1. Purpose
This Data Protection & Privacy Policy (“Policy”) outlines the principles and procedures that CoolPlanet follows to protect our customers data when utilising artificial intelligence (AI) services within our products, including calls to OpenAI’s or any other third party provider of AI APIs. It ensures transparency in how data is processed, stored, and secured, maintaining compliance with applicable regulations such as GDPR, SOC 2, and other industry standards.
2. Scope
This Policy applies to all users and stakeholders interacting with CoolPlanet AI within CoolPlanetOS, including but not limited to employees, customers, and third-parties.
3. Data Handling & Processing
3.1 Data Sent to OpenAI API
The only data transmitted to OpenAI consists of column header names from underlying datasets.
It should be stressed that no client names, factory locations, plant-specific details, or other sensitive information are shared unless explicitly included in header information by the user.
Users have the ability to rename headers before data is processed by the API to further anonymise any sensitive references.
3.2 Data Security & Encryption
All data transmitted to OpenAI is encrypted in transit using TLS 1.2+ to prevent unauthorised interception.
OpenAI does not store or retain API call data, ensuring that queries remain confidential and are not used to train any other third party or otherwise, models.
Data processing follows SOC 2 and GDPR-compliant protocols to maintain end-to-end security.
Further details on OpenAI’s data handling policies can be found at OpenAI Enterprise Privacy
4. Compliance with Data Protection Regulations
4.1 General Data Protection Regulation (GDPR) Compliance
Lawful Basis for Processing: The data transmitted to OpenAI is strictly limited to non-identifiable metadata and is used solely for the purpose of analysis within the AI-powered feature.
Data Subject Rights: Users have the right to access, rectify, or erase any personal information that may be included in metadata by mistake.
Data Minimisation: The AI service operates under a data minimization principle, ensuring that only essential data is processed.
4.2 SOC 2 Compliance & Security Standards
OpenAI’s API and CPOS follow SOC 2 Type II standards, ensuring robust security, availability, processing integrity, confidentiality, and privacy controls.
Internal security audits are conducted periodically to assess compliance with these standards.
5. User Responsibilities
Users are encouraged to:
Review column headers before submission to ensure no sensitive data is included.
Anonymize identifiable metadata where necessary.
Report any concerns about data security in relation to CPOS or Coolplanet AI features to customersuccess@coolplanet.io.
6. Data Retention & Storage
As per OpenAI’s current policy, no data sent to OpenAI is stored or retained after processing. Should this change in the future, we will update our policy accordingly and communicate any relevant impacts to our users
OpenAI does not use API data for model training or improvements.
Any logs maintained internally are limited to non-sensitive metadata and are stored securely following industry best practices.
7. Third-Party Security
Data interactions with OpenAI follow strict confidentiality agreements.
Any integrations with third-party AI services beyond OpenAI will be assessed against the same rigorous security and privacy standards.
8. Changes to This Policy
This Policy may be updated periodically.
Users will be notified of material changes that may impact data processing.
For further questions regarding data security, please contact customersuccess@coolplanet.io