Security and privacy FAQ for Gorgias AI AgentUpdated 15 hours ago
Which large language model (LLM) does AI Agent use?
AI Agent uses a combination of multiple secure LLM providers, including OpenAI, Anthropic, and internally fine-tuned LLMs.
What is used to train my AI Agent?
Your AI Agent’s ability to recognize language and form sentences comes from a blend of state-of-the-art large language models (LLMs) from a few leading providers, including OpenAI and Anthropic, as well as our own internal models.
All of these models are trained using publicly available information, licensed data, and user-provided content, with a focus on publicly available data. They avoid restricted sources like paywalls or harmful content. The model doesn't store or copy specific training data but instead learns associations between words to generate responses.
Your AI Agent’s ability to answer questions in adherence to your policies comes from the data sources you connect, such as: Your Shopify order and fulfillment data, Your Gorgias Help Center and Guidance, and any public URLs connected in AI Agent’s settings.
Do you use my data to train external LLMs?
No, the data AI Agent accesses does not train large language models (LLM) from OpenAI or other 3rd-party providers. Here are the key details about our relationship with external AI providers:
- No Data Retention: OpenAI does not use data submitted through the API to train its models or improve future versions. The data is used only for processing the immediate request.
- Zero Data Retention: OpenAI has a zero data retention policy for API interactions. This means that once the request is processed, the data is not stored or logged.
- Privacy Compliance: Gorgias and OpenAI comply with stringent data privacy regulations such as GDPR, SOC2, and CPRA, ensuring that customer data is handled securely and responsibly. By adhering to these principles, AI Agent ensures that any data used during interactions remains isolated and is not utilized to train or enhance OpenAI's language models. Read more in OpenAI’s Privacy Policy.
Do you use my data to train AI for other brands using AI Agent?
Our AI Agent does learn from interactions from other brands. However, we have many safeguards in place to reduce risk of confidential data leakage.
At Gorgias, we strictly adhere to privacy, confidentiality, and data security regulations, following all applicable privacy laws. The data is processed solely to enable the AI agent to respond to customer inquiries autonomously.
Once a query is addressed, the data is deleted, ensuring personal or brand-identifying information is never saved, reused, or stored.
Can someone with sufficient knowledge trace specific customer information (e.g., city, IP address)?
Gorgias implements industry-leading security measures to protect personal information, such as customer data, IP addresses, and location details, ensuring they remain secure and inaccessible to unauthorized individuals or tracking attempts.
Can AI Agent make up information (aka hallucinate)?
While no AI tool is capable of perfect accuracy 100% of the time, we put several safeguards in place to keep AI Agent from sending inaccurate information:
- Based on your knowledge. AI Agent gets its ability to understand and produce sentences from OpenAI’s large language model, but the content of its answers only come from the knowledge sources you provide. If AI Agent cannot find an answer in the connected Help Docs, Guidances, or public URLs, it will not answer.
- Internal quality assurance check. After AI Agent formulates an answer based on the knowledge sources you’ve provided, it’s put through a quality assurance (QA) step. Put simply, we run AI Agent’s answer through another AI model to measure confidence in the answer. We only send the response if AI passes our confidence threshold.
- Exclusion and handover topics. As another layer of control, we let you define topics that AI should completely ignore and topics that AI should hand over to your team.
We can’t guarantee AI Agent will never make mistakes — no AI tool can. That’s why we give you the ability to view every single answer AI Agent sends, including the knowledge sources it pulls from. This can help you understand why AI Agent sent an inaccurate response and update your knowledge sources (Help Center, Guidance, and public URLs) accordingly.
How can I stop AI Agent from answering questions with legal risks?
Some topics — such as medical questions or legal related questions — are too sensitive to handle with AI. You can add these to your Exclusion or Handover topics to ensure AI Agent does not answer.
Can AI Agent answer questions regarding CBD, Marijuana, or medical prescriptions?
AI Agent will use the information from the knowledge that your team provides. If you would like to stop AI Agent from answering some questions, on specific topics, you can use Exclusion or Handover topics.
How does my feedback improve AI Agent?
The feedback you provide to AI Agent helps it better connect the dots between certain types of tickets (e.g. international shipping queries) and knowledge sources (e.g. Guidance on your shipping policies). By providing feedback on an interaction, you help AI Agent recognize which knowledge to draw from in similar interactions going forward.
Our team also monitors feedback you deliver in-product to continuously tweak and optimize the back-end prompts that power AI Agent. These updates, informed by thousands of ecommerce brands, make AI Agent the leading AI solution for ecommerce customer support.
Does AI Agent comply with data protection laws and AI regulations?
Gorgias comply with stringent data privacy regulations such as GDPR, CPRA and all applicable privacy laws ensuring that customer data is handled securely and responsibly. Gorgias is also SOC 2 Type II compliant since 2020.
In adherence to these guidelines, any data used during AI Agent interactions remains isolated and is not utilized to train or enhance third-party language models.
Do I have a legal obligation to disclose that I’m using AI Agent?
While Gorgias will always try to set our customers up for success, legal questions about your company can only be handled by an attorney, who represents your interests. If you’ve legal questions, you should seek legal advice from external counsel, as Gorgias cannot provide legal advice.
That said, you have the choice of whether or not to disclose your use of AI in response generated by AI Agent.
- In Email: Use the Email Signature setting to disclose your use of AI.
- In Chat: Messages sent by AI Agent are noted with “Automated” under the message. For additional transparency, you can use the Privacy Policy feature to disclose your use of AI.
We would recommend using your email signature to indicate that the message your customers receive has been created with AI.
Where Is My Data Stored?
Your data is securely maintained on Google Cloud Platform (GCP). We have several servers around the world - the closest one to the merchant will be attributed. Note that if you are in the EU, then your server will be in the EU.
