Egnyte Generative Artificial Intelligence (“AI”) Policy

At Egnyte, the generative AI-powered solutions of our all-in-one-platform (“Egnyte Generative AI”) have evolved over the years, from sensitive information classification to detection of anomalous usage patterns, and we have now introduced content intelligence for our users. Throughout all our Egnyte Generative AI innovation, our core values have remained consistent: we continue to strive to provide each customer with a platform that safeguards its most valuable and sensitive information and fuels its essential business processes.

We understand the adoption of Egnyte Generative AI brings uncharted risks and challenges. As such, we have developed this Egnyte Generative AI Policy (“Policy”) to showcase our principles in creating a better Egnyte Generative AI for our users.

Egnyte may update this Policy from time to time on written notice (which may include posting the updated Policy on Egnyte’s website) to reflect changes in applicable laws, standards, and/or privacy and security practices.

Any capitalized terms herein that are not defined shall have the same meaning ascribed to them in the Customer’s Agreement.

Our developed Egnyte Generative AI models support Egnyte’s apps and integrations, such as content collaboration, data security, data governance, privacy and compliance, controlled external sharing, and the integration ecosystem.

Egnyte Generative AI models are built upon the AI principles listed below:

• Data Privacy and Security. Data privacy and security continues to be of utmost importance to Egnyte when developing and implementing Egnyte Generative AI.  Each Customer remains the owner of its Content. Egnyte Generative AI’s access to Content is subject to the Customer’s Egnyte domain content governance policies, and Egnyte Generative AI will not be able to access more Content than what the Administrator and/or Users’ permissions allow. Customer Content will not be (i) made available to other Egnyte customers, (ii) accessible by Egnyte, or (iii) used for training the customer-wide foundational models underpinning Egnyte Generative AI’s architecture.  When using Egnyte Generative AI, each Customer is training the Egnyte Generative AI for its use, and its use alone.
• ‍Data Residency.  Egnyte Generative AI runs on separate deployments by region. This allows for Content subject to applicable data protection laws, such as the General Data Protection Regulation (“GDPR”), to remain in the required region.‍ For clarity, Egnyte Generative AI is deployed in the same region as that within which Customer’s domain exists and cannot be changed to a separate region.
• Output Explainability. The Egnyte Generative AI solution will cite the source data and its limitations when generating output per a User’s prompt.
• Data Quality.  Egnyte Generative AI augments out-of-the-box foundational models (trained on general knowledge) with domain-specific knowledge related to a User’s prompt and/or task at hand.  Customers can select high-quality data sources, such as specific documents or sets of documents, which allow for more specific output generation.
• Egnyte Generative AI Transparency.  Egnyte will continue to provide information on how to use Egnyte Generative AI to ensure our customers are receiving the full benefits of its capabilities.
• Compliance and Bias Reduction. In its operations and offerings, including Egnyte Generative AI, Egnyte strives for compliance with applicable laws and regulations, as well as bias reduction and avoidance of discriminatory practices.

While we strive to develop accurate and reliable Egnyte Generative AI output, there are inherent limitations with what AI can generate. It is Customer’s responsibility to conduct human review on all Egnyte Generative AI generated output. Customer should not rely solely on Egnyte Generative AI when making business decisions, including, but not limited to, critical employment, financial, legal, and health-related determinations, and Egnyte fully disclaims any liability relating to any such reliance by Customer. Customer must ensure its use of Egnyte Generative AI complies with internal policies, obligations, and applicable laws, such as data protection, privacy, and security regulations.

If Customer would like to opt-out of the use of specific Egnyte Generative AI features (e.g., Q&A and Document Summarization), it may do so pursuant to the instructions located here or by written request to: privacy@egnyte.com. For clarity, Customer may not opt-out of the use of Egnyte Generative AI in its entirety.

Customer understands that certain functions of Egnyte’s Services, including Egnyte Generative AI, may leverage third-party subcontractors, including third-party cloud providers. Egnyte remains the primary provider of the Services and is responsible for all such subcontracted obligations under our customer agreements. Before we engage with these subcontractors, Egnyte performs due diligence on the subcontractor’s privacy and security practices. Egnyte also executes appropriate contractual agreements with such subcontractors in an effort to meet the requirements of applicable data protection laws.

A current list of Egnyte’s subcontractors/subprocessors may be found at the following link: https://www.egnyte.com/subcontractors.