Security & Privacy
Compliance And Accreditation
Masking Confidential Data
To learn more about how we mask confidential data, request a call with our team.
Data Removal
Privacy At Core
Private Conversations
All user conversations are private to them by default. Organisations cannot view conversations users have with their agents.
Agent Training
Users can opt out of a conversation being used in their agent’s training by selecting to have a private conversation.
Is my data shared with third parties?
We mask all uploaded and conversational confidential data. Only once masked is data shared with underlying LLMs.
Does Superficial use my data to train models?
Superficial does not share data with underlying LLMs to train their models. Conversational data is used only to further customise a user’s own agent.
Is my data encrypted?
Data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
Can I request my data to be deleted?
Yes - both users and their organisations can request for all data to be deleted from Superficial. Users can delete any data they have uploaded themselves, while companies can delete any data they have added.
Who owns my inputs and outputs?
You retain all rights to the inputs you provide to our services and you own any output you rightfully receive from our services to the extent permitted by law. We only receive rights in input and output necessary to provide you with our services, comply with applicable law, and enforce our policies.
How do you ensure data security?
Superficial encrypts all data at rest (AES-256) and in transit (TLS 1.2+), and uses strict access controls to limit who can access data. Our security team has an on-call rotation that has 24/7/365 coverage and is paged in case of any potential security incident. We offer a Bug Bounty Program for responsible disclosure of vulnerabilities discovered on our platform and products.
Can Superficial support my compliance with GDPR and other privacy laws?
Yes, we are able to execute a Data Processing Addendum (DPA) with customers for their use of Superficial’s agents in support of their compliance with GDPR and other privacy laws.
Who can view conversations and chat history?
Within your organisation, only end users can view their conversations. Company admins have control over companies and access but no ability to view conversations beyond their own.
Our access to conversations stored on our systems is limited to only non-confidential data already masked and only by authorised employees that require access for engineering support, investigating potential platform abuse, and legal compliance.
What sources of data are used for training your agents?
We use data from many different places including public sources, licensed third-party data, and information created by human reviewers.
Does Superficial comply with HIPAA?
Superficial is designed to adhere to the three HIPAA Rules: Privacy, Security, and Breach Notification to ensure our customers can use our service in a HIPAA compliant manner. To learn more, request a call with our team.