Learn more about how Atlan AI processes and stores your data:
What services does Atlan AI use?
Atlan uses Azure OpenAI Service to power Atlan AI. Specifically, Atlan uses GPT-4 Turbo, a large, pretrained AI model.
What data does Atlan send to the AI service?
Atlan does not send any data to the AI service. Atlan only sends metadata for supported capabilities.
For example:
- Atlan AI-suggested asset descriptions β table, view, column, database, or schema name.
- Atlan AI-suggested term descriptions β glossary name and description, category name and description, and term name.
- Atlan AI-suggested lineage explanations β SQL transformations in lineage with upstream and downstream asset names.
- Atlan AI-generated SQL queries β table name, type, and description, selected database and schema name, column name, data type, and description, and associated certificates, terms, and tags.
- Atlan AI-suggested aliases β table, view, column, database, or schema name.
- Atlan AI-suggested READMEs for terms β glossary, category, and term name and description, and any existing READMEs within the same glossary.
Does Atlan use any metadata or data to train Atlan AI?
No, Atlan does not use your metadata or data for fine-tuning or training AI models.
Is the data processed through Atlan AI encrypted?
Atlan makes HTTPS requests from your tenant, applicable to all supported cloud platforms. The data is encrypted in transit using TLS 1.2, AWS PrivateLink, or Azure virtual network peering. Atlan uses 256-bit Advanced Encryption Standard (AES-256) algorithm to encrypt data at rest.
How does Atlan ensure security development of Atlan AI?
Atlan AI follows OWASP Top 10 that includes application security reviews and Static Application Security Testing (SAST) tools.
Does Atlan AI comply with any governance or legal frameworks?
While Atlan is HIPAA and GDPR compliant, Atlan AI is currently not. As Atlan AI matures, compliance continues to be our key focus.
Does Atlan AI process PII or other sensitive data?
Atlan AI only processes user input and metadata, which typically do not contain PII or sensitive data. However, it is the organization's responsibility to ensure that PII or other sensitive data is not available in the metadata or shared via user input.
What is the data retention policy for Atlan AI?
Atlan does not store any data for Atlan AI.
This is enforced in the following two ways:
- Atlan has an exemption from Microsoft to not store any data. Keeping data sensitivity in mind, Atlan has opted out of abuse monitoring and human review from Azure OpenAI Service.
- Only the metadata generated using Atlan AI is cataloged in Atlan.
How does Atlan manage security vulnerabilities for Atlan AI?
Vulnerabilities and incidents are managed in accordance with the existing program and policy.
How does Atlan manage the performance and scale for Atlan AI?
We utilize the scalability of our existing cloud infrastructure while relying on Azure OpenAI.