CathyAI Security & Privacy: Frequently Asked Questions (FAQ)

1. Is my data secure on the CathyAI platform?
Absolutely. Security is the foundation of the CathyAI platform. The system is engineered with multiple layers of protection to ensure your data is always secure. We are SOC 2 Type 2 compliant, which is a rigorous, third-party audit that verifies our security controls and processes meet the highest industry standards. Obtaining our SOC 2 Type 2 certification, involves continuous monitoring to ensure these standards are consistently maintained. 

2. Will my conversations be used to train the AI models?
No, never. Your data is your data. We use enterprise-grade APIs to connect to large language models, and our agreements explicitly state that none of your information is used for training the models. Unlike some free consumer tools, your proprietary information, conversations, and uploaded documents remain confidential.

3. Where is my data stored?
All client data is currently stored securely in Canada. For enterprise clients with specific regulatory needs, we have the capability to ensure data is hosted exclusively within a requested geography, such as the US, to comply with data sovereignty requirements.

4. Can anyone at your company or on my team see my chats?
Your privacy is paramount.

• Internal Access: Our administrators cannot see the content of your chats. The system is designed to ensure your conversations are private.

• Team Access: Within your organization, each user has a unique seat and login. No one on your team can see your chats unless you explicitly use the "share" function.  This ensures confidentiality between team members.
   

5. How do you protect my data from external threats?
We employ a multi-faceted approach to security. Our platform is built on a microservice architecture, which isolates different parts of the system to enhance security and prevent cascading issues. We also utilize end-to-end encryption and private network systems to protect your data both when it's being stored and when it's in transit. 

6. What happens when I upload a document?
We are continuously enhancing our security features. We are in the process of implementing automatic virus scanning for all file uploads and downloads to protect your systems from malware. We are also developing a PII (Personally Identifiable Information) Redactor that will warn you if you are about to upload sensitive personal data, helping you maintain compliance and protect privacy. 

7. What is our responsibility as users?
That's a great question. While we provide a highly secure environment, we always advise clients to practice smart data hygiene. As a best practice, you should never upload or discuss information that you wouldn't want in the public domain.Think of it like any other digital communication tool—it's a shared responsibility to keep sensitive information safe.