. We may also notify you by sending you an e-mail or by any other reasonable means such as a pop-up notice, if available.

We encourage you to review our Privacy Statement periodically.

How to Report a Privacy Concern 

We are committed to maintaining high standards for privacy. We want to hear from you about any concerns you may have with our privacy practices. If you wish to raise a concern or compliment us on our privacy practices, you can contact us at info@private-ai.com.

If we are not able to address your privacy concerns to your satisfaction, you may contact the Office of the Privacy Commissioner of Canada

Office of the Privacy Commissioner of Canada
30, Victoria Street
Gatineau, Quebec
K1A 1H3

Toll-free: 1-800-282-1376
Phone: (819) 994-5444
TTY: (819) 994-6591

Download the Free Report

Request an API Key

Fill out the form below and we’ll send you a free API key for 500 calls (approx. 50k words). No commitment, no credit card required!

Language Packs

Expand the categories below to see which languages are included within each language pack.
Note: English capabilities are automatically included within the Enterprise pricing tier. 

French
Spanish
Portuguese

Arabic
Hebrew
Persian (Farsi)
Swahili

French
German
Italian
Portuguese
Russian
Spanish
Ukrainian
Belarusian
Bulgarian
Catalan
Croatian
Czech
Danish
Dutch
Estonian
Finnish
Greek
Hungarian
Icelandic
Latvian
Lithuanian
Luxembourgish
Polish
Romanian
Slovak
Slovenian
Swedish
Turkish

Hindi
Korean
Tagalog
Bengali
Burmese
Indonesian
Khmer
Japanese
Malay
Moldovan
Norwegian (Bokmål)
Punjabi
Tamil
Thai
Vietnamese
Mandarin (simplified)

Arabic
Belarusian
Bengali
Bulgarian
Burmese
Catalan
Croatian
Czech
Danish
Dutch
Estonian
Finnish
French
German
Greek
Hebrew
Hindi
Hungarian
Icelandic
Indonesian
Italian
Japanese
Khmer
Korean
Latvian
Lithuanian
Luxembourgish
Malay
Mandarin (simplified)
Moldovan
Norwegian (Bokmål)
Persian (Farsi)
Polish
Portuguese
Punjabi
Romanian
Russian
Slovak
Slovenian
Spanish
Swahili
Swedish
Tagalog
Tamil
Thai
Turkish
Ukrainian
Vietnamese

Rappel

Testé sur un ensemble de données composé de données conversationnelles désordonnées contenant des informations de santé sensibles. Téléchargez notre livre blanc pour plus de détails, ainsi que nos performances en termes d’exactitude et de score F1, ou contactez-nous pour obtenir une copie du code d’évaluation.

99.5%+ Accuracy

Number quoted is the number of PII words missed as a fraction of total number of words. Computed on a 268 thousand word internal test dataset, comprising data from over 50 different sources, including web scrapes, emails and ASR transcripts.

Please contact us for a copy of the code used to compute these metrics, try it yourself here, or download our whitepaper.