Overview
At Jahnel Group, we recognize the transformative potential of artificial intelligence in enhancing our service delivery and operational efficiency. We're excited about how AI can help us deliver better results, but we take our responsibility seriously. As a trusted partner, we maintain rigorous security standards when adopting and implementing AI technologies. We carefully check each AI tool before we use it, making sure it meets our high security standards and won't compromise sensitive information. We know AI raises unique questions about how data is handled, and we approach each implementation thoughtfully, balancing innovation with our commitment to protecting client interests. This straightforward approach lets us tap into AI's benefits while maintaining the trust placed in us.
AI Implementation
All services and tools utilized by Jahnel Group, including AI-powered solutions, operate in full compliance with the Master Service Agreements established with our customers. We maintain rigorous standards to ensure all technologies deployed across our operations align with our contractual obligations and data protection commitments. Doing so ensures transparency and maintains our commitment to data security and privacy. We recognize that AI technologies present unique considerations regarding data handling, and we approach their adoption with appropriate caution and diligence.
Security Assessment Process
Before adopting any AI tool, Jahnel Group conducts comprehensive security assessments that include:
- Evaluation of data handling practices
- Review of privacy policies and terms of service
- Assessment of compliance with SOC, HIPAA, and other relevant standards
- Analysis of data retention and deletion policies - adjusting settings as necessary
- Verification of encryption standards
- Review of access control mechanisms
General Usage Guidelines
Data Access & Security
* AI tools must not process, store, or interact with sensitive data without explicit approval
* All AI-generated content must be reviewed before delivery
* Use encryption and access controls to protect data and limit AI tool permissions
* Report any security concerns related to AI tools immediately
Compliance & Regulatory Requirements
- All AI usage must comply with internal policies and industry regulations
- Regular audits will be conducted to ensure responsible AI tool usage
- Team members must complete required annual security training
Approved AI Tools and Security Posture
Jahnel Group currently utilizes the following AI tools, each carefully vetted for security compliance:
- Google Gemini Advanced
- GitHub Copilot (Team License)
- Fireflies.ai (Business Plan)
- Windsurf by Codeium (Organization Team)
- Cursor (Business)
- JetBrains IDE AI (Junie)
Note: Any new AI tools require security review and explicit approval from IT/Security before use in company projects.
Client Data Protection
When using AI tools, Jahnel Group ensures:
- No sensitive data is used for AI model training
- All data processing complies with existing data protection agreements
- Confidentiality is maintained at all times
- Regular audits of AI tool usage and data handling
Continuous Monitoring and Updates
Jahnel Group maintains ongoing monitoring of AI tool security postures and regularly updates our security policies to reflect:
- New security features and capabilities
- Changed terms of service or privacy policies
- Updated compliance requirements
- Emerging security risks or concerns
Adoption Process
Before implementing any AI tool in client work, we follow a structured adoption process:
- Initial security assessment and documentation
- Controlled implementation with monitoring
- Regular security reviews and updates
Documentation and Training
Employees complete a comprehensive training covering guidelines, data security, and incident reporting procedures
Tool Details
Google Gemini Advanced
Workspace Business Plus (Platform):
- ISO 27001 certified
- SOC 2 Type II and SOC 3 compliance
- GDPR and CCPA compliant
- Standard access controls and DLP
Gemini Advanced Data Protection and Privacy Details: (License included in Workspace Business Plus)
- Data Handling:
- Conversations are not retained after completion
- No human review of conversations
- Data is processed only to generate responses
- Conversations are not used to train the model
- Security Measures:
- Standard Google Workspace encryption (in transit and at rest)
- Data processed in Google Cloud regions according to Workspace location settings - Real-time only
- Data handling follows standard Workspace Business agreements
- Follows Google Cloud's security standards
- Admin Controls:
- Enable/disable Gemini Advanced for users
- Standard Workspace access controls apply
- Basic DLP rules can be applied
Source(s):
GitHub Copilot
Github Teams (Platform)
- SOC 2 Type 2 reports available
- ISO/IEC 27001:2013 certification
- GDPR compliance with data processing agreements available
- Standard security controls and monitoring
Data Protection and Privacy Details:
- IDE-specific data retention:
- Code snippets in IDE retained only during active session
- Suggestions discarded immediately after display
- Local processing with no permanent storage
- All other access including Network/API data retention:
- Suggestions cached for maximum 24 hours on servers
- Prompts and suggestions retained for 28 days; The Copilot model requires access to previous interactions to deliver accurate and relevant suggestions
- User engagement data kept for two years
- Feedback data retained as needed for intended purpose
- Copilot Security Features:
- Azure OpenAI Service security standards for processing
- IP indemnification for code suggestions
- Telemetry settings configurable per user
- Network requests processed in Microsoft Azure
- Standard data center regions apply
Source(s):
Fireflies.ai
Fireflies.ai - Team (Platform)
- SOC 2 Type II certified
- GDPR, CCPA, and HIPAA compliant
- AES-256 encryption for data at rest and in transit
- Role-based access control (RBAC) with SSO
- Hosting on AWS with isolated tenant architecture
Data Protection and Privacy:
- Meeting Data Processing:
- Meeting transcripts stored with enterprise-grade encryption
- All data processed in secure AWS data centers
- Private cloud deployment options available
- Custom data retention policies available
- No training of AI models on customer data
- Security Features:
- End-to-end encryption for all communications
- SAML-based Single Sign-On (SSO)
- Two-factor authentication (2FA)
- IP allowlisting capabilities
- Audit logging and monitoring
- Access Controls:
- Granular user permissions
- Team-based access management
- Admin dashboard controls
- Domain-based user restrictions
- Custom privacy settings per meeting
Source(s):
Windsurf by Codeium
Windsurf Organization - Teams (Platform)
- SOC 2 Type II compliance in progress
- TLS 1.3 encryption for all API endpoints
- AWS infrastructure with ISO 27001 compliance
- Regular third-party penetration testing
Data Protection and Privacy:
- Data Processing:
- Zero data retention after completion
- End-to-end encryption for all code processing
- No data storage on Codeium servers
- Data processed in US-based AWS data centers
- TLS 1.3 for all API communications
- Security Features:
- Team-wide policy configuration
- No model training on customer code
- Signed API requests with rotating tokens
- Network isolation between users
- Code never shared between users or organizations
- Access Controls:
- RBAC for team management
- SSO available for Teams
- Access audit logging
- IP allowlisting options
Source(s):
Cursor
Cursor - AI-First Code Editor (Platform)
- SOC 2 Type II certified
- Regular third-party penetration testing
- Infrastructure hosted on Google Cloud Platform
- End-to-end encryption for data in transit
Data Protection and Privacy:
- Data Processing:
- Minimized data retention policies
- Only necessary information stored for service functionality
- Personal data stored in hashed and encrypted formats
- Code snippets and context temporarily stored for AI functionality - deleted after AI processing completes
- Security Features:
- Team-wide policy configuration, enforcement and management
- Code data for users on privacy mode is never persisted
- Encrypted data storage with strict access controls
- Network isolation between organizations and users
- Access Controls:
- Role-based access controls
- Detailed audit logging
- Enterprise SSO integration available
- Controlled API access with authentication
- Secure key management for integrations
Source(s):
JetBrains IDE Go AI (Junie)
JetBrains IDEs Go AI (Junie & AI)
- SOC 2 Type II certified
- Regular third-party penetration testing
- Comprehensive Business Continuity and Disaster Recovery (BC/DR) plans in place
- System features and configuration settings designed for robust user access control.
Data Protection and Privacy:
- Data Processing:
- Code remains yours and is never used for AI training, with local AI options for maximum security
- Zero data retention & data excluded from training
- Content exclusion with .aiignore
- Clear communication to users regarding the handling of personal information (notice, choice, consent, collection, use, retention, disclosure, and disposal)
- Security Features:
- Encryption technologies to protect system data both at rest and in transit.
- Adherence to internal security standards and best practices
- Access Controls:
- Enterprise Option - Connect to AI providers using corporate accounts, Connect on-premises LLMs
- Enterprise Option - On-premises installation, Tamper-proof request-response logs, Advanced user and group access management, SSO authentication, and IP indemnity
Source(s):
Contact Information
For specific inquiries about our AI tool security policies or to request detailed documentation, please contact Jahnel Group's security team, security@jahnelgroup.com
*This page is reviewed and updated quarterly to reflect the current state of AI tool implementation and security measures at Jahnel Group.