Comm100's AI & Automation features use large language models to generate answers , provide suggestions or analyze data. When you use Comm100 AI Agent, AI Copilot, or AI Insights, your data security is uncompromised. This article introduces how data security is protected from the following aspects:

• Compliance of Comm100 AI products
• Data transmitted to Azure OpenAI Service when using each feature
• Data Privacy of Azure OpenAI Service 

AI Agent Features

AI Agent Answers

Comm100 AI Agent uses Azure OpenAI Service to generate a reply to the visitor’s question or to a ticket. To use the AI Agent, you need to add Knowledge Contents as the answer sources for the AI Agent. The Knowledge contents are sent to Azure OpenAI Service for embedding purposes. Comm100 does not fine-tune any GPT models in Azure OpenAI Service.

When you use AI Agent to generate an answer, the content of the ticket or chat is transmitted to the Azure OpenAI Service as a prompt. 

For a chat, the data transmitted to the Azure OpenAI Service includes:

• Text messages sent during the chat, without the sender name or timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• The Knowledge contents relevant to the visitor’s question.

The following elements in a chat are NOT transmitted:

• Images
• Attachments in any format
• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables
• System messages within the chat

For a ticket, the data transmitted to the Azure OpenAI Service for summarization includes:

• Text messages, together with the sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically. 
• System messages within the ticket.

The following elements in a ticket are NOT transmitted:

• Images
• Attachments in any format
• Ticket fields
• Contact fields

If Knowledge contents or text messages contain personal data such as the customer’s name, the data are also sent to Azure OpenAI Service.

Topic Description / Similar Questions Generation

The AI Agent can help you set up topics by generating descriptions or similar questions for the topic. When you use this feature, the topic name and existing questions are sent to Azure OpenAI Service as a prompt to generate a new description and questions.

Comm100 does not fine-tune any GPT models in Azure OpenAI Service for this feature.

AI Copilot Features

Generative Suggestions

When you use the AI Copilot to generate answer suggestions when handling chats or tickets, the following data is sent to Azure OpenAI Service as a prompt.

For a chat, the data transmitted to the Azure OpenAI Service for summarization includes:

• Text messages sent during the chat, without the sender name or timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• The Knowledge contents relevant to the visitor’s question.
• System messages within the chat.

The following elements in a chat are NOT transmitted:

• Images
• Attachments in any format
• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables

For a ticket, the data transmitted to the Azure OpenAI Service includes:

• Text messages, together with the sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically. 
• System messages within the ticket.

The following elements in a ticket are NOT transmitted:

• Images
• Attachments in any format
• Ticket fields
• Contact fields

If Knowledge contents or text messages contain personal data such as the customer’s name, the data are also sent to Azure OpenAI Service.

Email Draft Generation

When you use the AI Copilot to generate an email draft when replying to a ticket, the history text messages of the ticket is transmitted to the Azure OpenAI Service as a prompt.

The data sent to Azure OpenAI Service includes: 

• History text messages in this ticket. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically. 
• The Contents relevant to the visitor’s question.

The following elements in a ticket are NOT transmitted:

• Images
• Attachments in any format
• Ticket fields

If Knowledge contents or text messages contain personal data such as the customer’s name, the data are also sent to Azure OpenAI Service.

Smart Wrap-Up

When you use AI Copilot to suggest wrap-up fields for chats, the data transmitted to the Azure OpenAI Service for wrap-up includes:

• Text messages sent during the chat, together with sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• The wrap-up fields, description and options.
• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables
• System messages within the chat.

The following elements in a chat are NOT transmitted:

• Images
• Attachments in any format

Agent Message Enhancement

When you use the AI Copilot to enhance text messages, the selected text is transmitted to the Azure OpenAI Service as a prompt. The Azure OpenAI Service then processes the data and return with enhanced output, utilizing non-fine-tuned Azure OpenAI models.

Chat or Ticket Summarization

When you use the AI Copilot to generate a summary of a ticket or a chat, the content of the ticket or chat is transmitted to the Azure OpenAI Service as a prompt. The Azure OpenAI Service then processes the data and generates the summary, utilizing non-fine-tuned Azure OpenAI models, without employing embedding techniques.

For a chat, the data transmitted to the Azure OpenAI Service for summarization includes:

• Text messages sent during the chat, together with sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• System messages within the chat.

The following elements in a chat are NOT transmitted:

• Images
• Attachments in any format
• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables

For a ticket, the data transmitted to the Azure OpenAI Service for summarization includes:

• Text messages, together with the sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically. 
• System messages within the ticket.

The following elements in a ticket are NOT transmitted:

• Images
• Attachments in any format
• Ticket fields
• Contact fields

AI Insights Features

Sentiment Analysis

When Sentiment Analysis is enabled for Live Chat, the text messages sent in the chat are sent to Azure OpenAI Service as a prompt. The Azure OpenAI Service then processes the data and generates the sentiment, utilizing non-fine-tuned Azure OpenAI models.

For a chat, the data transmitted to the Azure OpenAI Service for sentiment analysis includes:

• Text messages sent during the chat, together with sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• System messages within the chat.

The following elements in a chat are NOT transmitted:

• Images
• Attachments in any format
• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables

Spotlights

With Spotlights enabled, the text messages sent in the chat are sent to Azure OpenAI Service as a prompt when a chat ends. The Azure OpenAI Service then processes the data and generates the spotlights for each message, utilizing non-fine-tuned Azure OpenAI models.

The data transmitted to the Azure OpenAI Service includes:

• Text messages sent during the chat, together with sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• System messages within the chat.

The following elements in a chat are NOT transmitted:

• Images
• Attachments in any format
• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables

Chat Resolution Status

With Chat Resolution Status enabled, the text messages sent in the chat are sent to Azure OpenAI Service as a prompt when a chat ends. The Azure OpenAI Service then processes the data and generates the resolution status for this chat, utilizing non-fine-tuned Azure OpenAI models.

The data transmitted to the Azure OpenAI Service includes:

• Text messages sent during the chat, together with sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• System messages within the chat.

The following elements in a chat are NOT transmitted:

• Images
• Attachments in any format
• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables

It is important to emphasize that the data transmitted to the Azure OpenAI Service adheres to strict privacy standards and is subjected to the following constraints:

• The data is not accessible to other Comm100 or Microsoft customers.
• OpenAI, Inc. does not have access to the transmitted data.
• The data is not used to improve OpenAI models.
• The data is not used to improve any Comm100 or Microsoft products or services.
• The data is not used for automatically improving Azure OpenAI models for your use in your resource.

Azure OpenAI Service Compliance

Microsoft Azure OpenAI Service is compliant with the following standards:

• CSA STAR Attestation
• ISO 27001:2013
• ISO 27017:2015
• ISO 27018:2019
• ISO 27701:2019
• ISO 9001:2015
• SOC 1, 2, 3
• HIPAA BAA
• Germany C5

How Long will Azure OpenAI Service Store the Data

To reduce the risk of harmful use of the Azure OpenAI Service, the Azure OpenAI Service includes both content filtering and abuse monitoring features. 

Azure OpenAI abuse monitoring detects and mitigates instances of recurring content and/or behaviors that suggest use of the service in a manner that may violate the code of conduct or other applicable product terms. To detect and mitigate abuse, Azure OpenAI stores all prompts and generated content securely for up to thirty (30) days. 

The data store where prompts and completions are stored is logically separated by customer resource (each request includes the resource ID of the customer’s Azure OpenAI resource). A separate data store is located in each region in which the Azure OpenAI Service is available, and a customer’s prompts and generated content are stored in the Azure region where the customer’s Azure OpenAI service resource is deployed, within the Azure OpenAI service boundary. Human reviewers assessing potential abuse can access prompts and completions data only when that data has been flagged by the abuse monitoring system. The human reviewers are authorized Microsoft employees who access the data via point wise queries using request IDs, Secure Access Workstations (SAWs), and Just-In-Time (JIT) request approval granted by team managers. For Azure OpenAI Service deployed in the European Economic Area, the authorized Microsoft employees are located in the European Economic Area.

Where is the Azure OpenAI Service Used by Comm100 Located?

The location of Azure OpenAI Service used by Comm100 varies depending on the domain of your account.

Azure OpenAI Service Data Management

The Azure OpenAI Service is fully controlled by Microsoft; Microsoft hosts the OpenAI models in Microsoft’s Azure environment and the Service does NOT interact with any services operated by OpenAI, Inc. (For example, ChatGPT, or the OpenAI API).

To learn the details about how Azure OpenAI processes and stores data, refer to Microsoft Cognitive Services OpenAI Data Privacy.