Skip to content

Betty: Security, Privacy, Accuracy, and Ethics 

Data Security and Privacy Management 

At the core of Betty's design and operation lies a robust framework for data security and privacy. This framework ensures that your association's information remains protected while providing an efficient and trustworthy AI assistant experience. 

Data Handling and Privacy 

Betty, by default, does not collect or store any data about individual users. This approach minimizes risks associated with personal data handling. An association may want to integrate with their AMS to provide additional, personal context, but even in that case, we recommend against including personally identifying information. User’s may choose to share personal data in the conversations which do get logged, but we can wipe that information out upon request. 

Data Segregation and Access Control 

Each association's knowledge base is maintained separately and only contains content that the organization owns, has permission to access, or is publicly available on the internet. preventing any cross-contamination of information. Access to data is controlled through the strategic placement of the Betty widget, ensuring that only authorized users can access sensitive information when placed behind a member login. Each placement of Betty can be a different instance of Betty that can subscribe to different subsets of the knowledge, based on what a user should have access to in that location. For example, a publicly accessible Betty may have access to a limited number of content sources, while a members-only location and instance of Betty could have expanded access to additional content. 

Privacy Compliance 

Betty is designed with compliance in mind for regulations such as GDPR, CCPA, and HIPAA. By not collecting, transferring, storing, or accessing any personally identifiable information (PII) by default, Betty minimizes privacy risks. Any content supplied by the customer that contains such data will not be included. 

Data Retention and Deletion 

All content provided by the customer (association) remains the property of the customer and is only retained for the purpose of providing the service during the effective term of the agreement. Upon termination, all of the customer’s data is provided to the customer and the customer’s content is deleted from the database in accordance with the terms included in the Master Subscription Agreement. 

Continuous Security Updates 

To stay ahead of potential security threats, any new security protocols or updates are immediately incorporated into Betty's operation, ensuring compliance with the latest security standards. This is largely implemented and supported through hosting with Microsoft Azure for most system infrastructure. 

 

Security Measures 

Data Protection 

Data in transit during regular usage is protected using SSL for all communications between the UI and the Betty API, as well as between the Betty API and content storage systems (Azure SQL) and AI tools like OpenAI. Data at rest is stored in Azure SQL, with access limited to whitelisted IP addresses and standard Microsoft security settings. Vector storage systems are similarly protected, with the added security that vectors are large matrices of numbers that cannot be translated into content. 

Authentication and Authorization 

For most usage, Betty does not handle authentication or authorization directly. The widget is placed on pages controlled by the customer's organization, utilizing their existing access control methods. SAML integration is supported for cases requiring secure user identification. 

Encryption Standards 

SSL is primarily used for data transmission. Betty's API and data storage are hosted in Azure, providing additional layers of security. 

Incident Response 

While the risk of data breaches is minimized due to the lack of personal information storage, Betty has a focus on clear communication with customers, re-establishing a secure environment, and restoring functionality in case of any incidents. 

 

Content Management and Intellectual Property 

Copyright Compliance 

Betty is designed to respect intellectual property rights and copyright laws. We ensure that any third-party content incorporated into Betty's training has proper permissions, with explicit consent obtained from content owners when necessary. 

Proprietary Content Protection 

To protect proprietary and paid content, Betty is equipped with ethical, technological, and contractual guardrails that prevent unauthorized sharing. Any third-party tools such as the language models leveraged by Betty must include clear and strict terms of use regarding what they do with data they receive through normal use. Any companies or tools that do not clearly state they will not use our customer’s data will not be used currently or in the future. The system's design ensures that while Betty helps make associations more efficient and informed, she strictly adheres to ethical principles in content usage. 

Content Format Versatility 

Betty can handle a wide range of content formats, including PDFs, videos, presentations, web pages, and podcasts. This versatility allows for seamless integration of various information sources, creating a comprehensive and accessible knowledge base for your members. As the capabilities of AI increases and handles more formats more effectively, Betty will regularly be updated to handle the latest and greatest tools. 

 

Maintaining Information Accuracy and Relevance 

Handling Outdated or Conflicting Information 

Betty is designed to prioritize the most recent and authoritative content within your association. Regular updates, typically performed daily, ensure that Betty's responses reflect the most current insights and information available. Content that needs to be removed for whatever reason – outdated, incorrect, or just not something the organization wishes to continue using – can be flagged to prevent it from being leveraged again in future conversations by the Betty team or administrative users. 

Content Updates and Maintenance 

Managing and updating new content can be challenging due to the increasing volume and complexity of information. As your organization produces new content, if it’s just more from a source that has already been used for training and supports it, Betty can monitor that source for updates automatically. If it’s from a new source or one that doesn’t allow automatic monitoring, the Betty team or administrative users can explicitly add content to Betty as needed. 

Addressing Bias and Information Accuracy 

Betty sources all responses directly from your association's unique, vetted content, ensuring correct information and reflecting the perspective of your organization. The system is constrained from using any sources other than those provided by your association, eliminating the risk of "hallucinating" or generating unverified content. 

 

Ethical Considerations and Limitations 

Ethical Data Usage 

Betty adheres to strict ethical guidelines in data usage. We do not use any client's data to train other clients' environments. Each environment is trained exclusively on the data provided by the specific association, maintaining the integrity and confidentiality of your information. 

Misuse Prevention 

Betty is equipped with measures to protect against misuse or inappropriate queries. These include the ability to recognize and flag inappropriate language, feedback mechanisms for users and administrators, and role-based access control to prevent unauthorized actions. 

Context Understanding and Nuanced Responses 

While Betty strives to provide accurate and context-aware responses, there are limitations in handling highly complex or nuanced contexts. Betty addresses this by prompting for clarifications when needed and continuously learning from interactions to improve understanding over time. 

Special Considerations for Medical and Scientific Associations 

Using AI in medical or scientific associations requires careful attention to data privacy, bias mitigation, and ethical considerations. Betty is designed with these concerns in mind, prioritizing evidence-based information and transparency in operations. The steerability of Betty to the needs of specific organizations allows for very tailored instructions and rules to control what exactly she is allowed to respond to and how. 

Compliance and Certifications 

While Betty itself does not hold specific industry certifications, it leverages Azure's compliance with standards such as ISO 27001 and SOC 2. The company stays updated with evolving data protection laws and regulations primarily by minimizing exposure to personal information. 

Availability and Reliability 

Betty leverages Azure's high availability features, including system redundancy, regular backups, and auto-scaling capabilities. The service aims for high uptime, relying on third parties with strict SLAs like Azure Function Apps and Azure SQL. 

Support and Integration 

Customer support is provided through a tiered approach, starting with self-service via Betty, 

community support, email support, and escalation to direct phone support for critical issues. Comprehensive documentation and training resources are provided to customers for successful onboarding and deployment. 

 

In conclusion, Betty prioritizes data security, respects intellectual property, maintains information accuracy, and adheres to ethical guidelines. By addressing potential challenges head-on, Betty aims to provide a valuable, trustworthy, and efficient service to your association and its members.