AI Data Handling
How Serpentine processes data when it uses AI and large language models—and the guarantees that apply to your data.
No training on customer data
We do not use customer data to train, fine-tune, or improve foundation models. Customer data is used solely to deliver the requested analysis and is never contributed to any shared or public model.
EU-hosted inference
AI processing runs on infrastructure hosted in EU data centers by default. Where a third-party model provider is used, we contract for EU or EEA processing where available and apply appropriate safeguards for any transfer. We disclose the providers we rely on in our subprocessors list.
Data minimization
- Only the data required for a given task is sent to a model
- Sensitive identifiers are redacted or tokenized where feasible
- Prompts and outputs are retained only as long as needed to deliver the service
- Customers can request deletion of AI-processed artifacts
Human oversight
AI-generated findings and reasoning (including outputs from the Istraga investigation layer) are presented as decision support. They are traceable to underlying evidence in the substrate and are subject to human review before any consequential action is taken.
Security of AI workloads
- Encryption in transit and at rest for all AI inputs and outputs
- Access controls and audit logging on AI pipelines
- Protections against prompt injection and model misuse, aligned with our ProtivAI module
Related pages
See our Privacy Policy, Subprocessors, and Trust Center.