Your FAQ is clueless about corporate data concerns relative to the price points you're offering.
How does we prioritize privacy protection?
(grammar)
At Hansei, safeguarding your privacy is paramount. Your data is end-to-end encrypted and can only be accessed by you. You can delete your data anytime from our servers. Query and response data are stored to improve our services, adhering to our comprehensive privacy policy(https://hansei.app/privacy-policy). Queries and responses also pass through OpenAI and are subject to their privacy policy as well.
Most companies don't have a privacy officer, they have a data officer, and they don't worry about privacy, they worry about data loss, IP loss.
Even then, you both dissemble and flat lie in this answer, with the contradictions evident in the response itself.
End to end encrypted? What end to what end, and in what way that's not just SSL/TLS over the https request?
Accessed only by you? Not by, say, an embeddings tool, or not by, say, OpenAI where they "also pass through"? What about DBAs, SREs, Dev/QA, and the Founder/CEO?
More specifically, how do you (in logic, not policy) prevent yourself from being able to access the company's data even in case of break glass need, such as a law enforcement warrant? If someone uploads a document store of CSAM or bomb building instructions, you're claiming you cannot be responsive to a search warrant or national security letter? Think carefully before you answer. Being able to say this while performing a service using the data can take years of work and code/config/infra/system automation.
Understood you say nobody can access but then query and response (are you saying response doesn't contain data?) are stored "to improve services". In what way, other than -- ultimately -- humans learning this data incidentally, while "improving"?
This answer is transparently end-to-end nonsense to a CDO or CISO. The only way it could have been worse is if you'd had that "we take your security very seriously" stock phrase with an appeal to military/bank grade security or bits of encryption there.
Hey there, first off, I want to say a big thank you for taking the time to delve into our privacy practices and for your valuable feedback. We appreciate the scrutiny – it gives us an opportunity for reflection and growth.
What we mean by "end-to-end encryption" here is that the data being encrypted at rest and in transit. It's not just about SSL/TLS over HTTPS, but also about the data being encrypted in the storage.
When we say "accessed only by you", we mean the user has control over their data. Yes, currently the data does pass through OpenAI for embedding and query response as we're using OpenAI models and subject to their privacy policy.
Regarding the access of data, it's important to note that it is strictly controlled and monitored. In terms of law enforcement warrants, we comply with legal obligations. If required, we can provide data, but it's not a regular practice and is done under strict legal procedures.
Yes, the "query and response" data is used to improve services. But it doesn't mean humans are learning from this data. It's more about machine learning algorithms using this data to enhance the user experience.
I hope this clears up most of your concerns. Our priority is to offer value-aligned services to our clients, and their data safety is a part of this commitment. We might not be perfect, but we strive for continuous improvement in our data security and privacy deployment.
Terretta|2 years ago
How does we prioritize privacy protection?
(grammar)
At Hansei, safeguarding your privacy is paramount. Your data is end-to-end encrypted and can only be accessed by you. You can delete your data anytime from our servers. Query and response data are stored to improve our services, adhering to our comprehensive privacy policy(https://hansei.app/privacy-policy). Queries and responses also pass through OpenAI and are subject to their privacy policy as well.
Most companies don't have a privacy officer, they have a data officer, and they don't worry about privacy, they worry about data loss, IP loss.
Even then, you both dissemble and flat lie in this answer, with the contradictions evident in the response itself.
End to end encrypted? What end to what end, and in what way that's not just SSL/TLS over the https request?
Accessed only by you? Not by, say, an embeddings tool, or not by, say, OpenAI where they "also pass through"? What about DBAs, SREs, Dev/QA, and the Founder/CEO?
More specifically, how do you (in logic, not policy) prevent yourself from being able to access the company's data even in case of break glass need, such as a law enforcement warrant? If someone uploads a document store of CSAM or bomb building instructions, you're claiming you cannot be responsive to a search warrant or national security letter? Think carefully before you answer. Being able to say this while performing a service using the data can take years of work and code/config/infra/system automation.
Understood you say nobody can access but then query and response (are you saying response doesn't contain data?) are stored "to improve services". In what way, other than -- ultimately -- humans learning this data incidentally, while "improving"?
This answer is transparently end-to-end nonsense to a CDO or CISO. The only way it could have been worse is if you'd had that "we take your security very seriously" stock phrase with an appeal to military/bank grade security or bits of encryption there.
kraten|2 years ago
What we mean by "end-to-end encryption" here is that the data being encrypted at rest and in transit. It's not just about SSL/TLS over HTTPS, but also about the data being encrypted in the storage.
When we say "accessed only by you", we mean the user has control over their data. Yes, currently the data does pass through OpenAI for embedding and query response as we're using OpenAI models and subject to their privacy policy.
Regarding the access of data, it's important to note that it is strictly controlled and monitored. In terms of law enforcement warrants, we comply with legal obligations. If required, we can provide data, but it's not a regular practice and is done under strict legal procedures.
Yes, the "query and response" data is used to improve services. But it doesn't mean humans are learning from this data. It's more about machine learning algorithms using this data to enhance the user experience.
I hope this clears up most of your concerns. Our priority is to offer value-aligned services to our clients, and their data safety is a part of this commitment. We might not be perfect, but we strive for continuous improvement in our data security and privacy deployment.