Customer Data Use Policy for AI Solutions

Customer Data Use Policy for AI Solutions

At Netigate, transparency and customer privacy are our top priorities – particularly regarding the use of AI and generative technologies such as Large Language Models (LLMs). This policy clearly explains how we handle Customer Data (as defined in our Terms of Service) concerning AI-driven solutions and details the measures we employ to protect customer information.

Data Usage Policy Overview

• No Training of Generative AI Models: Netigate does not use Customer Data to train generative AI models, such as LLMs. This ensures there is no risk of unintended data exposure.
• Machine Learning Models: We maintain specific machine learning (ML) models that are trained under stringent data protection protocols, as detailed in our Data Processing Agreement (DPA).
• Anonymised and Aggregated Data: We may use fully anonymised and aggregated data for limited purposes, such as improving products or conducting statistical analyses. This anonymisation process ensures data cannot be linked back to individuals or organizations.
• No Sharing of Customer Data: Customer Data is never shared with external providers, partners, or third parties for training purposes.
• Compliance and Security: All data handling aligns with industry standards for privacy, data protection, and information security, certified according to ISO 27001.

Product Improvement and Quality Assurance

The sole use of Customer Data within our AI systems is for quality assurance and product improvement, specifically in two scenarios:

• System Fine-Tuning: Customising AI solutions, such as sentiment analysis models, for specific industries or customer requirements.
• Regression Testing: Ensuring updates to infrastructure, software, or AI models maintain or enhance system performance without compromising existing functionality.

In these cases, we strictly utilise anonymised customer data, which cannot be traced back to identifiable persons or entities and is not considered to be PII. This anonymisation process ensures that personal identifiable information (PII) remains fully confidential and inaccessible to testing staff.

Testing Environment and Data Security

• Isolated Testing: All software testing, including AI and analytics, occurs exclusively within dedicated demo accounts and staging environments, isolated from production data and systems.
• EU-Based Infrastructure: Our infrastructure is primarily hosted on Azure, with strict contractual guarantees ensuring all workloads and data remain within the EU/EEA. For more information, review our DPA with Microsoft.
• Standards and Best Practices: Our testing practices follow rigorous software development methodologies, including staged releases and comprehensive validation aligned with ISO 27001 standards. For more information, visit our Trust Center.

Commitment to Privacy and Quality

Legal Compliance

We only process Customer Data in accordance with our contractual agreements with customers. Any further usage of data beyond the initial scope agreed upon with customers is based solely on our legitimate interests, primarily aimed at improving our services and ensuring their reliability and performance. This processing strictly adheres to applicable data protection laws, including the General Data Protection Regulation (GDPR). Detailed information on our Technical and Organizational Measures (TOMs) for data protection can be found here.

Protecting your privacy while providing high-quality services is our core commitment. We:

• fully anonymise PII before its use in AI testing and product development.
• use only essential data required to enhance our services.
• continuously update our privacy and security practices according to technological and regulatory advancements.

Our AI service partners, including Azure and OpenAI on Azure, follow stringent EU-based data retention policies, deleting all customer-related data immediately after use, except where retention is legally necessary. Additionally, our suppliers do not use any customer data to train their AI models, and we maintain Data Processing Agreements (DPAs) with them to ensure strict adherence to data protection standards.

Anonymisation Pipeline

We employ a robust anonymisation pipeline that ensures customer data remains entirely anonymous before processing within AI or analytics systems. This pipeline consists of:

1. Metadata Stripping

All metadata linking text back to original users or sources—such as user IDs and timestamps—is removed at the outset. Multiple interactions from the same user are handled separately to prevent correlation.

2. Dictionary-Based PII Detection

Our system uses comprehensive dictionaries and rule-based detection (not generative AI) to identify and anonymize personal data, including names, addresses, and location references. Identified data is replaced with tokens such as <PERSON> or <ADDRESS>. For locations, size-based categories (e.g., <CITY (Large)>) may be applied without revealing specifics.

3. Statistical Post-Processing

To enhance accuracy and minimize false positives, statistical checks refine our dictionary-based methods. These checks primarily update dictionaries and detection rules, rather than analyzing live data.

Example of Anonymisation

Original:

“We drove to Stockholm for a quick getaway. The city is always busy, and we stayed at Johanna’s apartment on Kungsgatan. We had a great time until the faucet broke and we had to call the landlord, Oskar, for help.”

Anonymised:

“We drove to <CITY (Large)> for a quick getaway. The city is always busy, and we stayed at <PERSON>’s apartment on <ADDRESS>. We had a great time until the faucet broke and we had to call the landlord, <PERSON>, for help.”

Through this approach, we ensure comprehensive privacy while maintaining service excellence and innovation.

Prevention of De-Anonymisation or Re-Identification
Through the multi-step approach mentioned above—metadata removal, dictionary-based PII detection and replacement, and statistical refinement—Netigate ensures that no identifiers remain within the data. Because each layer of anonymisation is designed to break the link between responses and specific individuals, any attempts to correlate or match this data with external sources will fail. In other words, the combination of stripping metadata, tokenising personal details, and isolating testing environments guarantees that anonymised data cannot be reverse-engineered to uncover respondents’ PII.