FAQ: Margo AI Data Security
Compliance
Margo AI maintains compliance with UK GDPR and ISO 27001 aligned controls internally.
By default OpenAI does not use your business data for training their models, additionally Care Control have explicitly opted out from sharing data. This opt-out means that any data exchanged between Margo AI and OpenAI via the API is treated as confidential and is not used to improve or train OpenAI’s models. This additional safeguard provides assurance that customer data remains secure, private, and purpose bound. OpenAI’s API terms also guarantee that users who opt out will have their data excluded from any downstream usage, ensuring full control and ownership of sensitive information remains with Care Control.
TOM's
Care Control has established TOM’s as a result of risk assessment, to ensure compliance with UK GDPR, ISO 27001 and Cyber Essentials. By doing so we can ensure data is processed in a secure manner this includes the protection against.
– unauthorised or unlawful processing,
– Accidental data loss destruction or damage
OpenAI
Margo AI uses OpenAI’s ChatGPT API to enhance its AI-driven functionality. We are committed to protecting customer data and have implemented strong technical and organisational controls to ensure responsible usage.
We hold a data processing Agreement with OpenAI which supports our compliance with GDPR and UK privacy laws.
All data is transmitted over encrypted HTTPS channels.
OpenAI is SOC 2 Type II certified, demonstrating strong information security practices.
OpenAI encrypts all data at rest (AES-256) and in transit between customers (TLS 1.2+), and uses strict access controls to limit who can access data.