Building responsible AI is a part of Zendesk’s commitment to providing our customers with trusted products and solutions. Zendesk leverages a set of design principles with respect to our AI products, which include privacy, security and compliance by design.
No generative content trained on customer data
It is important to note that Zendesk’s proprietary machine learning models are not generative in nature, meaning, they do not produce passages of free text, images, or code, as is the case for many popular consumer-facing AI solutions. Because the outputs of these models are labels rather than content, they do not create the risk of customer data being reproduced or shared in an improper context.
Protection of customer data
As part of our commitment to protecting customer data, we take additional measures to sanitize your data before using it to train any of our models that could be used by other customers. These include:
- All data fields specific to identifiers (e.g., fields for username and email address) are excluded from the training dataset.
- A natural language processing algorithm is applied to identify and remove certain identifying information that is not relevant to the model in the remaining free text fields from the training dataset.*
- Data is converted into machine-readable format. This is typically accomplished using a “tokenization” process which converts free text into numerical vector form, with the resulting vector not human readable without the use of an associated tokenizer.
*For Ultimate, customers directly determine how to sanitize the training dataset. The sanitation methods for messages detect different categories of personal data in the messages and replace these values with an anonymous label corresponding to the detected categories using content entities. For example, email addresses are replaced with <EMAIL> labels, bank account numbers are replaced with <IBAN> labels, and so forth. <EMAIL> and <IBAN> placeholders are examples of the default and pre-defined content entities. Here is a list of commonly used content entities.
No training datasets are stored within any Zendesk model, and customer data will at all times remain subject to our existing security and privacy commitments, including as outlined in our:
No effect on current agreements
Your use of any Zendesk AI functionality will not impact your existing agreement(s) with Zendesk. If you entered into a Data Processing Addendum (DPA) with Zendesk, the terms of that DPA will continue to apply to your use of the Services. (Please note that EAPs are subject to separate terms.)
Generative AI
In addition to the Zendesk proprietary machine learning models, Zendesk also offers a number of generative AI features supported by third-party LLMs such as OpenAI. Zendesk uses pre-trained models, and no third-party will use your inputs to train their models or otherwise improve their services.
While Zendesk may process customer data through third-party LLMs - either as part of the Services or to improve Zendesk features and functionality, Zendesk implements safety measures to protect the security of customer data. For example, for all customer data processed through OpenAI, Zendesk uses 'zero data retention' endpoints, which means that data is only temporarily processed by OpenAI in memory, and never saved to disk or persisted in any logging mechanism. For eligible Zendesk customers requiring European data locality, Zendesk leverages OpenAI's EEA and Swiss API endpoints which ensures that data is processed by OpenAI in the EEA and Switzerland only.
0 comments