Architecture Overview
User inputs are introduced through an isolated Cooleaf frontend app deployment, handled and passed without any modification through a main backend app without any modification to Cooleaf AI Service app, where the inputs are being sanitized and modified for the first time, as described below. Afterwards the sanitized content of the message is passed to an isolated Azure OpenAI deployment of gpt-4o-mini model, residing in a separated network, with only one access point, along with a set of parameters predefined within Cooleaf AI Service. Azure deployment can be accessed only by the AI Service, making the contents inaccessible for unauthorized actors. Azure deployment does not store other information than logs regarding the timestamps, sizes and other metadata.
Data Security and Azure
- Azure OpenAI Service: Unlike public OpenAI models, Azure OpenAI provides services within Microsoft's secure and compliant cloud environment. This means that data sent to the Azure OpenAI API is processed within the Azure infrastructure.
- Data Privacy: Microsoft's Azure services, including OpenAI, have strong data privacy commitments. As per their policies, the data sent to the service is not used to train their public models. It is used solely for providing the service to the customer.
- Secure Communication: Communication with the Azure OpenAI service is over HTTPS, ensuring that data is encrypted in transit.
- Authentication: The application authenticates with the Azure service using API keys, which are managed as secrets within the application's environment.
tabs=azure-portal