🔐Data Security

What data will be collected by TrusstGPT?

Refer to “Where is TrusstGPT deployed/located”. Trusst AI does not have any access or visibility of your customers data, nor the data inputted/outputted to/from TrusstGPT. TrusstGPT is deployed into an AWS account owned and managed by you, the customer.

TrusstGPT is designed to ingest and process conversational data to produce rich insights into customer engagement touch points. The format of this conversational data can be in the following formats:

• Audio - streamed or batch ingestion of recordings of conversations, e.g. call recordings, meetings, etc.

• Text - streamed or batch ingestion of transcripts of conversations, e.g. call transcripts, chat transcripts, bot-transcripts, social feeds, complaints, survey results (verbatim), customer profile data (CRM/CDP), emails etc.

• Documents - batch ingestion of documents containing data about interactions with customers, e.g. mail, claims documents etc.

How does TrusstGPT manage/handle/store/process data?

Dependent on the use case, TrusstGPT processes conversational data in the following formats, each of which are handled accordingly:

Voice (audio):

1. TrusstGPT ingests raw audio feeds via real-time or batch process, e.g. Kinesis Video Stream, or Amazon S3 from the audio source, e.g. CCaaS (contact center) platform or customer cloud storage platform.

2. Audio is then transcribed/translated using Trusst Lissten (transcription/translation engine).

3. Transcribed audio is then stored in DynamoDB (retention is managed by DynamoDB retention policy configured by the customer)

4. Transcripts are then de-identified to remove personally identifiable information (PII) or Payment Card Industry Data (PCI).

5. Redacted transcripts are then used during inference with TrusstGPT’s large language models.

6. Outputs are then stored in Amazon DynamoDB and Amazon Redshift Serverless databases and presented to users in the TrusstGPT web interface (access controlled by Roles Based Access Control via Amazon Cognito and AWS IAM), e.g. TrusstGPT “InteractIQ”, or “DataDialog” pages.

Text:

1. TrusstGPT ingests text transcripts (call transcripts, bot-transcripts, social feeds, complaints, survey results etc.) via real-time or batch process, e.g. Kinesis Data Stream, or Amazon S3 from the text source, e.g. customer’s transcription engine or customer cloud storage platform.

2. Transcripts are then de-identified to remove personally identifiable information (PII) or Payment Card Industry Data (PCI).

3. Redacted transcripts are then stored in DynamoDB (retention is managed by DynamoDB retention policy configured by the customer)

4. Transcripts are then used during inference with TrusstGPT’s large language models.

5. Outputs are then stored in Amazon DynamoDB and Amazon Redshift Serverless databases and presented to users in the TrusstGPT web interface (access controlled by Roles Based Access Control via Amazon Cognito and AWS IAM), e.g. TrusstGPT “InteractIQ”, or “DataDialog” pages.

Documents:

1. TrusstGPT ingests documents (claims, internal reports, meeting minutes etc.) via real-time or batch process, e.g. Kinesis Data Stream, or Amazon S3 from the text source, e.g. customer’s experience management platform (Qualtrics/InMoment etc.) or customer cloud storage platform.

2. Documents are processed by TrusstGPT’s Optical Character Recognition capability to extract relevant context from the documentation.

3. Context from the documents is then stored in DynamoDB (retention is managed by DynamoDB retention policy configured by the customer)

4. Context is then used during inference with TrusstGPT’s large language models.

5. Outputs are then stored in Amazon DynamoDB and Amazon Redshift Serverless databases and presented to users in the TrusstGPT web interface (access controlled by Roles Based Access Control via Amazon Cognito and AWS IAM),e.g. TrusstGPT “InteractIQ”, or “DataDialog” pages.

How does TrusstGPT handle personally identifiable information (PII) or Payment Card Industry (PCI) data?

Before storing data, or processing data with TrusstGPT’s large language models, data is de-identified to redact and remove personally identifiable information (PII) or Payment Card Industry (PCI) data.

Where does TrusstGPT process data?

TrusstGPT is deployed into the customer's AWS account which the customer uses to subscribe to TrusstGPT. This is in the AWS region which the customer specifies during deployment. As a result, no data is exposed to any external parties the customer does not provide explicit access to (including Trusst AI). Trusst AI has no visibility or access to any data in the customer's AWS Account.

Where will data be stored?

Outputs from TrusstGPT are stored in Amazon DynamoDB and Amazon Redshift Serverless in the same customer owned AWS account and region which TrusstGPT is deployed into.

Will the Amazon S3 buckets be publicly accessible?

No. The deployment of TrusstGPT does not create any buckets that are required to be publicly accessible.

How is data secured at rest and in transit?

Stored inputs and outputs to/from TrusstGPT are encrypted at rest and in transit.

Encryption at rest provides enhanced security by encrypting all your data at rest using encryption keys stored in AWS Key Management Service (AWS KMS).

How long will data be stored?

By default, inputs/outputs to/from TrusstGPT are stored indefinitely in your AWS account, and protected by deletion protection. The retention period of stored inputs and outputs to/from TrusstGPT can be controlled using configurable retention policies. These can be configured at an AWS account level that apply policies defined by your organization, or otherwise by using TrusstGPT’s management interface, where you can specify how long you want to retain TrusstGPT specific data.

How will it be removed?

Inputs/Outputs to/from TrusstGPT can be removed by access controlled processes within your AWS account. Depending on which data you are looking to delete, e.g. data relating to an individual contact, or all data relating to all contacts, this data can be removed by deleting the individual items, or all items from their respective data stores in Amazon DynamoDB and Amazon Redshift Serverless, or deleting the entire AWS CloudFormation application/stacks.

Who will have access to data inputted/outputted into/from TrusstGPT?

Access to TrusstGPT inputs/outputs are controlled at two top levels, 1. Via Amazon IAM at an AWS Account level, restricting access to the individual AWS components of the solution, 2. Via the TrusstGPT Management interface, which restricts access via Amazon Cognito to create/read/update/delete specific functions using roles based access control.

What is the recommended policy of least privilege for all access granted to the solution?

To optimally secure TrusstGPT within your AWS environment, it is crucial to adhere to the principle of least privilege. This approach ensures that permissions are only granted where absolutely necessary, thus minimising potential security risks. Below, we outline the responsibilities and recommended strategies to implement this policy effectively.

Customer Responsibilities

As TrusstGPT operates within your AWS account, you hold a pivotal role in enforcing security. It is essential to:

• Audit Existing Policies: Regularly review and restrict IAM roles and permissions to what is necessary for users and services to perform their intended functions.

• Secure Endpoints: Ensure that all endpoints interacting with TrusstGPT are secured and that access controls are tightly managed.

• Monitor Activity: Utilise AWS CloudTrail and other monitoring tools to keep a vigilant eye on operations involving TrusstGPT, swiftly identifying and addressing any unusual or unauthorised activities.

Trusst AI Commitments

Trusst AI is dedicated to providing a robustly secure application. We take the following measures:

• Secure Authentication Mechanisms: TrusstGPT leverages AWS IAM and Amazon Cognito for authentication, rigorously following AWS best practices to safeguard these interactions.

• Continuous Security Updates: Our team consistently updates the application to incorporate the latest security measures and respond to emerging threats.

• Trusst AI leverages stringent rule packs within cdk-nag utility to enforce TrusstGPT's AWS Cloud Development Kit (AWS CDK) compliance with best practices.

• An up to date Threat Model which can be imported to https://awslabs.github.io/threat-composer/ is available on request.

By jointly focusing on these areas, we can ensure that TrusstGPT operates securely within your infrastructure, protecting both your data and your operations from potential threats.

What is the purpose and location of each key the user is instructed to create?

AWS Redshift Serverless credentials are created during the deployment via AWS CDK. These credentials are written to AWS Secrets Manager and used to query the database for analytics in TrusstGPT user interface. These credentials are rotated by Secrets Manager every 30 days.

How are stored secrets such as database credentials maintained in AWS Secrets Manager?

Here’s how TrusstGPT utilises Secrets Manager to maintain and protect stored secrets like Redshift database credentials:

Secure Storage

AWS Secrets Manager encrypts the secrets at rest using encryption keys that you control through AWS Key Management Service (KMS). This means that only encrypted versions of your secrets are stored, safeguarding against unauthorised access.

Access Control

Access to the secrets is strictly controlled using AWS Identity and Access Management (IAM) policies. You can define who can retrieve or manage secrets, ensuring that only authorised applications and users have access.

Audit and Monitoring

AWS Secrets Manager integrates with AWS CloudTrail, which logs every request made to Secrets Manager, including requests to retrieve a secret. This allows you to audit access to your secrets and detect any potential misuse or unauthorised access.

Disaster Recovery

Secrets are replicated across multiple AWS regions when configured, providing redundancy and ensuring availability. You can recover these secrets if needed, contributing to robust disaster recovery practices.

Direct Integration

For operational efficiency, AWS Secrets Manager directly integrates with other AWS services. In the case of TrusstGPT, the secrets stored for Redshift credentials can be seamlessly retrieved and used by AWS services that require database access, without exposing the credentials in application code or logs.

By utilising AWS Secrets Manager, TrusstGPT ensures that your Redshift database credentials are managed securely, supporting both the integrity and confidentiality of your data.