#DataPrivacy with API call

Hey guys, I have a question. I have build a Chatbot using the GPT 4 API. The Chatbot has access to a own database where he gets additional informations. Now my question is, in order for GPT 4 to give me a output which is connected to the database it obviously has to read the data inside this database. Is this data then trough the API somewhere saved? OpenAI side?

Thanks for help

To follow up, and for others who might ask the same question and see this, the OpenAI API only has access to data that you send it in a query. In addition, these queries and data are only accessible for 30 days for enforcement purposes, after which it is destroyed.

@supple thistle thanks for your answer, but that means within those 30 Days the data is stored somewhere else outside of my database storage aswell ?

Yes. But the API is SOC 2 Type 2 compliant and is stored in a secure manner.

Mabye I should give some more context... For example if i have lets say patient Data, which should not leave this datastorage for legal reasons aswell, that might be a problem then I guess?

If you are using any data that falls under HIPAA compliance, you will need to work with OpenAI to get an enterprise agreement and have a qualifying use case.

The API can't have access to any information without you sending it to the API. There's no "hookup" where it can locally scan and use data on a database without that data being sent and processed to OpenAi

well its not exactly HIPAA compliance since i am also in a diffrent country not the US, but i just wanted to give the context, that the data is highly sensitiv 🙂

yea exactly that was my thought aswell.. but i was not sure, but thanks for confiming it.

I would still work with OpenAI with an enterprise agreement to ensure you get the best possible security.

yea thats actually a good point, thanks for that suggestion. I wasnt thinking about that.