Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Privacy and Compliance Overview for AI and Automation Projects

            Modified on Mon, 24 Nov at 3:29 PM

            Protecting client privacy is central to how Osher Digital designs, builds and operates AI and automation systems. This article provides an overview of our privacy principles, compliance commitments and the controls we use to safeguard sensitive information throughout every project.

            Our Privacy Principles

            Osher Digital follows five core privacy principles:

            1. Client ownership of data
              All documents, prompts, outputs, embeddings and system data belong to you.

            2. Minimum data collection
              We only collect or store information that is required for the system to function.

            3. Transparent handling
              You receive clear information about what data is stored, where it is stored and for how long.

            4. Non training by default
              Client data is never used to train models unless explicitly requested.

            5. Secure storage and controlled access
              All credentials, datasets and generated content are stored securely with strict access controls.

            These principles apply across every project regardless of hosting model or system architecture.

            Compliance With the Australian Privacy Principles (APP)

            Osher Digital operates in accordance with the Australian Privacy Principles. This includes:

            • Collecting only necessary information

            • Using data only for the purposes agreed in the project

            • Limiting disclosure to essential systems and providers

            • Securing data against unauthorised access or misuse

            • Providing access and deletion rights on request

            All AI interactions are performed in non training modes, ensuring third party providers do not retain or reuse client information.

            Confidentiality and NDAs

            Confidentiality is included in our standard contract. This covers:

            • Client data

            • Internal documentation

            • Credentials and configurations

            • Project materials and deliverables

            All subcontractors engaged by Osher Digital sign the same confidentiality terms. They are only given access to the specific systems and data required to complete their work.

            Data Storage and Retention

            Data is only stored where required for functionality. Examples include:

            • Chat history when needed for memory

            • Embeddings stored locally in a vector database

            • Temporary processing data during ingestion

            • Execution logs for troubleshooting when required

            If the system does not require stored data, none is retained.

            You may request deletion of any data at any time.

            LLM Usage and Privacy

            When interacting with external LLMs:

            • We use non training modes

            • Providers do not retain prompts or responses

            • Sensitive information is minimised wherever possible

            • Clients can choose a private, self hosted LLM if required

            • API keys are managed securely in a credential vault

            OpenRouter is our preferred gateway for LLM access because it does not store prompts or responses.

            Hosted and Self Hosted Privacy Controls

            Whether you use a self hosted or Osher Digital hosted deployment, privacy controls remain consistent.

            Self hosted systems

            • All data, embeddings and logs remain inside your private VPS

            • Outbound access is restricted to essential services

            • Your internal IT manages server access, MFA and patching

            Osher Digital hosted systems

            • Deployed on an isolated private VPS

            • Strict firewall rules and access controls

            • Regular patching and monitoring

            • Secure handling of logs and stored data

            In both models, you maintain ownership of all data and can request deletion at any time.

            Access Control and Logging

            All access to credentials and systems is logged. Only staff working directly on your project are granted permission. Access is removed when the project ends or when you request it.

            Internal systems use MFA or 2FA by default.

            Your Rights as a Client

            You may request at any time:

            • A summary of what data is stored

            • A copy of stored data

            • Removal of any stored data

            • Rotation of credentials

            • Confirmation of access removal

            • A review of privacy or security settings

            Osher Digital is committed to transparent and respectful handling of your information from project kickoff to final handover.

            Our Commitment

            Strong privacy and compliance practices are essential to delivering safe and reliable AI solutions. Our goal is to provide trustworthy, secure systems that respect the sensitivity of your data and support your internal governance requirements.

            If you have specific compliance needs, we are always able to align with your organisation’s policies.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0