AI | Data privacy disclaimer

AI features in EclecticIQ Intelligence Center (IC) are optional features that you or your system administrator have to configure before they can be used. When used, you send some of your data to the integration configured for that feature so that it can generate responses.

EclecticIQ is dedicated to maintaining transparency by offering clear explanations about how our AI systems function and how they process personal data, ensuring users are well-informed about the use of their information.

EclecticIQ’s AI features do not engage in automated decision-making or profiling that produces legal effects concerning users or similarly significantly affects them without human intervention.

Usage of AI features is subject to EclecticIQ’s Terms of Use and platform security standards. Users remain responsible for reviewing integration settings in accordance with their internal security requirements.

This disclaimer will be regularly reviewed and updated to reflect changes in our AI data processing practices and to ensure ongoing compliance with evolving data protection regulations, including GDPR and the EU AI Act.

General overview

The AI features in IC are integrated in its user interface (UI), as well as its back-end and database.

These features work by:

1. Gathering the information users provide and some relevant information from your databases.

2. Entering this information in a pre-defined prompt.

3. Sending that prompt to the AI integration configured for that specific feature.

4. Receiving the response from the AI integration.

5. Rendering this response in the UI with the appropriate outcome.

This is the generally the case for all AI features. When your data is sent to the AI integration in step 3, you entrust that integration’s provider with your data. They are responsible for storing it securely and they may or may not train their models with your data.

User responsibilities and rights

By using the AI capabilities within IC, you acknowledge and agree that:

• EclecticIQ is not liable for the operation of third-party AI integrations.

• Users are responsible for reading and understanding the terms and conditions of any AI providers before integrating.

• Users assume all risks associated with the use of third-party AI integrations.
  
  

As per GDPR, users have the right to:

• Access: Obtain information about their data processed by AI.

• Rectification: Correct inaccuracies in their data used by AI.

• Erasure: Request deletion of their data from AI systems, subject to legal and contractual obligations.

• Objection: Challenge AI-based processing decisions impacting them significantly.

• Data Portability: Receive their data in a structured format for transfer to another service provider.

To exercise these rights, contact the AI provider(s) with whose LLMs you have integrated to use AI features in EclecticIQ.

Personal data

In your IC, personal data may be collected and processed to provide personalized services, enhance threat intelligence capabilities, and improve overall user experience. This is the same as data gathered about other, non-AI features in IC.

Processing of personal is based on the following legal grounds:

• Performance of a Contract, i.e. processing this data is necessary for delivering services as agreed with the user.

• Legitimate Interests, i.e. enhancing service security and functionality, provided these interests do not override user rights and freedoms.”

We implement robust security measures to protect the personal data we process, including encryption, anonymization, and strict access controls, to prevent unauthorized access and ensure data integrity.

Users are strongly advised not to submit any personal data, classified threat intelligence, or other confidential content to AI features, unless the AI provider explicitly guarantees non-retention and privacy safeguards.

Data saved by Intelligence Center

Your IC instance saves data related to your use of AI features, such as the AI Assistant’s chat log.

• If your IC instance is hosted by EclecticIQ, we may use this data for the express purpose of responding to users’ support requests.

• If you have an IC instance that is hosted on your premises, we may ask you for this data for the express purpose of responding to users’ support requests.

Data governance

Each AI provider handles the data you send it in a different way. EclecticIQ does not gather or use customer data for AI development. Third-party AI providers that you choose to integrate with (OpenAI, Perplexity.ai, or any LLM integrated through Ollama) might gather and use customer data for AI development. Be sure to check their terms and conditions prior to integrating if you want to opt-out of such data gathering.

Read the different provider cases below and learn how your data is processed with different integrations:

• Integration with a third-party’s AI (e.g. OpenAI, Perplexity).

• Integration with EclecticIQ’s AI.

• Integration with your own AI.

Third-party AI providers

When you integrate with a third-party’s AI, EclecticIQ is not liable for the data sent to that provider as part of the prompt. Any data you submit to a third-party provider, including cybersecurity intelligence that is part of Entities of Observables included in a request (e.g. intelligence included in the generation of a Report entity), may be used by that third-party provider for AI training or other purposes.

Make sure to familiarize yourself with the AI provider’s privacy practices and terms of use before integrating to see if and how they use information you send them and whether you can opt out of any data collection:

• OpenAI

• Perplexity

EclecticIQ AI integration

When you integrate with an EclecticIQ provided AI integration, the prompts created in your AI interactions are sent to an AI model hosted by EclecticIQ for your IC instance. In effect you are interacting with a private AI that no one else interacts with.

The LLMs hosted by EclecticIQ have not been trained on customer data. EclecticIQ does not gather or use customer data for the purpose of training AI models. Data users send to EclecticIQ hosted AI integrations is not saved in the models.

EclecticIQ is committed to ensuring that all personal data processed through our AI systems complies with the General Data Protection Regulation (GDPR) and the European Union AI Act.

Self-hosted AI integration

When you self-host an AI model and integrate with it, you are liable for how the information sent to that model is processed and securely stored.