Data privacy policy

Published

September 4, 2024

Keywords

data privacy, ai risk, model risk management, ValidMind

This page outlines ValidMind’s data privacy policy, explaining how we protect your personal information. Our goal is to provide transparency about our data handling practices and to demonstrate our commitment to protecting your privacy and data security.

What is ValidMind’s data privacy policy?

The key points of our data privacy policy include:

  • No personal identifiable information in documentation — When the ValidMind Developer Framework generates documentation, it ensures that no personally identifiable information (PII) is included. This practice is a critical part of our commitment to protecting your privacy and maintaining the confidentiality of your data.

  • No storage of customer data — ValidMind does not retain any customer datasets or models. This policy is in place in order to protect your data privacy and security. By not storing this information, ValidMind minimizes the risk of unauthorized access or data breaches.

We believe it is important for users of ValidMind’s products to understand these practices as they reflect our dedication to data security and privacy.

ValidMind does NOT:
  • Include any personal identifiable information (PII) when generating documentation reports.
  • Store any customer datasets or models.

Do you comply with the SOC 2 security standard?

Service Organization Control 2 (SOC 2) is a type of audit report that evaluates the security and privacy controls of a service organization, such as a software-as-a-service (SaaS) vendor like ValidMind. The report provides assurance to customers that an organization has implemented effective security and privacy controls to protect sensitive data.

ValidMind’s security and privacy controls are designed to align with the stringent requirements of the SOC 2 standard. This compliance means that ValidMind has established and consistently maintains a set of security measures and protocols that meet or exceed the benchmark set by SOC 2. We also regularly review and update these controls to ensure that they stay current with evolving security threats and regulatory requirements.

Do you offer additional data privacy options?

ValidMind’s platform is a secure, multi-tenant solution that can be hosted on Amazon Web Services (AWS), Microsoft Azure Cloud (Azure), or Google Cloud Platform (GCP). For organizations that require a stricter trust model and the highest level of security, such as financial services organizations handling highly sensitive data, ValidMind also offers a Virtual Private ValidMind (VPV) option to host our solution in a dedicated single-tenant cloud instance.

The Virtual Private ValidMind option provides all the features and services of other editions of our products, but hosted within a separate environment that is isolated from other ValidMind accounts. VPV accounts do not share resources with non-VPV accounts.

Access to any edition is available through AWS PrivateLink, Azure Private Link, or GCP Private Service Connect, all of which provide private connectivity between ValidMind and your on-premises network without exposing your traffic to the public internet.

What model artifacts are imported into documentation?

When you generate documentation or run tests, ValidMind imports the following artifacts into the documentation via our SaaS API endpoint integration:

A representation of artifacts imported into the documentation via our SaaS API

  • Metadata about datasets and models, used to look up programmatic documentation content, such as the stored definition for common logistic regression limitations when a logistic regression model has been passed to the ValidMind test suite to be run.
  • Quality and performance metrics collected from datasets and models.
  • Output from tests and test suites that have been run.
  • Images, plots, visuals that were generated as part of extracting metrics and running tests.

The ValidMind Developer Framework does not send any personally identifiable information (PII) through our API.

What’s next