Privacy & Security

The Spinach AI Scrum Master is powered by GPT-4 API. Just like human scrum masters, Spinach is most effective when granted access to your meetings and product management tools. However, we understand that these platforms house some of your most sensitive and confidential information. That's why our top priority is ensuring your data remains protected, never making its way into Large Language Models (LLMs) or into the hands of bad actors.

Spinach is a fast-growing early stage startup. As we grow, we are committed to full transparency regarding the usage of your information as we evolve. We actively collaborate with beta users to determine the controls you desire for the storage, management, and leveraging of your data. And we actively keep all users informed of Security updates as we grow.

Use of AI & GPT-4

Your information will not contribute to the training of Large Language Models (LLMs)

When using the GPT-4 API, it is important to know that the information you provide as input does not contribute to the training of Large Language Models (LLMs). OpenAI, the organization behind GPT-4, has implemented strict data handling policies to ensure that user data remains private and secure.

While GPT-4 is trained on vast amounts of data from various sources, the GPT-4 API operates separately from the training process. OpenAI retains API data for a limited period, primarily for operational purposes such as maintaining service quality, addressing bugs, or improving the system's overall performance. During this retention period, user data is not used to retrain or update the LLM.

By keeping the API and training data separate, OpenAI aims to maintain user privacy and prevent sensitive or confidential information from inadvertently becoming part of the model's knowledge base. This commitment to data privacy and security ensures that you can use the GPT-4 API with confidence, knowing that your information will not be integrated into the LLM.

Data storage

Your information is stored securely in AWS S3

Spinach stores information from your meetings in AWS S3, a highly secure and reliable cloud storage service. Amazon Web Services (AWS) S3, or Simple Storage Service, is a highly secure and reliable cloud storage service designed to store and retrieve data at scale. Security is a top priority for AWS, and they have implemented various measures to ensure the protection of the data stored in S3. Some key security features include:

  1. Data encryption: AWS S3 provides server-side encryption (SSE) and client-side encryption options. With SSE, data is encrypted before it is stored, and decrypted when it is retrieved. Client-side encryption allows you to encrypt data on your end before uploading it to S3.

  2. Access control: AWS S3 supports multiple access control mechanisms, including bucket policies, access control lists (ACLs), and Identity and Access Management (IAM) policies, allowing you to manage permissions for users and groups with fine-grained control.

  3. Versioning: AWS S3 supports versioning, which preserves, retrieves, and restores every version of every object in a bucket, providing an extra layer of protection against accidental deletion or overwriting.

  4. Secure data transfer: Data transfers to and from AWS S3 are secured using HTTPS and SSL/TLS encryption, ensuring secure transmission of data over the network.

  5. Compliance: AWS S3 is compliant with a wide range of security standards and certifications, such as GDPR, HIPAA, and SOC 1, 2, and 3, ensuring that data is stored and managed according to industry best practices and regulations.

  6. Monitoring and logging: AWS S3 provides tools like Amazon S3 access logs, AWS CloudTrail, and Amazon Macie to monitor and audit access to your stored data, allowing you to detect and respond to potential security threats.

Spinach employees

Spinach employees and their equipment are secure

All employees have completed background checks and have signed NDAs to ensure any information they encounter via troubleshooting or testing remains private and secure.

Additionally, Spinach leverages Apple Device Management (MDM), also known as Mobile Device Management, which allow us to manage and secure all employee issued devices such as iPhones, iPads, and Macs across our organization. MDM provides centralized control over devices, ensuring that they adhere to our security policies and standards. Implementing MDM helps us enhance security of your information in a few ways:

  1. Device enrollment: MDM enables the streamlined onboarding of devices to the organization's network, ensuring that only authorized devices can access corporate resources.

  2. Configuration management: MDM allows administrators to remotely configure device settings, such as Wi-Fi, VPN, and email, ensuring that devices are set up according to the organization's security policies.

  3. Security policy enforcement: MDM enables the enforcement of security policies on devices, such as requiring complex passcodes, enabling data encryption, and restricting app installations. Administrators can also enforce device updates to ensure that devices run the latest security patches.

  4. Remote lock and wipe: In case of loss or theft, MDM allows administrators to remotely lock a device or perform a complete wipe of its data, protecting sensitive corporate information from unauthorized access.

  5. App management: MDM provides control over the apps that can be installed on devices, enabling organizations to create a whitelist or blacklist of approved or restricted apps. This helps prevent the installation of potentially harmful or non-compliant apps.

  6. Compliance monitoring: MDM continuously monitors devices to ensure they comply with the organization's policies. If a device is found to be non-compliant, the administrator can receive alerts and take appropriate actions, such as revoking access to corporate resources.

  7. Inventory management: MDM provides an overview of all managed devices in the organization, allowing administrators to track device usage, monitor software versions, and ensure that devices meet security requirements.

Ready to try the AI Scrum Master?

Additional Frequently Asked Questions

Will our team ceremonies' information be leaked to external tools?

How long does Spinach store my information?

How do you prevent internal data from becoming part of a training set for other customers?

Do you have access to our meetings, summaries, and information?

Where is the collected data stored, and what type of security is in place to protect it?

Are you SOC Compliant?

Can your product be tested and approved by our IS&T department?