Insights User Guide
Insights security
Here we address the most commonly asked questions relating to the use of AI and its security.
Insights is our software tool that lives inside every ticket as a pod inside ConnectWise that helps technicians solve support tickets faster.
Open AI is a business-grade Artificial Intelligence Large Language Model used by some features of Insights to provide responses to queries.
Where AI features are used, Insights calls the business-focussed Open AI API, not the free consumer version.
Open AI's API is built with business security at the forefront of its operations. It is designed for cross-industry use with systems such as Insights where data security is the top priority.
Key facts
ConnectWise data we send to Open AI is limited to answering specific queries
Requests to Open AI are made ad-hoc, using only the specific information from notes within tickets required to answer a particular question and Insights is built around GDPR data-minimisation measures.
None of the requests we send are used in the training of Open AI
We send a request and get a response, and the data is not used any further. There is zero chance of any information sent in a request appearing in answers to future requests.
Open AI's responses are based on its existing training data, not your ConnectWise data
When answering questions on how to solve problems, Open AI draws from its existing, vast knowledgebase. Insights doesn't hand over all your data to mine it for answers.
Individual requests to Open AI are ringfenced to that one-off request
It's not just Insights' clients, or even details from your clients' individual tickets that are ringfenced, Insights and Open AI doesn't even use the selected data we send in individual requests to answer future requests within the same ticket or session. Every interaction is a one-off.
Insights does not send any top-level, company-identifiable information to Open AI
Only relevant information within a support ticket, such as the title and information from ticket notes are used to form requests for asking specific questions.
Insights doesn't mine your data
None of your data is pooled anywhere collectively to mine it for answers. Each request is made spontaneously using only the information required to provide a response.
Data Sovereignty and GDPR Compliance
Insights runs, processes data and operates in UK datacentres. Requests made to Open AI are processed in their data centres in the USA. To maintain GDPR compliance, OpenAI processes requests in line with the EU Standard Contractual Clauses (SCC) , as modified by the UK addendum issued under the Data Protection Act 2018. This UK addendum is integrated into our Data Processing Agreement with Open AI to ensure compliance with UK data protection regulations.
Open AI enforces strict, compliant data policies
The specific, limited requests we make to Open AI using selected data (see the data flow below) are stored encrypted with Open AI for up to 30 days after which the requests are securely deleted, should Open AI need to investigate malicious activity, with only security-cleared Open AI engineers able to see our requests should it be required in an internal investigation.
Open AI undergoes third-party penetration testing to ensure their security
Open AI only uses the requests we make to service those requests, and the data is used for no other purpose and not shared with any other parties.
Insights doesn't store any of your ConnectWise information
Everything is pulled from the secure ConnectWise API ad-hoc for processing. It is not stored for re-use.
Only a handful of Insights features utilizes AI
Some of Insights' commonly-used features, such as advanced search, do not utilize AI at all, and instead work on data straight from the ConnectWise API, which is not stored once it has been processed.
All communication within the system is encrypted
All data transfer from ConnectWise to Insights to Open AI and back are encrypted during transmission.
Insights' code is externally reviewed for security, compliance and health
We use industry leaders, Debricked, to monitor, validate and review our code for peace of mind.
Insights runs on private, dedicated servers in Tier 3, UK-based secure datacentres
It's not just data-security at the forefront of our company ethos, our entire software and hardware infrastructure runs to industry-standards and compliances.
Transparency and accountability
Within each support ticket, Insights shows a log of the features that were used on that specific ticket for auditing and accountability purposes.
Ongoing compliance and security reviews
Insights is constantly being evolved and refined in the face of ongoing changes in the AI landscape.