Security

AI data privacy

• DraftPilot uses OpenAI's API platform for ChatGPT.
• Your data will not be used by OpenAI to train their public model. DraftPilot will also not use any of your data for AI training purposes.

Encryption and infrastructure

• Data is encrypted at rest (AES-256) and in transit (TLS 1.2).
• Hosting of this application (“DraftPilot”) is provided by Heroku, a cloud-based platform that complies with PCI, HIPAA, ISO, and SOC.
• Physical server security is managed by Amazon Web Services (AWS).

Product security

• Dependency updates ensure security patches are implemented as required.
• Vulnerability scans of the system are conducted after any significant change, to identify and resolve security vulnerabilities.
• Automated implementation tests ensure systems adhere to relevant security standards.
• Automated event logging tracks and records occurrences for critical systems, including associated applications, and any data affected by the events.
• Backend system access is restricted to a limited number of authorised users.

Organisational security

• DraftPilot's employees, contractors and affiliates are bound by confidentiality obligations.
• All employees are undergo security training regarding proper use of the internet and email to protect against malware, phishing, and ransomware.
• Individuals with access to DraftPilot’s systems must use multi-factor authentication (MFA) and adhere to a strict password policy.
• DraftPilot has policies in place regarding: security, vendor risk management, vulnerability identification and management, incident response, data classification, and proper use.
• DraftPilot conducts annual reviews of all security related practices and policies.

Data security

• DraftPilot conducts annual reviews of all data related processes and policies.
• Please see the DraftPilot privacy policy for information on how we collect and use data.

Contact

• For security inquiries or to report an issue, please contact us at contact@draftpilot.ai.