We are committed to maintaining the highest standards of data privacy and protection. This AI Privacy Policy outlines how we handle data in the context of our AI-powered features, including our suite of AI agents. Elementary’s AI features are designed to enhance the user experience across key workflows, enabling natural language responses, automated data exploration, intelligent issue triage and resolution, proactive test and governance recommendations, and query optimization. These features are strictly opt-in and must be explicitly enabled for each customer instance.

Third-Party AI Providers

Elementary’s AI features are powered by leading large language models hosted through Amazon Bedrock, a secure AWS-managed environment. This architecture ensures that:
  • All AI processing stays entirely within the AWS infrastructure.
  • No data is sent to external model providers directly by Elementary.
  • No data used for AI inference is stored or used for training by any provider.
Amazon Bedrock may access models from third-party providers such as Anthropic and OpenAI. However, these models are accessed via Bedrock - your data remains within AWS at all times.

Data Handling & Anonymization

Elementary is committed to minimizing data exposure and ensuring user privacy in all AI-powered workflows. When using AI features, only the minimal context necessary to fulfill the requested functionality is processed, such as metadata, anonymized prompts, or structural test information. No personally identifiable information (PII) or customer-specific identifiers are shared with AI models unless explicitly configured by the customer for a particular feature. Most features are designed to operate entirely on anonymized metadata and structured inputs. All AI processing takes place within Amazon Bedrock, a secure environment within AWS. This ensures that your data remains fully contained within your cloud region and never leaves the AWS infrastructure.

Customer Instance Isolation

AI interactions are scoped strictly to each customer’s instance. No data is shared between tenants. Responses are routed back only to the initiating instance. Our infrastructure uses per-instance storage and 2FA-protected admin access.

Data Retention and Deletion

  • No AI request data is stored beyond the scope of processing.
  • General client data is retained for a maximum of one week, or deleted immediately upon account closure.

Opt-Out Controls

AI functionality can be completely disabled at the instance level. Customers may also selectively enable only the features they wish to use.

Compliance

Our AI processing aligns with:
  • GDPR, UK GDPR, CCPA, and other global data privacy regulations.
  • Security best practices, including those outlined in our Data Protection Agreement.

Have any more questions?

We would be happy to answer! Reach out to us on email or Slack.