AI Policy FAQ

This document provides answers to common questions regarding our AI practices, data isolation measures, and commitment to customer data security.

1. What is the purpose of this AI policy?

The AI policy outlines our commitment to providing secure, ethical, and compliant AI services within our SaaS offerings. It ensures that each production enterprise customer tenant operates in a dedicated environment with isolated data that is not used for cross-customer AI model training.

2. What does a “dedicated environment” mean for my tenancy?

A dedicated environment is a separate computing space allocated exclusively to you. This means your data and applications run independently of other customers, enhancing security and performance.

3. How does BalkanID ensure tenant isolation?

We implement strict access controls and infrastructure separation so that each tenant’s environment is completely isolated from others. This prevents unauthorized access and ensures that activities in one environment do not impact another.

4. What measures are in place for data isolation and security?

Data Segregation: Your data is stored and processed separately from other tenants’ data.
Encryption: All data is encrypted at rest and in transit using industry-standard protocols.
Access Management: Only authorized personnel with a legitimate need can access your data, following the principle of least privilege.

5. Will my data be used to train AI models that other customers can access?

No. We prohibit the use of any customer’s data for training AI models that could affect other customers. Your data will not be used in cross-customer AI training without your explicit consent.

6. Can my data be used for AI training within my own environment?

Yes, but only within your dedicated environment and for purposes that benefit you. Any such use will comply with our data handling policies and require your explicit consent.

7. How do you handle consent for using my data in AI training?

We require a formal agreement outlining the scope and purpose before using your data for AI training. This ensures transparency and gives you control over how your data is used.

8. What steps are taken if my data is used for AI training with my consent?

If you consent to data usage for AI training:

Anonymization: We anonymize your data to remove personally identifiable information (PII).
Secure Handling: Data is processed securely, following strict protocols to prevent unauthorized access.

9. How does BalkanID comply with data protection laws like GDPR and CCPA?

We adhere to all applicable data protection laws by:

Obtaining necessary consents for data processing.
Providing transparency in how data is used.
Ensuring data subject rights can be exercised.
Conducting regular compliance audits.

10. Who is responsible for enforcing the AI policy?

Management: Communicates and enforces the policy across all departments.
Employees and Contractors: Must adhere to the policy and report any breaches.
IT and Security Teams: Implement technical measures for tenant and data isolation.

11. Are there any exceptions to this policy?

Any exceptions must be reviewed and approved by our Chief Information Security Officer (CISO) and properly documented.

12. How often is the AI policy reviewed and updated?

The policy is reviewed annually or whenever significant changes occur in our operations or relevant laws and regulations.

14. What is “data segregation,” and why is it important?

Data segregation involves storing and processing your data separately from others. It’s crucial for maintaining privacy and ensuring that your data is not inadvertently accessed or used by others.

15. What is meant by “principle of least privilege” in access management?

It means that employees and systems are granted the minimum level of access—or permissions—needed to perform their duties. This minimizes the risk of unauthorized access to your data.

16. How does encryption protect my data?

Encryption transforms your data into a secure format that can only be read with the correct decryption key. This protects your data from unauthorized access during storage (at rest) and transmission (in transit).

17. What happens in the event of a data breach?

In the unlikely event of a data breach:

We will promptly notify affected customers.
Take immediate action to mitigate the breach.
Conduct a thorough investigation.
Review and enhance security measures to prevent future incidents.

18. Does BalkanID conduct regular audits of its AI practices?

Yes, we perform regular audits to ensure compliance with our AI policy and relevant laws. Audit reports are made available to authorized stakeholders.

19. How can I be sure that other tenants cannot access my data?

Our infrastructure is designed with robust tenant isolation protocols, and we continuously monitor and test our systems to prevent and detect any unauthorized access.

PreviousTerms of Service

Last updated 7 months ago

Was this helpful?

AI Policy FAQ

This document provides answers to common questions regarding our AI practices, data isolation measures, and commitment to customer data security.

1. What is the purpose of this AI policy?

2. What does a “dedicated environment” mean for my tenancy?

A dedicated environment is a separate computing space allocated exclusively to you. This means your data and applications run independently of other customers, enhancing security and performance.

3. How does BalkanID ensure tenant isolation?

4. What measures are in place for data isolation and security?

Data Segregation: Your data is stored and processed separately from other tenants’ data.
Encryption: All data is encrypted at rest and in transit using industry-standard protocols.
Access Management: Only authorized personnel with a legitimate need can access your data, following the principle of least privilege.

5. Will my data be used to train AI models that other customers can access?

No. We prohibit the use of any customer’s data for training AI models that could affect other customers. Your data will not be used in cross-customer AI training without your explicit consent.

6. Can my data be used for AI training within my own environment?

Yes, but only within your dedicated environment and for purposes that benefit you. Any such use will comply with our data handling policies and require your explicit consent.

7. How do you handle consent for using my data in AI training?

We require a formal agreement outlining the scope and purpose before using your data for AI training. This ensures transparency and gives you control over how your data is used.

8. What steps are taken if my data is used for AI training with my consent?

If you consent to data usage for AI training:

Anonymization: We anonymize your data to remove personally identifiable information (PII).
Secure Handling: Data is processed securely, following strict protocols to prevent unauthorized access.

9. How does BalkanID comply with data protection laws like GDPR and CCPA?

We adhere to all applicable data protection laws by:

Obtaining necessary consents for data processing.
Providing transparency in how data is used.
Ensuring data subject rights can be exercised.
Conducting regular compliance audits.

10. Who is responsible for enforcing the AI policy?

Management: Communicates and enforces the policy across all departments.
Employees and Contractors: Must adhere to the policy and report any breaches.
IT and Security Teams: Implement technical measures for tenant and data isolation.

11. Are there any exceptions to this policy?

Any exceptions must be reviewed and approved by our Chief Information Security Officer (CISO) and properly documented.

12. How often is the AI policy reviewed and updated?

The policy is reviewed annually or whenever significant changes occur in our operations or relevant laws and regulations.

14. What is “data segregation,” and why is it important?

Data segregation involves storing and processing your data separately from others. It’s crucial for maintaining privacy and ensuring that your data is not inadvertently accessed or used by others.

15. What is meant by “principle of least privilege” in access management?

It means that employees and systems are granted the minimum level of access—or permissions—needed to perform their duties. This minimizes the risk of unauthorized access to your data.

16. How does encryption protect my data?

17. What happens in the event of a data breach?

In the unlikely event of a data breach:

We will promptly notify affected customers.
Take immediate action to mitigate the breach.
Conduct a thorough investigation.
Review and enhance security measures to prevent future incidents.

18. Does BalkanID conduct regular audits of its AI practices?

Yes, we perform regular audits to ensure compliance with our AI policy and relevant laws. Audit reports are made available to authorized stakeholders.

19. How can I be sure that other tenants cannot access my data?

Our infrastructure is designed with robust tenant isolation protocols, and we continuously monitor and test our systems to prevent and detect any unauthorized access.

PreviousTerms of Service

Last updated 7 months ago

Was this helpful?