Kernl, AI and the Australian Privacy Principles

Utilising Kernl, which leverages OpenAI’s API, provides a secure and compliant environment for handling PII. OpenAI’s commitment to data privacy, robust security measures, and adherence to international standards make it a reliable choice for Australian organisations concerned about data security and privacy.

Kernl integrates OpenAI’s API platform, designed with robust security measures and privacy protocols to handle Personally Identifiable Information (PII) responsibly, aligning with Australian data protection standards.

1. Data Usage and Model Training

By default, OpenAI does not use data submitted through its API to train or improve its models. This means that any inputs or outputs processed via Kernl are not utilised for model training.

2. Data Encryption and Security Measures

All data transmitted to and from OpenAI’s services are encrypted using industry-standard protocols: AES-256 encryption for data at rest and TLS 1.2 or higher for data in transit. These measures ensure that your data remains secure against unauthorised access.

3. Data Redaction

We take data security seriously by ensuring that personally identifiable information (PII) is not exposed to external large language models (LLMs). Before any message reaches an external LLM, we use a best in class machine learning tool, to detect and redact PII. The AI then works with placeholder values, and as the response is streamed back to the user, we replace those placeholders with the original values in real time. This means the user experiences a seamless conversation, while the AI never sees any sensitive data. Redaction occurs both in the input (user message, chat history, and system context) and in the outputs of tool calls, all without compromising our real-time streaming capabilities.

4. Compliance with International Standards

OpenAI’s API services adhere to several international compliance standards, including SOC 2 Type 2, CCPA, and GDPR. These certifications confirm that OpenAI’s data handling practices meet rigorous security and privacy requirements.

5. Data Retention Policies

Kernl has a zero day data retention policy in place with OpenAI

6. Audio retention

Kernl does not retain any audio data. Audio is processed solely for the purpose of generating transcripts, after which it is immediately discarded. No audio recordings are stored or accessible after transcription is complete.