Security and Privacy Assurance Summary
This document outlines the security, privacy, governance, and compliance characteristics of askEdgi, an AI-enabled analytics capability embedded within the OvalEdge platform. askEdgi delivers analytics insights using governed metadata while operating strictly within enterprise security, privacy, and compliance boundaries. askEdgi does not function as a standalone AI system and does not bypass or weaken existing governance, access, or control mechanisms configured within OvalEdge.
Intended Audience
This document is intended for the following stakeholder groups.
Sales
Support positioning during customer discussions and evaluations
Pre Sales
Enable accurate representation during solution demos and proposals
Procurement
Assist in vendor risk, privacy, and compliance assessments
Customer IT
Support security architecture, governance, and compliance reviews
Note: This document is suitable for inclusion in formal procurement, security, and compliance review processes.
Platform Scope and Operating Model
askEdgi operates as an integrated analytics capability within the OvalEdge platform.
All analytics interactions occur within the boundaries of the OvalEdge governance framework.
askEdgi does not operate independently and does not introduce separate data pipelines or processing layers outside OvalEdge.
Existing data access policies, classifications, and controls continue to apply to all askEdgi operations.
Important: askEdgi does not override or bypass platform-level governance configurations.
Data Ownership and Privacy Controls
Customer data is retained only for defined periods aligned with operational and compliance requirements. Uploaded files, analysis history, and derived artifacts follow customer-controlled retention policies. Data deletion is supported through user-initiated requests and automated expiration, including secure removal from backups over time.
Data Ownership
Customers retain full ownership of all data stored, processed, or analyzed within OvalEdge.
No ownership rights are transferred to OvalEdge or askEdgi at any stage.
Data Processing Role
OvalEdge and askEdgi act strictly as data processors.
All data processing activities occur only based on explicit customer instructions and configured policies.
Data Usage Boundaries
Customer data is used only for governed analytics and metadata-driven insights.
Customer data is not repurposed for any external or secondary use.
AI Training Restrictions
Customer data is not used for AI model training.
Cross-tenant learning using customer data is not permitted.
Important: Customer data remains isolated and controlled within the customer environment at all times.
AI and Data Usage Enforcement
External AI Exposure Prevention
askEdgi is designed to prevent exposure of customer data to external AI providers.
Data boundaries are enforced through architectural and policy-based controls.
Permitted AI Context
Only approved metadata and contextual elements are provided to AI models.
Allowed Context Elements
Table names
Column names
Column descriptions
Semantic summaries
Approved metadata attributes
Restricted Data Types
Raw data values are not shared.
Individual records are not transmitted.
Personally identifiable information is not processed by external Large Language Models.
AI Enrichment - Controlled External Processing
The AI Enrichment capability enables advanced metadata and content enhancement through interaction with external Large Language Models (LLMs).
Unlike metadata-only analytics processing, AI Enrichment may involve transmission of selected customer source data for contextual understanding and enrichment.
Data Transmission Scope:
When AI Enrichment is explicitly used:
Selected customer data may be transmitted to an external AI provider
The scope of transmitted data is determined by feature design and configuration
Transmission occurs only for the specific enrichment task requested
This processing does not override existing access controls or governance policies.
Data Usage Controls:
AI Enrichment must be explicitly enabled by the customer
External AI providers are contractually restricted from using submitted data for model training
No cross-tenant data sharing occurs
Data is processed only for the immediate enrichment request
No persistent external storage is intended beyond request processing
Security and Governance Safeguards
All transmissions occur over encrypted channels
Access policies determine which users may invoke enrichment
Enrichment activity is logged for audit purposes
Customer data transmitted through AI Enrichment is not used to train shared or public AI models. Cross-tenant learning remains prohibited.
Governed AI Interactions
AI interactions are constrained by metadata governance rules.
Access policies determine which metadata elements are visible during AI interactions.
Output Traceability
AI-generated outputs are traceable to their metadata sources.
Outputs support explainability to aid validation and audit activities.
Note: Metadata-driven processing ensures insights without exposing sensitive data.
Security Architecture and Controls
askEdgi enforces enterprise identity and access protections, including standards-based Single Sign-On (SSO), mandatory multi-factor authentication for administrative users, and role-based access controls. User sessions are governed by defined expiration policies to reduce exposure risk.
All analytics run in isolated, sandboxed environments with constrained compute resources, restricted network access, and secure disposal after execution.
Connector access is encrypted, logged, and revocable, ensuring controlled and auditable integration with enterprise data sources.
Encryption Standards
Area
Standard
Data at rest
AES 256
Data in transit
MTLS 1.2 or higher
Identity and Access Management
Single sign-on is supported.
Identity and access management controls enforce authenticated access.
Role-based access controls restrict actions based on assigned roles.
Compute Isolation
Analytics workloads execute within ephemeral containers.
No persistent local storage is maintained within compute containers.
Monitoring and Auditing
All activities are logged for audit purposes.
Continuous infrastructure monitoring is enabled.
Deployment Isolation
Workloads are deployed within isolated AWS environments.
Network segmentation and identity segmentation prevent unauthorized access.
Note: Isolation controls prevent cross-environment and cross-tenant access.
Analytics and File Processing Safety
Workspace Isolation
User-generated and system-generated files are processed in isolated workspaces.
Each workspace is dedicated to a single user context.
Encryption of Files
Files are encrypted while stored.
Files are encrypted during transmission.
Workspace Access Controls
Workspaces are not shareable.
Workspace isolation applies even within the same organization.
Temporary File Handling
Temporary files are stored securely.
File retention follows defined retention policies.
Files are purged after retention conditions are met.
Governance and Responsible AI Practices
askEdgi applies defensive controls to AI interactions, including controlled AI tool usage, output validation, and safeguards against prompt manipulation. AI providers are governed by contractual and technical controls to ensure secure and compliant usage.
Governance Enforcement
Data classification rules are enforced during analytics execution.
Data masking policies are applied where required.
Access policies determine visibility and usage.
Analytics Sharing Controls
Recipes and shared analytics undergo governance review.
Approval is required before broader availability.
Human Oversight
Validation workflows support review of AI-assisted outputs.
Approval workflows enable controlled adoption of insights.
Responsible AI Principles
askEdgi aligns with responsible AI principles.
Principle
Description
Transparency
Outputs are explainable and traceable
Accountability
Governance and audit controls support accountability
Control
Customers retain control over data and usage
Note: Human oversight ensures responsible use of AI-generated insights.
Compliance Alignment
askEdgi aligns with industry standard compliance frameworks through AWS inherited controls and secure development practices.
askEdgi supports responsible vulnerability disclosure through a coordinated vulnerability disclosure process. Security issues can be reported through defined channels and are acknowledged, assessed, and remediated within established response timelines.
askEdgi works with security researchers to coordinate remediation and disclosure, supporting a transparent and responsible security posture.
Ongoing security testing supports compliance maintenance.
Framework
ISO 27001
SOC 2 Type II
GDPR
CCPA
Important: Compliance alignment is maintained through continuous security validation activities.
askEdgi aligns its security controls with recognized assurance frameworks, including SOC 2 and ISO/IEC 27001.
Key control areas include:
Access control through role-based permissions, SSO, and MFA
Controlled change management with versioned and approved deployments
Centralized logging and monitoring for audit and security oversight
Encryption of data at rest and in transit
Defined incident response procedures
These controls support regulated and security-conscious enterprise environments.
Summary Statement (Sales-Safe)
askEdgi enables AI-assisted analytics while preserving enterprise security, privacy, and governance expectations. Insights are generated using governed metadata instead of raw data. Strict access controls, encryption standards, and audit logging ensure trust and control for regulated and security-focused organizations.
Sales and Pre-Sales Usage
Attach this document to RFP responses.
Share during security and procurement reviews.
Use as a pre-read document before detailed security deep dives.
Position askEdgi as a governance-first AI capability rather than a generic generative AI.
Important: Consistent usage supports accurate positioning and trust during evaluations.
Last updated
Was this helpful?