FAQs: Data Processing and Storage

What information do we need to process to be able to provide the service?

Sensitive Data Detection

We will need identifiers such as page, space, and user IDs for setting the scope and permissions for the service. We also use these identifiers to authenticate the app and users.

Additionally, we also process the content on your Confluence pages in order to detect sensitive data.

AI Classification

In allowing the AI model to determine the sensitivity of a page, we prompt the model with the following information:

• Page title

• Page content

• Space name

• Space description

To allow the AI to choose an appropriate classification level, we also provide it with:

• Classification level names

• Classification level descriptions

• Sub-level names

What information do we need to store to be able to provide the service?

Sensitive Data Detection

For the service to function efficiently and properly, we will store settings and detection results in our databases. In other words, we will store identifiers and content on the Confluence pages that is detected as sensitive data in our databases.

AI Classification

We do not retain any information provided to the model. This includes:

• Page title

• Page content

• Space name

• Space description

When the AI decides on an appropriate classification level for a page, it returns a response containing information that we do then store in our database. This includes:

• The page ID and space ID of the classified page

• The previous level and sub-level applied

• The new level and sub-level applied

• A confidence score of the AI’s judgment

• A brief generated reason for why the AI chose the new classification level

The reason stored is generated by the LLM used. It consists of a brief reference to the kind of content contained within the page and its sensitivity level.

The reason provided for each AI powered classification is visible to administrators in Compliance’s audit log.

Who do we share your information with?

Sensitive Data Detection

Sensitive data detection does not share information with third parties.

All sensitive data detection takes place within Compliance’s backend hosted on an Amazon EC2 instance. Data is then stored in our database also hosted in AWS.

AI Classification

Data is processed using Amazon Bedrock, which hosts the AI model used for classifying pages. This data does not leave our cloud infrastructure at any point.

AWS does not retain any information we provide to the model in our prompts, nor do they use any information provided for training purposes.

For more information on how Amazon Bedrock handles the data provided, see the AWS documentation.

Where do we process your information?

Data will be held and processed in Ireland (EU) within an Amazon Web Services (AWS) Data Centre (aws-eu-west-1).

Where do we store your information?

We use an encrypted database with data encrypted in transit (using HTTPS) and at rest. Firewalls are in operation between our infrastructure and other services or the internet.

How long do we keep your information?

Any required data will be stored for as long as the subscription is active. Once a subscription becomes inactive (i.e. the subscription has ceased), the data will be retained for up to 3 years to enable you to re-subscribe at any time during this period, and retain your data.

If required, you can request your data is removed at any time by contacting our Customer Support team. 

How can I exercise my rights over my information?

Certain jurisdictions offer users specific rights with respect to their information, so you may have a right to access or receive a copy of your data, or to delete your data or restrict or object to our processing of your data.

If required, you can contact our Customer Support team to exercise your rights.