I think this might be two issues, so my apologies. Admins feel free to amend, edit or delete as appropriate.
I think the only thing that is really holding me back from launching is in respect of user privacy. There are two issues regarding privacy.
Firstly, in a studio, users provide their email address. Because of this, in Europe we really need a way to delete all details related to that user if they submit a request. So I can just delete their user account, but does Pickaxe store any details about the user account? Is it anonymised after a user is deleted?
Secondly, how long does pickaxe store chats and any files a user may have uploaded? Are all chats and files deleted when a user account is deleted from a studio?
Iâm working on a studio for HR people, so CVs/Resumes, job descriptions amongst other relative sensitive material may be uploaded. I need to be able to reassure users their data is secure and is not used for any future use.
Thanks in advance for reading a rather lengthy post!!
I am writing this from Canada but the Pickaxe I am working on involves sensitive topics like anxiety and mental health. I really should have an option to obfuscate the chat history because just exposing the exact email and what people are talking about is a privacy nightmare.
As a Studio owner, you can delete certain accounts. Under the Monitor tab click the âManage usersâ buttons. From there you can click on an email and then click âremoveâ. This will delete the user. If you delete a user from your studio, it deletes those associated records from our database as well.
As far as user chats and end-user document uploads, the same applies. if you delete a user and their chats, then those files are deleted from our database as well.
Thatâs great @admin_mike . Iâm no GDPR expert, but if deleting the user deletes associated records thatâs a great help.
I think the only other things from a privacy perspective that matter are being able to show what details we store about users as EU and UK citizens can request to see what details are held about them.
But Iâm sure there are other people on here that can advise on other elements that need to be considered for EU/UK citizens.
Thanks for being so active on here supporting us with our queries.
Happy to help! If you find out other good solutions, itâs always very helpful to write a post labeled like âHow to follow GDPR compliance on Pickaxe Studiosâ or something. Other users would benefit from such a thing!
In the same privacy space if a user enters their email and this goes across the API to openai how is it processed? As I write this I realise I need to ask on their dev forum. But maybe you guys already know. TY
All Pickaxe data sent to OpenAI is under a special agreement of a 30-day deletion policy and is not used to train models. The email address would hit OpenAI, but would be handled under those two assurances. Worth asking on their forum as well.
I have concerns that I can see my clientâs prompts and results in Pickaxe. Is there a way for me not to see it? I need to give my clients confidence that I cannot see their data.
@admin_mike I have the same question. In products where privacy is crucial, like therapist bots, etc. Itâs quite unethical if we see their dialogues.
Youâll be very excited for the redesigned system then.
For each Studio, there will be an option for Studio Owners to decide whether to âcollect responsesâ or ânot collect responsesâ. This feature is motivated by the many Pickaxe users working in fields where HIPAA matters. This âcollect/do not collectâ setting will be a toggle you set on a studio by studio basis. If you select âdo not collectâ, then the responses are simply not collected for you to see.
