Skip to main content

Safe AI commitments

Moodi Mahmoudi avatar
Written by Moodi Mahmoudi
Updated over 2 weeks ago

At a glance

NEXT AI is LLM-agnostic. NEXT AI uses the same security and privacy standards as the rest of NEXT AI (GDPR-aligned controls, SOC 2 scope). Customer content sent to NEXT AI is used only to provide the AI features, and not to train any models. Enterprise customers can route NEXT AI through their own approved AI endpoints (e.g., ChatGPT Enterprise or Azure OpenAI) and keep processing in their chosen region.

How customer data is handled

  • No training on customer content. Customer prompts/inputs and outputs in NEXT AI are processed to deliver the feature and are not used to train any models. This commitment is backed by OpenAI Enterprise and Microsoft Azure OpenAI “no-training” commitments for enterprise use.

  • Inputs/Outputs = Customer Content under the Master Cloud Agreement.

  • Customer choice. Customers can choose the AI models they wish to use based on performance, trust, and data residency preferences.

  • Use customer-approved enterprise endpoints. If your organization already uses ChatGPT Enterprise or Azure OpenAI, NEXT AI can connect to that customer-specific endpoint so your AI traffic is handled by your pre-approved provider.

  • Region choice / EU processing. NEXT provides regional hosting options (including EU). International transfers, if needed, are covered by Standard Contractual Clauses (SCCs) under GDPR.

  • Clear terms. The NEXT AI Supplementary Terms define how AI features work with your content (ownership, usage limits, and SLA nuances for third-party AI infrastructure).

Security basics you can expect

  • Encryption. Data in transit and at rest is encrypted as described in NEXT AI’s security docs.

  • Access controls & monitoring. The same access, logging, and incident processes apply to NEXT AI that apply to the core platform.

  • Minimal subprocessors. NEXT AI keeps a short, vetted list with DPAs and regional options for AI providers. See Data subprocessors in the Help Center for the current list.

  • GDPR/DPA & transfers: NEXT provides a GDPR-compliant DPA and relies on SCCs for international transfers where applicable; see GDPR commitment (and DPA).

  • Data residency & separation: EU default for free workspaces, regional choice for Business/Enterprise, and optional physical separation and country-specific residency of primary infrastructure for Enterprise accounts.

Related topics

FAQ

Q: Does NEXT AI (or its AI providers) train on customer prompts/inputs or outputs?

No. NEXT AI processes your content only to provide the feature. OpenAI’s enterprise offerings and Microsoft’s Azure OpenAI also state they do not train models on enterprise customer data.

Q: Can NEXT AI use customer's own enterprise AI endpoints?

Yes. Customers can connect NEXT AI to ChatGPT Enterprise or Azure OpenAI endpoints your company already approves.

Q: Can customers keep processing in the EU?

Yes. NEXT offers regional hosting for AI models (including EU). When data must move internationally, NEXT relies on SCCs for GDPR-compliant transfers.

Q: Who owns AI inputs and outputs?

Master Cloud Agreement and AI Supplementary Terms clearly state that customer content remains Customer Content, with usage limited to providing the AI feature.

Q: Are there SLA differences for AI features?

Yes. The AI Supplementary Terms explain that third-party AI provider downtime is excluded from uptime/credit calculations. Your standard SLA applies to the NEXT AI service overall.

Q: Which providers does NEXT AI use?

NEXT keeps a minimal, vetted list of subprocessors (including AI providers) with their regions and DPAs. See the Data subprocessors page for the current list.

Did this answer your question?