Compliance and
Information Security

Overview

CoLoop is an AI research tool produced by Genie Technology, Inc. We are a US company operating out of London, United Kingdom. The tool consists of a chat based interface that is able to search, summarise and answer questions about user uploaded qualitative research material such as interview transcripts.


Data Handling and Privacy

  • Uploaded files will be encrypted in transit and at rest using web security standards (TLS / AES-256)

  • Raw files are retained on servers hosted by AWS in the region chosen when creating the project (us-east-1 (US); eu-west-2 (UK); eu-west-1 (EU))

  • Derived outputs (transcripts, vectors, features) are stored and processed on servers in us-east-1 and by 3rd parties in the manner outlined below

  • Data can only be accessed by the associated user account and, if on a team plan, by any linked organisation they are a member of

  • Files can be deleted by the user in the platform - once this is done all data is entirely deleted including backups

  • User accounts are password protected using Clerk

  • In the event of users being locked out or facing support issues Adrien Wald (CTO) or Jack Bowen (CEO) can, with your express permission, access and resolve any issues with your account


Third Party Services

We rely on the following third party services:

Amazon Web Services

  • Cloud provider used by us for web hosting, file storage, search indexes and chat history

  • All instances are operated by us remotely and physically located in:*

  • us-east-1 (N. Virginia) All other instances for web hosting, file storage*, chat history are located here

  • Additional details about their data processing here

*users can now elect to choose where to store raw files uploaded to CoLoop. New regions now include EU, UK and US.

Open AI (US)

  • AI Model provider used by us for generating text and indexes for search

  • We currently use the following models: GPT-3.5, GPT-4, Embeddings

  • Data is retained for as long as required to provide their service and prevent misuse

  • No data submitted to OpenAI is used for training of models either by them or by us

  • Copy of our DPA with OpenAI: here

Cohere (US)

  • AI Model provider used by us for generating text and indexes for search

  • We have enabled “’Eyes off’ monitoring” with all Cohere APIs:

    “Customer shall be able to specify which of their Cohere API Saas Services related API traffic should be treated as “Eyes Off”, pursuant to which Customer Content (a) will not be logged for human review and (b) will not be saved to disk.”

  • API calls made to Cohere will be monitored for misuse automatically


Link to data usage policy and privacy policy here


Pinecone / Google Cloud Platform (US)

  • Vector search provider used by us for indexing and searching files

  • This runs on an instance hosted within Pinecone's Google Cloud Platform account in us-east-1

  • Data is retained for as long as the underlying files exist on CoLoop

  • They can be deleted at any point from the app after which all data is removed immediately

  • Additional details about their data processing available here and here


Clerk (US)

  • User access management for secure login

  • Clerk currently requires and processes your email + password combination

  • Clerk does not process any files, uploaded or generated content

  • Sign in uses 2 factor authentication

  • User information held by Clerk can be removed upon request by contacting adrien@coloop.ai or jack@coloop.ai

  • Additional details about their data processing here


Assembly AI (US)

  • Transcription service for converting audio to text

  • Currently processes audio files of interviews in order to convert them to text

  • Data uploaded to AssemblyAI is not retained and is removed immediately after inference is provided.

  • Additional details about their data processing here


PostHog (US)


RunPod Secure Cloud (US)

  • Severless GPU inference

  • This is used to efficiently generate embeddings in a scalable manner

  • Secure pods are hosted by approved partners in T4 data centres

  • They are racked alongside machines responsible for running sensitive government and healthcare workloads

  • No data is persisted on these instances

  • Additional details about their data processing here


DeepL

  • Automated translation service

  • This is used to power translation features within CoLoop

  • Data provided to DeepL is retained for only as along as required to produce and return the translation

  • Full details of their privacy policy available here


How to contact us

  • We are available 9-5 UK BST / Monday - Friday

  • We can be reached by email at either jack@coloop.ai (general support) or adrien@coloop.ai (technical support)

  • We suggest setting up a shared Slack or Teams group for direct messaging