1. Purpose
Howwe is committed to using Artificial Intelligence (AI) responsibly, ensuring transparency, ethical practices, and robust data protection for customers. This policy outlines how AI technologies, including Google Gemini, are integrated into operations and products while safeguarding customer data and respecting customer preferences.
2. Scope
This policy applies to:
Internal Use: AI tools used for operational efficiency and decision-making.
Product Integration: AI functionalities embedded within Howwe’s products.
Howwe ensures customer data is never exposed to public AI models and remains securely within the Google Cloud ecosystem. Additionally, customers have the right to opt out of any AI-enabled features, allowing Howwe to disable AI functionality entirely for those with a strict "no AI" policy.
3. Guiding Principles
Data Privacy and Security
Data Residency: All customer data is processed and stored in Google Cloud, adhering to data residency and regulatory requirements.
Protection from External Exposure: Customer data is not shared with public AI models. Google Gemini operates within Google Cloud's secure infrastructure, ensuring data confinement.
No Model Training: Customer data is not used for AI model training, as guaranteed by Google Gemini's compliance framework.
Transparency and Trust
Clear Communication: Customers are informed about secure data handling within the Google Cloud environment. Data is never used beyond its intended purpose.
Customer Control: Customers have the right to opt out of any AI-enabled features. For clients with strict "no AI" policies, Howwe offers feature toggles to completely disable AI functionalities at the customer level.
Ethical AI Use: AI is deployed with fairness, accountability, and explainability to prevent misuse or unintended consequences.
Compliance and Risk Mitigation
Compliance Standards: Howwe aligns, however not certified, with global regulations, including GDPR, ISO 27001, SOC 2/3, and others.
Regular Assessments: AI processes undergo frequent compliance checks and risk assessments to ensure adherence to these standards.
4. Internal Use of AI
Approved Tools: Only vetted and approved AI tools may be used. Approval is granted by the Chief Product Officer (CPO) and Information Security Officer.
Training and Awareness: Employees are trained on responsible AI use, including best practices for data handling and identifying risks.
Prohibited Uses: Customer or proprietary data must not be entered into public AI tools or models.
5. AI Product Integration
Data Handling with Google Gemini
AI functionalities within Howwe products are powered by Google Gemini, which operates within Google Cloud's secure environment.
Customer data processed by AI remains within the ecosystem, protected by enterprise-grade compliance measures.
Customer data is never used for training Google Gemini or other AI systems.
Risk Mitigation
Thorough testing of AI features ensures no misuse, bias, or data leakage.
Impact assessments are conducted before deploying new AI-driven functionalities to identify and address risks.
Transparency and Opt-Out Options
Clear documentation is provided to customers, detailing how AI features interact with their data.
Customers can request to opt out of AI-enabled features, which will be deactivated for their accounts using a feature toggle. This ensures compliance with clients' specific policies, including those with a strict "no AI" approach.
6. Governance
Policy Oversight
The CPO and Information Security Officer oversee all AI initiatives, ensuring policy compliance.
Regular audits verify adherence to data protection commitments.
Incident Response
In the event of a data incident involving AI, Howwe follows a detailed response plan to address the issue promptly and transparently.
7. Continuous Improvement
This policy is reviewed annually or whenever significant technological, regulatory, or industry changes occur.
Feedback from customers and stakeholders informs updates to ensure the highest standards of responsibility and trust.
8. Customer Commitments
We guarantee:
Data Security: Customer data is securely stored within the Google Cloud ecosystem and never shared with third-party AI models.
Transparency: Clear, accessible explanations of how AI features work and how data is protected.
Opt-Out Rights: Customers can opt out of any AI-enabled features, with Howwe disabling AI functionalities entirely upon request.
Ethical Use: AI technologies are designed to benefit customers while protecting their data privacy and trust.
For further information, contact [email protected].
9. Relevant Sources
EU GDPR Overview
Comprehensive details on the General Data Protection Regulation (GDPR) compliance.
https://ec.europa.eu/info/law/law-topic/data-protection/data-protection-eu_en
EU AI Act (Proposed)
Draft legislation outlining the EU's regulatory framework for AI technologies.
https://artificialintelligenceact.eu/
ISO 27018 Standard
Protection of personally identifiable information (PII) in public cloud services.
https://www.iso.org/standard/76559.html
NIST AI Risk Management Framework
Guidelines for identifying and managing risks associated with AI systems.
https://www.nist.gov/itl/ai-risk-management-framework
Google Gemini AI Privacy and Compliance
Details about Google Gemini's compliance and data usage practices.
https://cloud.google.com/gemini-ai-compliance
Google Responsible AI Practices
An overview of Google’s approach to ethical and responsible AI use.
https://ai.google/responsibilities/responsible-ai-practices/
Google Data Protection Commitment
Google’s practices for ensuring data security and compliance.
https://cloud.google.com/security/privacy/data-protection