Compliance and
Information Security
Overview
CoLoop is an AI research tool produced by Genie Technology, Inc. We are a US company operating out of London, United Kingdom. The tool consists of a chat based interface that is able to search, summarise and answer questions about user uploaded qualitative research material such as interview transcripts.
Data Handling and Privacy
Uploaded files will be encrypted in transit and at rest using web security standards (TLS / AES-256)
Raw files are retained on servers hosted by AWS in the region chosen when creating the project (us-east-1 (US); eu-west-2 (UK); eu-west-1 (EU))
Derived outputs (transcripts, vectors, features) are stored and processed on servers in us-east-1 and by 3rd parties in the manner outlined below
Data can only be accessed by the associated user account and, if on a team plan, by any linked organisation they are a member of
Files can be deleted by the user in the platform - once this is done all data is entirely deleted including backups
User accounts are password protected using Clerk
In the event of users being locked out or facing support issues Adrien Wald (CTO) or Jack Bowen (CEO) can, with your express permission, access and resolve any issues with your account
Third Party Services
We rely on the following third party services:
Amazon Web Services
Cloud provider used by us for web hosting, file storage, search indexes and chat history
All instances are operated by us remotely and physically located in:*
us-east-1 (N. Virginia) All other instances for web hosting, file storage*, chat history are located here
Additional details about their data processing here
*users can now elect to choose where to store raw files uploaded to CoLoop. New regions now include EU, UK and US.
Open AI (US)
AI Model provider used by us for generating text and indexes for search
We currently use the following models: GPT-3.5, GPT-4, Embeddings
Data is retained for as long as required to provide their service and prevent misuse
No data submitted to OpenAI is used for training of models either by them or by us
Copy of our DPA with OpenAI: here
Cohere (US)
AI Model provider used by us for generating text and indexes for search
We have enabled “’Eyes off’ monitoring” with all Cohere APIs:
“Customer shall be able to specify which of their Cohere API Saas Services related API traffic should be treated as “Eyes Off”, pursuant to which Customer Content (a) will not be logged for human review and (b) will not be saved to disk.”
API calls made to Cohere will be monitored for misuse automatically
Link to data usage policy and privacy policy here
Pinecone / Google Cloud Platform (US)
Vector search provider used by us for indexing and searching files
This runs on an instance hosted within Pinecone's Google Cloud Platform account in us-east-1
Data is retained for as long as the underlying files exist on CoLoop
They can be deleted at any point from the app after which all data is removed immediately
Additional details about their data processing available here and here
Clerk (US)
User access management for secure login
Clerk currently requires and processes your email + password combination
Clerk does not process any files, uploaded or generated content
Sign in uses 2 factor authentication
User information held by Clerk can be removed upon request by contacting adrien@coloop.ai or jack@coloop.ai
Additional details about their data processing here
Assembly AI (US)
Transcription service for converting audio to text
Currently processes audio files of interviews in order to convert them to text
Data uploaded to AssemblyAI is not retained and is removed immediately after inference is provided.
Additional details about their data processing here
PostHog (US)
Product analytics service for monitoring performance
Post Hog collects analytics events for the purpose of improving the product
User information held by PostHog can be removed upon request by contacting adrien@coloop.ai or jack@coloop.ai
RunPod Secure Cloud (US)
Severless GPU inference
This is used to efficiently generate embeddings in a scalable manner
Secure pods are hosted by approved partners in T4 data centres
They are racked alongside machines responsible for running sensitive government and healthcare workloads
No data is persisted on these instances
Additional details about their data processing here
DeepL
Automated translation service
This is used to power translation features within CoLoop
Data provided to DeepL is retained for only as along as required to produce and return the translation
Full details of their privacy policy available here
How to contact us
We are available 9-5 UK BST / Monday - Friday
We can be reached by email at either jack@coloop.ai (general support) or adrien@coloop.ai (technical support)
We suggest setting up a shared Slack or Teams group for direct messaging