LLM Data Tenancy Policy

Effective Date: 10/01/2024
Version: 1.1

1. Purpose and Scope

This LLM Data Tenancy Policy (the “Policy”) describes the standards and practices followed by Fluincy to ensure secure, isolated, and compliant handling of Customer Data in environments utilizing Large Language Models (LLMs). This Policy applies to all customer data processed by Fluincy’s LLM-powered applications, encompassing data ingestion, processing, residency, and retention.

2. Data Residency

Customer Data Localization: Fluincy strives to maintain data residency in compliance with applicable regional and industry-specific regulations (such as GDPR, CCPA). Customer Data processed by LLMs is handled within designated regional data centers as specified in our Data Processing Agreement or as requested by the customer.

Regional Processing Compliance: When third-party LLMs are engaged, Fluincy partners with vendors committed to providing data residency options where possible, ensuring customer data is processed within the agreed-upon geographical boundaries to meet residency requirements.

3. Data Isolation and Multi-Tenancy

Logical Separation: Customer Data processed by LLMs is isolated at the logical level, ensuring data tagging and independent management to prevent cross-tenant data exposure.

‍Access Controls: Role-based access controls (RBAC) are applied to all environments using LLMs. Only authorized personnel with a legitimate need are granted access, confined strictly to the data of their respective customer accounts.

‍LLM API Segregation: For third-party LLM APIs, each customer’s data is processed within sessions isolated from other customers, ensuring no data sharing or crossover occurs during processing.

4. Data Processing, Privacy Controls, and Retention Settings
Data Minimization: Only necessary data is processed by the LLMs, and non-sensitive, anonymized, or pseudonymized data is prioritized to reduce exposure.

‍Transient Data Processing: Data processed through third-party LLMs (e.g., OpenAI, Anthropic) is managed as “transient,” meaning it is processed in real-time without long-term storage on third-party servers, in line with Fluincy’s retention policies.

‍Retention Settings for Internal LLM Data: Fluincy’s internal systems and LLMs apply strict retention settings, ensuring that data is stored only as long as necessary for specific processing tasks. Customer data is systematically deleted from the LLM environment upon task completion.

‍Customer-Specific Retention Options: Customers may request customized retention schedules or specific deletion protocols in accordance with contractual agreements and regional legal requirements.

5. Data Security and Encryption

Encryption in Transit: All data transmitted to and from LLMs, whether internal or third-party, is encrypted using industry-standard encryption protocols (e.g., TLS 1.2 or higher).Secure

Processing Environment: Fluincy’s internal LLM processing environments are secured with firewalls, monitoring, and intrusion detection to prevent unauthorized access.Data Integrity and

Protection: Data integrity checks are implemented to safeguard customer information from alteration or corruption during processing.

6. Third-Party LLM Provider Obligations

Data Handling and Compliance: Fluincy works exclusively with third-party LLM providers that adhere to strict data protection standards, including GDPR, CCPA, and other applicable regulations.

‍Residency and Retention Compliance: Fluincy verifies that third-party LLM providers adhere to residency and retention protocols compatible with customer requirements, including transient data processing to minimize retention beyond processing needs.

‍Ongoing Compliance Verification: Fluincy conducts periodic compliance checks with third-party providers to confirm adherence to this Policy and relevant regulatory standards.

7. Data Access and Customer Control

Data Access Rights: Customers have rights to access data processed by LLMs, as stipulated in regional data protection laws. Fluincy provides logs and summaries of LLM processing activities upon request.

‍Consent and Control: Customer data is processed through LLMs only with explicit consent. Customers retain full rights to access, correct, or delete processed data, as well as to limit LLM processing, in accordance with Fluincy’s Data Processing Agreement.

8. Policy Review and Updates

This LLM Data Tenancy Policy is subject to periodic review and may be updated to reflect changes in Fluincy’s LLM processing practices, data residency requirements, or applicable legal standards. Fluincy will inform customers of any material changes impacting LLM processing, residency, or retention.

9. Contact Information
For any questions or concerns about this Policy, please contact our data protection team at support@getfluincy.com