Data handling

Use approved business documents only.

This pilot policy describes how customer documents should be handled before public launch.

Approved documents

Start with non-regulated or explicitly approved documents such as policies, procedures, blank forms, manuals, checklists, and sample packets.

Protected information

Protected information includes items such as medical records, Social Security numbers, account numbers, tax records, private legal matter details, employee discipline records, and customer identifiers. Do not upload these unless the customer has approved the use case and safeguards.

Encrypted storage

Uploaded files are encrypted at rest before they are written to storage. They are meant to be used through BusinessVault, so the stored files should not open as normal readable documents from the storage folder.

Backups

Backups include database records, encrypted document storage, and search data. Restore tests should be run before onboarding customers.

Deletion and export

Before public launch, customer export and deletion procedures should be documented and tested for each workspace.

Cloud-enhanced answers

When enhanced answers are enabled, selected document excerpts may be sent securely to a cloud AI provider. Documents marked Sensitive or Regulated stay private-only unless explicitly approved.