CO2 Lab LogoCO2 LAB
CO2 Lab Logo

AI Security Policy

Purpose

The following document is an overview of how CO2 Lab leverages large language models (LLMs) in its service; how it sources the components it uses to deliver that; and how customer data is (or isn't) used in the AI features.

What are CO2 Lab's AI features?

CO2 Lab offers a suite of AI-powered capabilities, integrated seamlessly across your workspace. CO2 Lab has the capabilities of multiple AI tools, all in one place.

Use it to:

  • Analyse and process information
  • Generate text
  • Perform classifications
  • Perform calculations

CO2 Lab's AI features appear seamlessly in your workspace but leverages technology from several AI subprocessors to provide you with the service.

AI subprocessors

CO2 Lab is constantly evaluating the third party LLM models and providers that we use to ensure we continue to deliver the very best AI products to our customers.

Third party LLM providers that we can use to deliver an AI product are listed in the following AI subprocessor list:

  • OpenAI, LLC
  • Anthropic, PBC

How is customer data protected when sent to AI subprocessors?

CO2 Lab's AI features are designed to protect your Customer Data and prevent information leaks to other users of the service.

Prior to engaging any third-party subprocessor or vendor, CO2 Lab evaluates their privacy, security, and confidentiality practices, and executes an agreement implementing its applicable security, privacy, and legal obligations. All subprocessors are monitored and reviewed at least annually to ensure continued compliance with CO2 Lab's security and privacy expectations. This includes reviewing documents such as attestation reports, penetration tests, and other artifacts based on the subprocessor's criticality and other risk factors. Significant public security events are also assessed to protect the supply chain attack surface.

Any customer data provided to third parties is of a generalised nature. The generalised data provided is used for the sole purpose of performing that activity for which is required, and no other purpose. We take security of data extremely seriously and have built into our processes active steps to strip the data of identifying information.

When we send your customer data to third parties, it is encrypted in-transit using TLS 1.2 or greater.

Will my data be used to train any models?

CO2 Lab and its AI Subprocessors do not use Customer Data to train any models. We specifically have contractual agreements in place with our AI Subprocessors that prohibit the use of Customer Data to train their models.

Your use of CO2 Lab's AI features does not grant CO2 Lab any right or license to your Customer Data to train our machine learning models.

How is Customer Data segregated?

Individual customer accounts are kept separate in our production environment. We do not mix or process data from different customers together during AI processing.

Last updated: January 2025