# HockeyStack AI: Security, Privacy, and Responsible Use At HockeyStack, we leverage AI to deliver **go-to-market intelligence to the enterprise** while maintaining the highest standards of security, privacy, and ethical responsibility. Our AI-powered services use **OpenAI’s foundational models** in conjunction with our proprietary **analysis and agentic execution framework**, ensuring transparency, security, and accuracy. This document outlines our **AI policies**, **data handling practices**, and the **measures in place** to mitigate risks associated with AI technologies. *** ### **1. Data Processing and AI Training** #### **How We Handle Data** * All data processing is conducted through **OpenAI’s secure infrastructure**. * **Customer data remains isolated** and is not shared with third parties. * OpenAI **does not use customer data** to train their general AI models. * **Data is never used to train models for other customers**—each customer’s data remains completely separate. #### **Infrastructure & Environment** * Our AI runs on the **same secure environment** as our existing product functionality. * **No new external processing environments** are introduced. * **Customer data is not used** to train or fine-tune vendor models. #### **Data Ownership & Control** * Customers retain **full ownership** of any data submitted to AI. * Customers **own all AI-generated outputs** from their data. * AI functionality is **opt-in**, ensuring customer control. *** ### **2. AI Risk & Security Considerations** We recognize that AI introduces new security and ethical challenges. Below are the **key risks** associated with AI and how HockeyStack mitigates them. #### **Potential AI Risks** * **Lack of transparency**: Understanding how AI generates output. * **Data breaches or unauthorized access**. * **Unintended consequences** of AI-driven decision-making. * **AI hallucinations**: Generation of misleading or false information. #### **Security Measures in Place** * **Regular AI evaluations** and output testing. * **Human-in-the-loop review** for non-deterministic AI outputs. * **Strict internal documentation** on AI model testing. * **Encrypted data transmission and storage**. * **Access controls and log monitoring**. *** ### **3. Ethical AI Usage Guidelines** We are committed to the **ethical use of AI** and ensuring that AI-generated insights are fair, unbiased, and transparent. #### **Our AI Ethics Principles** 1. **Transparency**: AI outputs must be explainable and traceable. 2. **Fairness**: AI models must be free from bias and designed for equitable outcomes. 3. **Security**: Customer data must remain protected at all times. 4. **Human Oversight**: AI is never the sole decision-maker in high-stakes business scenarios. #### **Preventing AI Misuse** * We **do not use AI** to manipulate or push users toward specific decisions. * **No third parties** are granted access to AI-generated customer data. * We maintain **easy and open feedback channels** for AI-related concerns. *** ### **4. Addressing AI Hallucinations & False Outputs** While AI models are powerful, they are **not infallible**. To ensure the integrity of AI-generated insights, we have built mechanisms to **identify and correct false outputs**. #### **How We Handle AI Inaccuracies** * **All AI-generated outputs must be reviewable** by a human (human-in-the-loop process). * **Customers can report hallucinations** or inaccuracies directly to us. * **Logging & tracking AI inconsistencies** allows for continuous model improvements. *** ### **5. AI Security & Adversarial Attack Prevention** We take active measures to prevent malicious attempts to exploit AI systems, such as **data poisoning** or **model inversion**. #### **Our Approach to AI Security** * **Data integrity monitoring** to prevent adversarial poisoning. * **Strict API key segmentation** by product and feature to prevent cross-contamination. * **Usage of authentication layers** to block unauthorized access. *** ### **6. AI Compliance & Legal Considerations** We ensure that our AI aligns with **legal, ethical, and regulatory** requirements. #### **AI Compliance & Legal Framework** * **Risk and Conformity Assessments**: Evaluating AI against security and privacy risks. * **Responsible AI Use Policy**: Ensuring compliance with ethical AI practices. * **AI-Specific Legal Terms**: Addressed within our **Data Processing Agreement (DPA)**. #### **Customer Monitoring & Ownership** * Customers have the ability to **monitor AI-generated insights**. * Customers can **choose to disable AI functionality** at any time. *** ### **7. HockeyStack AI Policy** Our AI policy outlines the **best practices and principles** that guide our use of AI. #### **HockeyStack AI Policy** 1. **Data Protection & Privacy**: All AI interactions respect strict data privacy policies. 2. **No AI Training on Customer Data**: Customer data is never used to train or improve global AI models. There are no exceptions, no integrations are used for training. 3. **Transparency & Explainability**: AI insights must be understandable and traceable. 4. **Fair & Unbiased Models**: We actively mitigate risks of AI bias. 5. **Security-First Approach**: AI implementations follow industry-leading security standards. *** ### **8. AI Sustainable Use Policy** AI should be used responsibly to **support sustainable and ethical business practices**. #### **HockeyStack AI Sustainable Use Policy** * AI should be **used to augment human decision-making**, not replace it. * AI should be **monitored continuously** to ensure quality and accuracy. * AI should **not be used for deceptive practices**, including misleading data manipulation. * AI should follow a **privacy-first approach**, respecting user consent at all times. *** ### **9. Frequently Asked Questions (FAQ)** #### **1. Does HockeyStack’s AI process customer data?** Yes, but customer data remains private, is not shared with third parties, and is never used to train global AI models. #### **2. Can customers opt out of AI functionality?** Yes, AI features are opt-in, and customers can choose to disable them at any time. #### **3. Does HockeyStack allow third-party access to AI-generated data?** No, all customer data and AI outputs are kept strictly private. #### **4. How does HockeyStack prevent AI hallucinations?** We implement **human-in-the-loop verification**, logging, and customer feedback mechanisms to catch and correct AI inaccuracies. #### **5. How does HockeyStack protect against AI security threats?** We use **encrypted data transmission, strict access controls, authentication layers, and adversarial attack prevention strategies** to secure AI functionality. #### **6. What legal agreements cover AI usage at HockeyStack?** Our **Data Processing Agreement (DPA)** includes specific AI-related terms to ensure compliance and security. #### **7. How can customers report AI-related issues?** Customers can report issues via our **support channels** or directly through [**security@hockeystack.com**](mailto:security@hockeystack.com). *** For any questions regarding AI security, compliance, or usage, please contact us at [**security@hockeystack.com**](mailto:security@hockeystack.com). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hockeystack.com/marketing-intelligence/odin-ai/hockeystack-ai-security-privacy-and-responsible-use.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.