How we built Scispot AI to be Secure & Private

Post by
How we built Scispot AI to be Secure & Private
Scibot - Your AI agent for Biotech R&D

We started building Scispot AI (Scibot) features while upholding our existing Security and compliance policies as well as our privacy principles like “Customer Data is sacrosanct”. Then through the specific lens of generative AI, our team created a new set of Scispot AI principles to guide us. 

  • Customer data never leaves your Scispot instance 
  • We do not train any models on customer data
  • Scispot AI upholds all of enterprise-grade security and compliance requirements along with fulfilling SOC 2 and HIPAA controls
  • Customers can choose to switch off Scispot AI functionalities in their account if they prefer not to use them

1. Customer data never leaves your Scispot instance 

At Scispot, we prioritize the privacy and security of our customers' data. We adhere to strict policies to ensure that customer data remains confidential and is not used for any purposes other than those explicitly intended by the customer. This policy outlines our commitment to data protection and how we utilize cloud controls to maintain these standards.

Data Usage and Privacy

  • Customer Data Isolation: Customer data is isolated and segmented. This ensures that each customer's data is kept separate and secure.
  • No Global Training: Customer data is never used to train our global models. All data processing and model training are confined to the customer's instance.
  • Cloud AI Controls: We leverage robust security controls to manage and process data securely. These controls include data encryption, access management, and compliance with industry standards.

Data Handling Practices

  • Data Storage: All customer data is stored securely in a segmented customer’s database. Data storage complies with all relevant security and compliance standards.
  • Data Processing: Data processing is performed in secure Scispot servers ensuring that data transformations and embedding generation remain within the secure environment provided by cloud
  • Data Access: Access to customer data is strictly controlled and monitored. Only authorized personnel have access to the data, and all access is logged and audited.

2. We do not train any models on customer data

We chose to use off-the-shelf models instead of training or fine-tuning models. We made the choice to use off-the-shelf models in a stateless way by employing Retrieval Augmented Generation (RAG). With RAG, you include all of the context needed to performa a task within each request, so the model does not retain any of that data. For example, when summarising a labspace page, we’ll send the LLM a prompt containing the message to be summarised, along with instructions for how to do so. 

The statelessness of RAG is a huge privacy benefit, but it’s a product benefit as well. All of Scispot AI’s results are grounded in your company’s knowledge base — not the public Internet – which makes the results more relevant and accurate. You get the benefit of incorporating your proprietary and individual data set without the risk of a model retaining that data.

3. Scispot AI upholds all of enterprise-grade security and compliance requirements along with fulfilling SOC 2 and HIPAA controls

  • Adherence to Standards: Scibot AI adheres to SOC2 and HIPAA controls, ensuring that all data handling processes meet these rigorous standards. Additionally, we comply with any other data commitments stipulated in our contracts with clients.
  • Compliance: Our data handling practices comply with all relevant regulations and standards, including GDPR, HIPAA, and others as applicable.
  • Security Measures: We implement advanced security measures to protect customer data, including encryption, access controls, and regular security audits.

4. Customer Rights and Control

  • Data Ownership: Customers retain full ownership of their data. Scibot only processes data on behalf of the customer and in accordance with their instructions.
  • Personalized Experience: Customers can opt for a personalized experience with Scibot. However, they also have the option to remove Scibot from their account if they do not wish to use this service.
  • Data Deletion: Customers can request the deletion of their data at any time. Upon such requests, all customer data will be permanently deleted from our systems.

5. Customers can choose to switch off Scispot AI functionalities in their account if they prefer not to use them

  • Removal of Scibot: If customers prefer not to use the personalized features of Scibot, they can remove the service from their account. This can be done through the account settings or by contacting our support team.

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.