Security
AI data privacy
- DraftPilot uses OpenAI's API platform for ChatGPT.
- Your data will not be used by OpenAI to train their public model. DraftPilot will also not use any of your data for AI training purposes.
Encryption and infrastructure
- Data is encrypted at rest (AES-256) and in transit (TLS 1.2).
- Hosting of this application (“DraftPilot”) is provided by Heroku, a cloud-based platform that complies with PCI, HIPAA, ISO, and SOC.
- Physical server security is managed by Amazon Web Services (AWS).
Product security
- Dependency updates ensure security patches are implemented as required.
- Vulnerability scans of the system are conducted after any significant change, to identify and resolve security vulnerabilities.
- Automated implementation tests ensure systems adhere to relevant security standards.
- Automated event logging tracks and records occurrences for critical systems, including associated applications, and any data affected by the events.
- Backend system access is restricted to a limited number of authorised users.
Organisational security
- DraftPilot's employees, contractors and affiliates are bound by confidentiality obligations.
- All employees are undergo security training regarding proper use of the internet and email to protect against malware, phishing, and ransomware.
- Individuals with access to DraftPilot’s systems must use multi-factor authentication (MFA) and adhere to a strict password policy.
- DraftPilot has policies in place regarding: security, vendor risk management, vulnerability identification and management, incident response, data classification, and proper use.
- DraftPilot conducts annual reviews of all security related practices and policies.
Data security
- DraftPilot conducts annual reviews of all data related processes and policies.
- Please see the DraftPilot privacy policy for information on how we collect and use data.
Contact
- For security inquiries or to report an issue, please contact us at contact@draftpilot.ai.