Data Security Concerns Regarding Spotfire Co-Pilot

[Niraj]

Dear Team,

Recently, I presented the Spotfire Co-Pilot demo to one of our oil and gas customers, and they were really impressed with the feature. However, they have raised concerns about data security, particularly since it involves exposure to OpenAI.

Do we have any documentation or references that address data security in relation to Co-Pilot.

 

Best Regards,

Niraj

 

[Marcelo Gallardo]

Niraj,

Thank you for raising bringing up your client's concerns about data security when using large language models (LLMs).

We take these concerns seriously and prioritize the protection of your data at every step. I would like to assure you that we follow strict security protocols when interacting with LLMs to mitigate any potential risks.

Here are some key measures we have in place to ensure the security and privacy of your data:

- Data Privacy: We take every precaution to ensure that sensitive data is only shared with LLMs when absolutely necessary. Any data processed is carefully managed, and we actively work to minimize the amount of data sent to the LLM.

- Secure Transmission: All data interactions with LLMs occur over encrypted channels (using HTTPS), ensuring that no unauthorized parties can access the information during transmission.

- No Data Retention: Many LLM providers, including OpenAI, have strict policies in place to ensure data is not stored after processing. We routinely review these policies with external vendors to ensure they meet these security standards. Furthermore, Copilot is LLM-agnostic, allowing you to select the LLM that best fits your data privacy requirements.

Feel free to contact us if you need any additional information. We'd be happy to provide more details and assist you further.

Regards,

Marcelo Gallardo

[Niraj]

Hi Marcelo,

Thanks for the feedback. It helps. I will reach out if customer has any further queries.

Regards,

Niraj

[Ahmad Fattahi]

Niraj, please let us know if there are other questions in this context from your customers. We would also be happy to directly meet with the customers and address their security concerns.

Please also note that Spotfire Copilot will be each customer's own instance of the Copilot. It means that the customer will have the freedom to pick OpenAI, Azure OpenAI, Google's Gemini, Amazon Bedrock, or any other platform their security posture prefers. While Spotfire does what it reasonably can to secure all of the communication channels as Marcelo suggests, the LLM provider will have to declare their terms on their own. Most serious enterprise-grade LLM services explicitly commit to not retaining their customers' data or using the data/metadata to improve or retrain their models.

[Niraj]

@Ahmad Fattahi Thanks for giving your additional valuable feedback.I have another round of Demo with leadership team. Will keep you posted if they have any concern related to security or any clarification required from TIBCO.