Blueprint AI Privacy Policy

The following key aspects of data handling constitute the Blueprint AI privacy policy, outlining how data is managed, transferred, and secured for the Blueprint AI ServiceNow scoped app:

What Data is Collected:
Blueprint AI collects data based on what the platform administrator has configured. This data includes, but is not limited to, business requirements, process flows, and technical design specifications, typically extracted from ServiceNow catalog items, workflows, and other metadata relevant to building or automating platform features.

How the Data is Used:
The data is used to facilitate intelligent analysis, technical design, and automation of catalog items, workflows, and associated elements within ServiceNow. The data is sent to OpenAI’s API for real-time processing, where AI models generate suggestions, build technical solutions, and provide analysis based on the input provided.

Whether the Data is Shared with Other Parties:
Blueprint AI only shares data with OpenAI’s API for processing and does not distribute or share data with any other third parties. OpenAI acts as the processing agent, adhering to its own strict data privacy standards.

How the Data is Transferred, Stored, and Secured:
Data sent from the Blueprint AI app to OpenAI is transferred via encrypted communication channels (e.g., HTTPS). OpenAI does not store any of this data long-term and the data is used solely for generating real-time responses to specific API requests. Blueprint AI itself does not store processed data beyond what is needed to execute actions within ServiceNow. The platform admin can toggle which specific data is shared using the Products and Reference Data Table Access repositories to control which datasets are exposed to AI processing.

Reference to OpenAI’s Privacy Policy
As a critical processing partner, OpenAI follows stringent privacy practices. The data shared with OpenAI is not used to train their models, and OpenAI does not retain customer-specific data after the request is processed. OpenAI’s privacy policy ensures that any information sent through their API is secure and that they do not store, distribute, or reuse data sent via the API for any purpose beyond fulfilling the real-time request.

For full details on OpenAI’s privacy practices, please refer to OpenAI’s Terms and Policies, which outlines their approach to data handling, storage, and security, as well as how they comply with relevant privacy regulations.
 

Regarding compliance with major privacy regulations, consult OpenAI’s privacy policy for specific details on compliance with GDPR, CCPA, and other data protection standards.

Example of Possible Risks
While the data transfer is secure and limited to real-time processing, there are inherent risks that customers must acknowledge:
 

• Data Exposure Risks: Depending on how the app is configured, sensitive internal business information such as process flows and proprietary technical specifications could be shared with OpenAI during real-time API calls. Though the data is encrypted, there is a risk of exposure during the API transmission process if proper security protocols are not followed.
   

• Third-Party Processing: Data shared with OpenAI for processing is handled outside of the ServiceNow platform. Although OpenAI does not store data, customers must be aware that their sensitive information is temporarily processed in external servers, which may have implications for industries with strict compliance or data sovereignty requirements.

Customers should consult their internal legal or compliance teams to ensure that the level of data access granted to Blueprint AI meets their organization’s standards for data security and compliance.

Acceptance of Risks
By using Blueprint AI, the customer accepts these risks and assumes responsibility for how data is shared and processed based on their configuration of the app’s data repositories.