Here, you'll find answers to the most common questions our customers and visitors ask. We've compiled this resource to provide you with quick, reliable information about our products, services, and policies. If you don't see your question addressed below, please don't hesitate to contact our customer support team for personalized assistance.
Question | Answer |
Where does SurePath AI save the "original message" of conversation (that might contain PII) history and for how long? | SurePath AI stores the conversation encrypted internally in a database. We keep data for 30 days. You also have the option to send this information to a logging destination. Once the information is at the log destination (and S3 bucket for example) it's up to you to secure it and remove it. SurePath AI can NOT delete information from these destinations. |
What public GenAI sites does SurePath AI do in-line sensitive data identification and removal for? | SurePath AI provides sensitive data detection on the most used public GenAI sites. In the Public Services section of the Admin interface they show PROMPT INTERCEPT support. We provide ACCESS CONTROL governance for all sites that we know of. If you allow a group access to an ACCESS CONTROL site they need to be reminded that SurePath AI will NOT record, evaluate, or stop sensitive data from being passed to the site. |
How can I add a new Public GenAI tool to the list of available services? | Just send us the URL of the new site and we'll have it added fairly quickly. These will be added as ACCESS CONTROL. We will add a self service tool in the future. |
Can we apply sensitive data settings to the Private Portal? | The Private Portal or portal.surepath.ai uses LLMs that are contracted by you with your cloud provider and do not train on learn your information. These should be treated as like internal resources and should not need data redaction. SurePath AI could add this in the future, please contact us if this is needed for your use-case. |
Where can I export log data to? | We currently support exporting user activity and other log information to an AWS S3 bucket that is managed by the customer. This will expand to other clouds in the future. |
Can we control the version of LLM a user selects when using a public GenAI tool? | No. We do not have this capability today. |
Can we block the 18 HIPPA PHIO items? | We can block 9 of them today. |
Can we add a new item to the Sensitive Data list? | In the future we will add the capability to add your own fields to the existing list. |
Can we redirect from all public AI sites into a specific public AI site (example: You have purchased Microsoft Copilot we want to direct any public LLM to that service)? | Yes. We give you the option to redirect users to the Private Portal, or to a URL of your choice. This could include another GenAI site. |
Does SurePath AI have different levels of services? | If you are a SurePath AI customer, you have access to all of the features and functionality that we offer. |
How often do we update the list of public GenAI sites? | We add sites as we find them or they are brought to our attention. This can happen at any time/day. The list of sites needs to be added to your redirection tool and we would not recommend doing this more than once a week unless something specific becomes available that you want to control access to immediately. |
Do we support a GovCloud or FedRAMP deployment? | Not today, but if a customer requires this we will make it happen to support them. |
How do we authenticate and use RBAC to access Data Sources? | Users are assigned to groups in your Directory Services. Those groups are then used to provide access to the Data Sources. |
Does SurePath AI train or store customer information and if so, for how long? | We do not train or save data for training purposes. We store information for retrieval by our customer (user activity and logs). The information is purged after 30 days from its creation. |
Does SurePath AI act like a proxy? | For Public GenAI sites we do. The private Portal is direct access. |
Is SurePath AI dependent upon external data leak protection platforms? | No. We do all of our own detection and remediation. |