Accelerate your journey for cybersecurity compliance today!

Complyan GRC Platform for Compliance
Login
Login
Login
Book a Demo

Security for Complyan AI

Security for Complyan AI

We take our commitment to protecting customer data seriously. Learn how we built Complyan AI to be secure and private.

Complyan is committed to data ownership, security, and privacy, and Complyan AI, powered by a private instance of OpenAI hosted in our MS AZURE tenant where OpenAPI has no access to data or model, has been designed to uphold those commitments from day one.

Complyan AI Security Basics

  • Customer data never leaves Complyan’s infrastructure.
  • Customer data is never used to train large language models (LLMs).
  • Complyan AI only works with data that users have permission to access.
  • Complyan AI meets all enterprise-grade security and compliance standards.
  • Complyan AI adheres to the same security framework as the rest of Complyan.

FAQs

How does Complyan AI work?

Complyan AI uses OpenAI’s large language models (LLMs) hosted within Complyan’s private and secure infrastructure. It leverages the compliance data within your Complyan platform to generate insights, summaries, and recommendations. When you request assistance, your data is securely processed and sent to the LLM within our private instance. The LLM generates a response, which is returned to you. Your data never leaves Complyan’s environment, and the LLM does not retain any information from the request.

What type of AI model does your system use and is it explainable?

Complyan AI uses a securely hosted commercial model optimized for governance, risk, and compliance use cases. The model is designed for explainability, providing detailed citations for generated responses and ensuring transparency in operations.

Is my Complyan data used to train third-party AI models?

No. Complyan AI does not use your data to train OpenAI or any other third-party LLMs. Instead, we apply Retrieval Augmented Generation (RAG), sending only the necessary data for a specific request at runtime. This ensures no persistent storage or training of your information.

Will Complyan AI show private data that users cannot access?

No. Complyan AI only utilizes data that the requesting user has access to at the time of the request. For example, summaries or recommendations will never include data outside of your assigned permissions.

How does Complyan AI protect the security of our data?

Complyan AI is built to uphold Complyan’s stringent security and compliance standards:

  • Ephemeral data processing: AI-generated responses are temporary and not stored persistently.
  • Enterprise-grade compliance: Complyan AI operates under our existing compliance infrastructure, including data encryption, data residency options, and audit logging.

How long does Complyan AI retain data?

AI-generated insights and responses are ephemeral and not stored persistently within the system. However, user-initiated tasks, such as reports or summaries saved within workflows, will adhere to your organization’s data retention settings within Complyan.

How does Complyan AI prevent misleading information (or AI “hallucinations”)?

Complyan AI includes citations and references for all outputs to ensure accuracy and transparency. Users can review the original sources to verify the results. Additionally, the LLM is fine-tuned for compliance-related tasks, minimizing the risk of generating inaccurate or irrelevant responses.

Can I turn off Complyan AI or limit access?

Yes. Complyan AI is enabled by default for organizations that subscribe to its features. However, admins or each user can manage access and configure settings to meet organizational and personal preferences .

Questions

Questions regarding this policy may be sent to [email protected]. We also invite you to contact us with suggestions for improving this policy.