Security & Data Protection Guidelines for Customers

TSAI Agent is designed to help you provide fast, accurate answers to your end-users by leveraging AI to process technical content from your Jira work items. As a customer of our platform, it's important that you understand how data is handled and what steps you must take to protect sensitive information.

Your Responsibility

As the data controller, you are responsible for ensuring that no confidential, sensitive, or personally identifiable information (PII) is submitted to TSAI Agent unless you have reviewed and approved it for processing.

You must review and sanitize any data before it is made available to TSAI Agent. This includes redacting sensitive details from Jira work items and ensuring that external comments or fields do not contain information that could put your users or your organization at risk.

Data Ingestion Policy

TSAI Agent is built with a security-first architecture. It only processes the data you explicitly expose, and never ingests certain types of information:

TSAI Agent does NOT ingest:

  • Internal comments from your Jira service desk projects
  • Agent or user names, such as assignee, reporter or participant fields
  • Any other fields than the five fields mentioned below

Just to be clear, this application does not read the fields first and extracts these fields before ingestion - this application never reads the data mentioned above at the first place.

TSAI Agent ingests only:

  • Summary, Description and External comments fields of Jira Work items
  • Product and version fields

Best Practices for Safe Usage

To help ensure secure and compliant use of TSAI Agent, we recommend the following:

  • Redact sensitive data: Remove or anonymize any personal or confidential data before exposing work items to the AI agent.
  • Separate internal and external comments: As the best practice, use Jira internal and external comments to clearly distinguish between public and private content.
  • Implement access controls: TS Agent application UI can be reached only by the Jira administrators (not Jira agents) or the organization admins, ensure only authorized personnel are given the necessary authorization and passwords to configure and save settings of the TSAI Agent.
  • Train your teams: Educate your staff on the importance of data classification and proper handling of support content on jira.

Security Commitments

We are committed to safeguarding your data through:

  • Data encryption: All data at rest and data transmitted to and from TSAI Agent is encrypted using industry-standard TLS protocols.
  • Bring Your Own Key: You can provide your keys through Amazon Web Services (AWK KMS vault). If you do that, we never see your ingested data or JQLs - it means we only know your own company name and email - that's it.
  • No persistent storage: TSAI Agent does not retain any data beyond what is needed to generate a real-time response.
  • Role-based access: Access to your data is restricted to authorized components and staff under strict controls.
  • Compliance alignment: Our architecture is designed to support your compliance obligations under regulations such as GDPR, CCPA, and SOC 2.

Incident Management

If you suspect that sensitive data was unintentionally exposed to TSAI Agent, please take the following steps immediately:

  1. Stop this application immediately. You have a master switch here.
  2. Notify your internal security or compliance officer.
  3. Contact Solverox Support with details so we can assist with incident review and remediation.

Summary

TSAI Agent gives you powerful capabilities to serve your end-users through AI-assisted responses. However, this requires a shared responsibility model. You must control what data is exposed to ensure that no sensitive, confidential, or private information is inadvertently shared. By following the guidance on this page, you can ensure safe and effective use of the platform.