Ethical AI, Designed to Do Good
At InsightBox, we believe AI should serve people — not the other way around.
That’s why our tools are built inside a protected environment (often called a “walled garden”). This means everything your team shares stays safe and private, and nothing gets passed into the wider internet or general AI systems. Your data stays yours.
Our AI doesn’t learn from random sources — it’s been trained using evidence-based models that we’ve created, tested, and refined in real-world settings. Every insight it gives is grounded in proven research and practical outcomes.
We’re also committed to AI for good. That means applying our technology where it’s needed most — to help schools, public services, and organisations solve human problems with care, fairness, and transparency.
Because intelligence should always come with integrity.
Data Usage Policy
At InsightBox, we prioritize the privacy, ownership, and security of your data. This policy outlines how your data is handled, processed, and protected when using our AI-powered services, which are built using the OpenAI API.
1. Your Data Is Yours
- All content, prompts, responses, and metadata submitted to or generated by our application is owned by you, the customer.
- We do not claim any rights to use, reproduce, or share your data beyond providing the contracted services.
2. No Training on Your Data
- All AI processing is done via the OpenAI API, where customer data is not used to train OpenAI’s models.
- This applies to all models used, including GPT-4 and GPT-3.5-turbo.
- We have explicitly not opted in to OpenAI’s data sharing or training programs.
As per OpenAI’s data usage policy: “Data submitted through the API is not used for training OpenAI models.”
2.1 Training and Optimization Within Your Walled Garden
- To improve the performance and relevance of AI features specifically for your organization, we may use your data to fine-tune models or build custom workflows — but only within your private environment.
- This training is isolated, meaning your data is never shared with or exposed to other customers, nor is it used to train OpenAI’s general-purpose models.
- All model improvements, fine-tuning, and retrieval systems are deployed solely for your use, ensuring your proprietary insights remain confidential and tailored to your business needs.
3. Data Isolation ("Walled Garden")
To ensure that your data is completely separate from other customers:
- Each customer’s data is stored, processed, and managed independently.
- Logical and structural separation is enforced at the database level (e.g., dedicated schemas, tenant IDs).
- No data is shared between customers or used in any shared training context.
4. Security Measures
We follow industry-standard best practices to protect your data:
- Encryption: All data in transit is encrypted using HTTPS/TLS 1.2 or higher. At rest, data is encrypted using AES-256 or stronger.
- Access Control: Only authorized personnel can access your data, and access is logged and monitored.
- Authentication: Role-based access controls (RBAC) and multi-factor authentication (MFA)are enforced internally.
5. Optional Azure OpenAI for Enhanced Compliance
For customers with additional privacy or compliance requirements (e.g., healthcare, finance, government), we offer the option to deploy services via Azure OpenAI, which provides:
- Geographic data residency
- Stronger tenant isolation
- Enterprise-grade SLAs and compliance certifications (HIPAA, ISO, etc.)
6. Data Retention and Deletion
- You may request data deletion at any time by contacting our support team.
- We retain your data only as long as necessary to provide services or meet contractual obligations.
- Upon termination of service, all customer data is securely deleted, unless otherwise required by law.