Comm100's generative AI features uses large language models to generate answers or suggestion. When you use Comm100 Chatbot or Agent Assist to generate answers or suggestions, your data security is uncompromised. This article introduces how data security is protected from the following aspects:

• Compliance of Comm100 generative AI features
• Data transmitted to Azure OpenAI Service when using each feature
• Data Privacy of Azure OpenAI Service 

Chatbot Generative Answers

If you enable Generative Answer feature for a chatbot, the chatbot will use Azure OpenAI Service to generate a reply to the visitor’s question or to a ticket. To use the Generative Answers feature, you need to add Contents as the answer sources for the Chatbot. The Contents are sent to Azure OpenAI Service for embedding purposes. Comm100 does not fine-tune any GPT models in Azure OpenAI Service.

When you use Chatbot to generate an answer, the content of the ticket or chat is transmitted to the Azure OpenAI Service as a prompt. 

For a chat, the data transmitted to the Azure OpenAI Service for summarization includes:

• Text messages sent during the chat, without the sender name or timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• The Contents relevant to the visitor’s question.

The following elements in a chat are not transmitted:

• Images
• Attachments in any format
• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables
• System messages within the chat

For a ticket, the data transmitted to the Azure OpenAI Service for summarization includes:

• Text messages, together with the sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically. 
• System messages within the ticket.

The following elements in a ticket are NOT transmitted:

• Images
• Attachments in any format
• Ticket fields
• Contact fields

If Contents or text messages contain personal data such as the customer’s name, the data are also sent to Azure OpenAI Service.

Chatbot Generate Similar Questions for Intents

For Custom Answers, the Chatbot can help you set up intents by generating similar questions for the intent. When you use this feature, the existing questions for the intent are sent to Azure OpenAI Service as a prompt to generate new questions.

Comm100 does not fine-tune any GPT models in Azure OpenAI Service for this feature.

Chatbot Auto Translation

When Auto Translation is enabled for a chatbot, the text messages in the chat or ticket are sent to Azure OpenAI Service as a prompt. The Azure OpenAI Service then processes the data and generates the translation, utilizing non-fine-tuned Azure OpenAI models.

For a chat, the data transmitted to the Azure OpenAI Service includes:

• Text messages sent during the chat, together with the sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• System messages within the chat.

The following elements in a chat are not transmitted:

• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables
• Images
• Attachments in any form

For a ticket, the data sent to Azure OpenAI Service includes:

• Text history messages in this ticket. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• The Contents relevant to the visitor’s question.

The following elements in a ticket are not transmitted:

• Images
• Attachments in any format
• Ticket fields

If Contents or text messages contain personal data such as the customer’s name, the data are also sent to Azure OpenAI Service.

Chatbot Sentiment Analysis

When Sentiment Analysis is enabled for a Chatbot, the text messages sent in the chat are sent to Azure OpenAI Service as a prompt. The Azure OpenAI Service then processes the data and generates the sentiment, utilizing non-fine-tuned Azure OpenAI models. 

For a chat, the data transmitted to the Azure OpenAI Service for sentiment analysis includes:

• Text messages sent during the chat, together with sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• System messages within the chat.

The following elements in a chat are not transmitted:

• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables
• Images
• Attachments in any form

Agent Assist Email Writer

When you use Agent Assist to generate an email draft when replying to a ticket, the history text messages of the ticket is transmitted to the Azure OpenAI Service as a prompt. 

Agent Assist will send data to Azure OpenAI Service as a prompt to generate an email draft.

The data sent to Azure OpenAI Service includes: 

• History text messages in this ticket. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically. 
• The Contents relevant to the visitor’s question.

The following elements in a ticket are NOT transmitted:

• Images
• Attachments in any format
• Ticket fields

If Contents or text messages contain personal data such as the customer’s name, the data are also sent to Azure OpenAI Service.

Agent Assist Text Enhancement

When you use Agent Assist to enhance text messages, the selected text is transmitted to the Azure OpenAI Service as a prompt. The Azure OpenAI Service then processes the data and return with enhanced output, utilizing non-fine-tuned Azure OpenAI models.

Agent Assist Summarization

When you use Agent Assist to generate a summary of a ticket or a chat, the content of the ticket or chat is transmitted to the Azure OpenAI Service as a prompt. The Azure OpenAI Service then processes the data and generates the summary, utilizing non-fine-tuned Azure OpenAI models, without employing embedding techniques.

For a chat, the data transmitted to the Azure OpenAI Service for summarization includes:

• Text messages sent during the chat, together with sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically.
• System messages within the chat.

The following elements in a chat are not transmitted:

• Images
• Attachments in any format
• Chat fields
• Pre-chat form fields
• Session fields
• Custom fields
• Custom variables

For a ticket, the data transmitted to the Azure OpenAI Service for summarization includes:

• Text messages, together with the sender name and timestamps. If Credit Card Masking is enabled, credit card numbers in the text message are masked automatically. 
• System messages within the ticket.

The following elements in a ticket are NOT transmitted:

• Images
• Attachments in any format
• Ticket fields
• Contact fields

It is important to emphasize that the data transmitted to the Azure OpenAI Service adheres to strict privacy standards and is subjected to the following constraints:

• The data is not accessible to other Comm100 or Microsoft customers.
• OpenAI, Inc. does not have access to the transmitted data.
• The data is not used to improve OpenAI models.
• The data is not used to improve any Comm100 or Microsoft products or services.
• The data is not used for automatically improving Azure OpenAI models for your use in your resource.

Azure OpenAI Service Compliance

Microsoft Azure OpenAI Service is compliant with the following standards:

• CSA STAR Attestation
• ISO 27001:2013
• ISO 27017:2015
• ISO 27018:2019
• ISO 27701:2019
• ISO 9001:2015
• SOC 1, 2, 3
• HIPAA BAA
• Germany C5

How Long will Azure OpenAI Service Store the Data

To reduce the risk of harmful use of the Azure OpenAI Service, the Azure OpenAI Service includes both content filtering and abuse monitoring features. 

Azure OpenAI abuse monitoring detects and mitigates instances of recurring content and/or behaviors that suggest use of the service in a manner that may violate the code of conduct or other applicable product terms. To detect and mitigate abuse, Azure OpenAI stores all prompts and generated content securely for up to thirty (30) days. 

The data store where prompts and completions are stored is logically separated by customer resource (each request includes the resource ID of the customer’s Azure OpenAI resource). A separate data store is located in each region in which the Azure OpenAI Service is available, and a customer’s prompts and generated content are stored in the Azure region where the customer’s Azure OpenAI service resource is deployed, within the Azure OpenAI service boundary. Human reviewers assessing potential abuse can access prompts and completions data only when that data has been flagged by the abuse monitoring system. The human reviewers are authorized Microsoft employees who access the data via point wise queries using request IDs, Secure Access Workstations (SAWs), and Just-In-Time (JIT) request approval granted by team managers. For Azure OpenAI Service deployed in the European Economic Area, the authorized Microsoft employees are located in the European Economic Area.

Where is the Azure OpenAI Service Used by Comm100 Located?

The location of Azure OpenAI Service used by Comm100 varies depending on the domain of your account.

Azure OpenAI Service Data Management

The Azure OpenAI Service is fully controlled by Microsoft; Microsoft hosts the OpenAI models in Microsoft’s Azure environment and the Service does NOT interact with any services operated by OpenAI, Inc. (For example, ChatGPT, or the OpenAI API).

To learn the details about how Azure OpenAI processes and stores data, refer to Microsoft Cognitive Services OpenAI Data Privacy.