Hosting, Architecture, and Configurations

Cloud-Based Services

The cloud-based Brewit.ai services are operated on a multitenant architecture at both the platform and infrastructure layers. This infrastructure is provided and hosted by Amazon Web Services, Inc. (“AWS”). Information about security provided by AWS is available from the AWS Security website. Information about security and privacy-related audits and certifications received by AWS, including information on SOC reports, is available from the AWS Compliance website.

Self-Hosted Services

In the near future, we will have this feature where companies can host Brewit.ai in their own cloud, which means that we will not have any access to the company’s data.

Storage of Customer Data

When you connect to your own database or external APIs, Brewit.ai does not store Customer Data but rather proxies requests to that database and applies the credentials server-side. Brewit.ai is architected this way because having the end-user’s browser connect directly to the database would require you to provision every user individually, rather than just the Brewit.ai server, which would potentially expose credentials.

OpenAI Usage

Brewit.ai uses OpenAI API (GPT-4) to generate data analysis code so that customers can easily extract insights and create data visualizations. Brewit.ai only passes data metadata to OpenAI API: table description

  • column name
  • column type
  • column description
  • joins & constraints

OpenAI never has access to your actual data files and databases.

OpenAI will not use our customer’s data to train their model. Details can be found here: OpenAI Enterprise Privacy

Confidentiality and security controls

Confidentiality

Brewit.ai places strict controls over its employees’ access to customer’s data and chat history. The operation of the Brewit.ai services requires that some employees have access to the systems that store or process this information and data. For example, in order to diagnose a problem you are having with the Brewit.ai services, we may need to access your account. These employees are prohibited from using these permissions to view Customer Data unless it is necessary to do so. We have technical controls and audit policies in place to ensure that any access to your account is logged. All of our employees and contract personnel are bound to our policies regarding confidentiality and we treat these issues as matters of the highest importance within our company.

Data Encryption

Brewit.ai use industry-accepted encryption products to protect Customer Data during transmissions between your network and Brewit.ai, and when at rest. Brewit.ai support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Brewit.ai monitors the changing cryptographic landscape closely and works promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, Brewit.ai does this while also balancing the need for compatibility with older data sources.

Deletion of Customer Data

Brewit.ai provides the option for users to delete Customer Data stored at any time during a subscription term. Within 24 hours, Brewit.ai hard deletes all Customer Data from currently running production systems. Brewit.ai maintained backups of services and data are destroyed within 30 days (backups are destroyed within 30 days, except that during an ongoing investigation of an incident such period may be temporarily extended).