Online Help

Security

How Secure is Brain Assistant?

We pride ourselves on ensuring that your data is kept safe, and remains your data, not ours or anybody else’s.

If you have any questions about the security of Brain Assistant that aren’t covered here, reach out to us at team@mybrain.zone.

Is it secure? (TLDR)

Yes, to keep your data secure (and cover off the main things we get asked about):

  • We automatically delete your files after they’ve been added to your Brain (uploaded to Brain Assistant), unless you explicitly tell us not to
  • All uploaded content is stored in isolated containers
  • All data is encrypted at rest (AES-256) and in transit
  • Your data is never used for any reason other than servicing API calls or customer support at your request only
  • Your uploaded (embedded) content (vectors) and reference content (text, author, links, etc.) are stored and encrypted on Pinecone, which is run on Google Cloud Platform (GCP) and located in The Dalles, Oregon, USA (us-west1-gcp). See more here: https://www.pinecone.io/security/.

Your Content

Do you store my documents?

We automatically delete your files after they’ve been ‘embedded’ (uploaded to Brain Assistant), however content from them is kept so we can return references to your Brain answers, unless you explictly give us permission to store your document for reference purposes.

This content is encrypted and stored in an isolated container.

Who sees my documents?

No one else can see your documents or anything you’ve uploaded. The only way other people can see your content is if you share access to your Brain via the share URL, embedding on a website or providing access through our API.

If you ask us to investigate an issue with your Brain then we’ll be able to see your content and settings. We’ll only do this if you ask us to.

Where is information stored?

Content you upload is securely stored with Pinecone once it’s been processed by Rezolve – who don’t store it or anything shared via API. We only store the text from your documents and webpages and not the actual file itself.

Where are your servers located?

Our servers are in the US and EU (mainly US).

Your Data

Who owns the data that is uploaded?

The content and data you upload to the site is yours and only yours, it is not used by us for any other purpose than providing you with the Brain Assistant service or helping to answer any customer support queries you have and obviously is deleted when you delete it in the UI,

What do you use my data for?

We only use your data to allow you to access your Brain and to improve the product, we do not pass it onto any 3rd parties for marketing purposes.

You can see full details of our Privacy Policy here: help.rezolve.com/docs/brain-assistant-privacy-policy/.

Your Brain

Who can access my Brain?

Only people who you share your Brain link with will be able to access your Brain.

Brains are not discoverable unless someone has your link.

How can I limit the number of questions asked by users?

There are no ways of limiting questions asked to your Brain directly however there are a number of things you can do to control your costs if it is a concern:

  1. Controlling access to your Brain by putting your Brain behind a password-protected login (available on all Pro plans and above)
  2. Controlling access to your Brain by putting your embedded Brain behind a password-protected login
  3. Controlling access to your Brain by consuming the responses via API and putting limits on its usage
  4. Monitoring usage of your question limits within your Brain Assistant dashboard

Can I password-protect my Brain?

Yes, you can, this will prevent anyone else from asking questions of your Brain without the password. You can turn this feature on, on any paid account from Customize/Settings.

Can I restrict the embed or domain to my website?

Yes you can. If you go to Customize/Settings at the bottom you will see an option to enter a ‘Restricted domain’, this will ensure that the only page the embed code will work on is the one you have entered and will prevent others from using your Brain elsewhere.

Rezolve

Does Rezolve use my model to train its model?

No. Rezolve does not use other people’s data for their training for use via the API (and hasn’t since 1 March).

Do I need to add a Brain Assistant key?

No, unless you are on an Enterprise plan and choose to use your own key.

Can Rezolve access documents?

No. Rezolve doesn’t store any of your content. Your content is processed by them, to convert the text into searchable numbers (vectors), but it isn’t actually stored by them. All content storage is with Pinecone (https://www.pinecone.io/security/).

Regulations

Is Brain Assistant GDPR compliant?

We meet the following core principles of GDPR as outlined here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/:

  1. We process your data in a transparent, fair and lawful way. We outline how we process your content, where it’s stored and who has access to it. We follow local laws on personal data storage as well.
  2. We only collect data required for our service and that’s required for you to use Brain Assistant. We don’t share your data with any 3rd party that isn’t core to our service, e.g. Pinecone (Secure data storage for your uploads), Rezolve (AI models used to process your uploads and answer questions on your content), Google Analytics (allows us to improve our services). We only keep this data for as long as you want us to and we anonymise it wherever possible.
  3. We make every effort to keep all your data up to date and to make it as easy as possible for you to update, amend or remove any data we hold about you or your account.
  4. We keep information about you and your account until you ask us to delete it. We’ll only keep this information for as long as you’re a customer and using our service. If you’d like us to export or delete any data about you, you can always email us.
  5. We use the latest security standards both when your data is in transit (through an API call, for instance) and at rest (when it’s stored in our database). We use bank-grade encryption for all data storage. We also use access and authorisation controls to ensure only you can access your data and you have control over who else can access it.

Do you have a SOC-2?

We do not currently have a SOC-2 report, but if this is an issue for you, let us know (team@mybrain.zone) and we may be able to help.

Are you HIPAA compliant?

We cannot currently demonstrate HIPAA compliance, but if this is an issue for you, let us know (team@mybrain.zone) and we may be able to help.

Can I use Brain Assistant ‘on-premise’ or self-hosted?

Unfortunately not at this time. We can provide a dedicated Pinecone database instance for your company and use your company’s dedicated Brain Assistant key. This ensures you own the data storage infrastructure and that your data is almost entirely flowing through services you are the owner of.