OVERVIEW
Our AI Assistants are created on Chipp. Here is their Security Document.
Solution Architecture for Chipp.ai
1. Main Solution Components – System and Infrastructure
Our solution is a cloud-based web application that allows users to build and interact with custom GPT models. The primary components include a user interface, backend services hosted on Google Cloud, and integrations with external LLM providers like OpenAI and Anthropic. These components work together to facilitate seamless interaction between the user and the AI models.
2. User Interaction
Users interact with the solution primarily through a web-based interface compatible with both desktop and mobile browsers. The builder experience is optimized for desktop browsers, ensuring a robust environment for creating and managing custom GPTs.
3. External System Interactions – Integrations
The solution integrates with external systems by making API requests to LLM providers such as OpenAI and Anthropic. These integrations enable the generation of embeddings and other AI functionalities. Additionally, the system can interact with custom content via iframe embedding, allowing for further customization.
4. Scalability Components
Scalability is achieved through the use of Google Cloud Run, which dynamically scales the application based on CPU and RAM utilization. When utilization exceeds predefined thresholds, additional resources are automatically provisioned to maintain performance.
5. Contingency, High Availability, and Disaster Recovery
We leverage Google Cloud Platform’s inherent high availability and disaster recovery capabilities. Regular hourly snapshots of the database ensure that in case of a corruption or disaster, we can restore data with minimal impact. Geographic redundancy is also provided to mitigate risks from regional outages.
6. Supported Versions
The solution supports all major desktop and mobile web browsers. The builder experience is specifically tailored for desktop web browsers to ensure full functionality and ease of use.
7. Solution Component Location
All solution components are cloud-based, hosted on the Google Cloud Platform.
Life Cycle Management of Chipp.ai
1. Solution Lifecycle Management
Our solution lifecycle management involves continuous deployment practices with daily releases. These releases ensure that the solution remains up-to-date and responsive to user needs.
2. Obsolescence Management
We manage obsolescence through feature flags, allowing for phased rollouts and smooth transitions when deprecating older features. This ensures that users experience minimal disruption during updates.
3. Frequency of Releases
We practice continuous integration and deployment, releasing updates daily. This allows us to iterate quickly and address issues or implement enhancements as they arise.
4. Support for Different Solution Versions
We do not typically maintain multiple versions of the solution. However, any legacy support would be managed through specific contractual agreements with the client, detailing the terms of support for older versions.
5. Customization and Extension
Customization is primarily achieved through iframe embedding, allowing users to embed custom content around our AI solutions. Additionally, we provide custom URLs for post-signup redirection, enhancing the user journey.
6. Lifecycle of Customizations
Customizations are treated as integral parts of the solution, and our development practices ensure that updates and enhancements do not break these custom implementations. We maintain backward compatibility for iframe-based customizations.
Performance and Scalability of Chipp.ai
1. Techniques for System Performance
Our architecture differentiates between the application and data layers. The application layer is managed on Google Cloud Run, with auto-scaling based on CPU and RAM usage. The data layer, managed via Google Cloud SQL, scales independently and supports replication to handle high loads.
2. Concurrency Model
We utilize Prisma ORM for database interactions, which includes request pooling to manage concurrent access. Transactions are handled with ACID properties to ensure data integrity even under high concurrency.
3. Seasonality and Scalability
Our platform is SaaS-based, and as such, it does not experience the seasonality typical of retail or e-commerce businesses. Scalability is handled on-demand through Google Cloud’s infrastructure, ensuring consistent performance throughout the year.
4. Service Level Monitoring
Service levels are monitored using Google Cloud Platform’s dashboards, with alerts configured via PagerDuty. This ensures real-time response to any service degradation, with scaling triggers set at 50% CPU utilization.
Report BI and Analytics of Chipp.ai
1. Reporting and Analytics
We provide an analytics dashboard that tracks the performance of AI chats and logs user interactions. This dashboard is currently in development for enhanced features, allowing users to customize and extend their reporting capabilities. Users can export conversation history for analysis into CSV file or by connecting to Google Sheets.
2. Data Extraction
We offer a white-glove service for data extraction, where users can request specific data to be exported to their DataLake in a format of their choice (e.g., CSV).
Security Governance of Chipp.ai
1. Security Techniques
Security is enforced through JWT-based authentication across all APIs, with data encrypted both in transit and at rest. We adhere to the principle of least privilege within our Google Cloud environment, ensuring minimal permissions for each team member.
2. Connectivity Security
All API calls are encrypted using HTTPS, ensuring secure communication between solution components and external systems.
3. Access and Privileged Access Management
Access management is handled through Google Cloud IAM, ensuring that permissions are tightly controlled. Privileged access is limited to senior engineers, with stringent monitoring in place.
4. Protection Against Unauthorized Access
We implement IP blacklisting as a first response to potential unauthorized access or DDoS attacks. More advanced mitigation techniques could be explored in partnership with the client, if required.
5. Certifications
Currently, our infrastructure does not hold SOC 2 certification. However, we follow best practices in security governance and are open to pursuing relevant certifications if necessary. Additional security certifications are available with custom enterprise plans, which can be developed in concert with the client.
Data Privacy of Chipp.ai
1. Data Privacy Management
Data privacy is managed through strict access controls within Google Cloud. Only senior engineering staff have access to sensitive data, ensuring its confidentiality and integrity.
2. Certifications for Data Privacy
While we do not currently hold specific certifications for data privacy, we align our practices with industry standards. Additional privacy requirements can be added on with custom enterprise plans.
3. LGPD Compliance
We are committed to complying with all applicable data privacy regulations, including LGPD, and will work with clients to ensure their data is handled in accordance with these laws.
4. Handling of PCI Cases
PCI is handled by our industry-leading payments provider Stripe.
Dependency and Compatibility of Chipp.ai
1. External Component Dependencies
Our solution depends on LLM providers like OpenAI and Anthropic. These dependencies are managed through API integrations, ensuring compatibility and smooth operation across updates.
2. Managing Dependencies
We monitor and manage external dependencies closely to ensure they do not impact the performance or reliability of the solution.
Business Continuity of Chipp.ai
1. Resilience Techniques
Resilience is built into our platform through Google Cloud’s high-availability architecture and automatic failover capabilities.
2. Disaster Recovery
Disaster recovery is managed through regular database snapshots and the ability to restore from these backups in case of a critical event. Data loss, if any, would be limited to a few hours of recent transactions.
Support of Chipp.ai
1. Support Models
We provide support in English and leverage AI for multilingual support. We offer personalized support for our paying customers via email, Discord and phone calls.
2. Criticality Levels and Service Start
Criticality levels are defined as Severity 1 (Sev1), Severity 2 (Sev2), and so on. Response times are prioritized based on these levels, with Sev1 incidents receiving immediate attention.
3. Ticket Handling
Support requests are currently managed through Discord, where users can submit tickets. While this may not align with traditional enterprise support models, it allows for quick and direct communication with our engineering team.
4. War Room Participation
We can participate in war room-style incident resolution upon request, although this would likely require a premium support agreement.
Monitoring of Chipp.ai
1. Monitoring Options
Monitoring is provided through Google Cloud Platform dashboards, which track both infrastructure and application performance. Alerts are configured to notify us of any significant issues that could impact service levels.
2. SLOs and SLAs
We do not currently have formal SLAs in place but can establish them based on client needs. SLOs are monitored through the same GCP dashboards, with alerts triggered by predefined thresholds.
Diagnostics and Audit of Chipp.ai
1. Audit Logs
Audit logs are securely stored within our Google Cloud VPC, ensuring they remain within a private network. These logs are critical for tracking system activities and diagnosing issues.
2. Diagnostic Logs
Similar to audit logs, diagnostic logs are maintained within our secure environment, providing detailed insights into system performance and issues.
SOX and Identity/Access Management of Chipp.ai
1. SOX Compliance
Currently, we do not have specific SOX compliance measures in place but are open to integrating with external tools like SailPoint and SAP GRC if required by the client.
Project Partners of Chipp.ai
1. Partner Homologation
We do not currently have a formal process for partner homologation, but we are open to discussing specific needs with the client to ensure seamless integration.
Improvements and Phase-out
1. Client-Requested Improvements
Improvements requested by clients are handled on a case-by-case basis, with prioritization based on the impact and feasibility. We do not have a formal SLA for these requests but strive to address them promptly.
2. Contract Termination and Data Purging
Upon contract termination, data is purged permanently from our systems, with the process being carried out manually to ensure thoroughness. Clients can request data recovery before termination, with no strict time limit imposed on these operations.
Success Cases and Cost Model of Chipp.ai
1. Success Cases
We can provide case studies and references from existing clients upon request. These will demonstrate the scalability and functionality of our solution in contexts similar to yours.
2. Cost Model
Our pricing model is flexible and can be adjusted based on scale and operational levels. Larger engagements may benefit from volume discounts or tailored pricing structures.