I think this might be two issues, so my apologies. Admins feel free to amend, edit or delete as appropriate.
I think the only thing that is really holding me back from launching is in respect of user privacy. There are two issues regarding privacy.
Firstly, in a studio, users provide their email address. Because of this, in Europe we really need a way to delete all details related to that user if they submit a request. So I can just delete their user account, but does Pickaxe store any details about the user account? Is it anonymised after a user is deleted?
Secondly, how long does pickaxe store chats and any files a user may have uploaded? Are all chats and files deleted when a user account is deleted from a studio?
I’m working on a studio for HR people, so CVs/Resumes, job descriptions amongst other relative sensitive material may be uploaded. I need to be able to reassure users their data is secure and is not used for any future use.
Thanks in advance for reading a rather lengthy post!!
I am writing this from Canada but the Pickaxe I am working on involves sensitive topics like anxiety and mental health. I really should have an option to obfuscate the chat history because just exposing the exact email and what people are talking about is a privacy nightmare.
As a Studio owner, you can delete certain accounts. Under the Monitor tab click the “Manage users” buttons. From there you can click on an email and then click “remove”. This will delete the user. If you delete a user from your studio, it deletes those associated records from our database as well.
As far as user chats and end-user document uploads, the same applies. if you delete a user and their chats, then those files are deleted from our database as well.
That’s great @admin_mike . I’m no GDPR expert, but if deleting the user deletes associated records that’s a great help.
I think the only other things from a privacy perspective that matter are being able to show what details we store about users as EU and UK citizens can request to see what details are held about them.
But I’m sure there are other people on here that can advise on other elements that need to be considered for EU/UK citizens.
Thanks for being so active on here supporting us with our queries.
Happy to help! If you find out other good solutions, it’s always very helpful to write a post labeled like “How to follow GDPR compliance on Pickaxe Studios” or something. Other users would benefit from such a thing!
In the same privacy space if a user enters their email and this goes across the API to openai how is it processed? As I write this I realise I need to ask on their dev forum. But maybe you guys already know. TY
All Pickaxe data sent to OpenAI is under a special agreement of a 30-day deletion policy and is not used to train models. The email address would hit OpenAI, but would be handled under those two assurances. Worth asking on their forum as well.
