At TAIWA, we are building a human transformation platform. We do this is by using power of AI to democratize and customize coaching for organizations and employees, aligned to their mission, values and culture. And since AI need data to function, there can be many questions on what data is collected and used, and how it’s secured. We intend to answer those questions here.
You have a question that’s not not answered here? Reach out to us at support@taiwa.com.
No. Your HR Team can see your engagement with the application, but they cannot see any questions you are asking or answers you receive. Your entire conversations with the coach is available to only you, and is hence fully private.
Your employer can see how many minutes you engage with the application and specific content modules (such as leadership, organizational values etc) that you engage with. This information is used as an input for checking if the content is useful and engaging and if TAIWA is beneficial to the organization.
An example of such engagement is provided below:
This example dashboard shows you how your employer can see the team is aligned with the organization’s Mission, Vision and Values. Please note that the information is always aggregated, and there’s no way for an employer to know “employee X is aligned/not aligned to company vision/values/anything else”.
In addition, the employer can also see the NPS score you provide for TAIWA. This si so they can understand if employees like TAIWA or not.
In summary, you can chat with the app, secure in the confidence that it’s a fully private conversation.
No, they cannot. The only exception is when you flag a response as bad/harmful in which case an anonymized report will be sent to TAIWA and we will be able to see the specific conversation without knowing the identity of the user to evaluate it.
Yes, anonymized conversations are used for the purposes of training and improving our coach.
Anonymization means the following things:
We have strong guardrails in place. If the question is considered as outside the boundaries of safety, the coach stops responding and steers to safer territories. However, it’s important to note that the coach will not report any potentially dangerous questions in the interest of confidentiality.
Please note that having an AI coach is not a replacement for a professional consultation - such as seeking help for a physical or mental condition. In places where coach feels there’s a need for professional help, it would encourage the employee to seek professional help. Consider the responses as guidance and always check with your company and HR if something feels off.
No. TAIWA takes user’s right to data privacy seriously and we do not intend to every monetize your data or sell it to third parties.
1. Does TAIWA follow international standards and regulations in order to keepmy information safe?
Although TAIWA currently does not hold certifications, it adheres to internationalstandards and best practices. TAIWA not only uses high-security data centers that arecertified according to ISO 27001 but also implements a Data Protection Managementand Information Security System oriented towards the same standards.
2. Can I conclude a DPA (Data Processing Agreement) with TAIWA?
A: Yes, of course. In accordance with Art. 28 EU-GDPR, we offer a data processingagreement. This agreement could be completed along with our regular service contract.
Upon creation of a new account, TAIWA stores personal data you provide such asyour full name and email address. When you start using TAIWA, thedata TAIWA stores will depend on your usage of the software - such as your conversations with the coach and the content you explore and consume.
The TAIWA platform infrastructure is provided exclusively in the following regions/server locations: Amazon Web Services on Frankfurt am Main, Germany and is fully compliant with GDPR as well as data sovereignty requirements.
Personal data (name, email id etc) is only stored as long as you are a customer of TAIWA. Organizational data could be kept longer for paying customers, so that financial reporting work, as well as other financial records are kept. Conversations are anonymized (any references to person and organization completely removed) and are kept for training purposes.
We might use external APIs such as OpenAI APIs or Claude to evaluate conversations. However, the personal details of the people initiating the conversations, as well as the organization are not passed to external APIs.
As TAIWA is a B2B application primarily provided to enterprises for their employees, we expect the users to be adults in general. However, it is also to be noted that TAIWA does not capture any personal data of an employee other than email and name.
TAIWA uses both encryption in transit and at rest.
Our system is equipped with advanced monitoring tools that promptly detect and alert us of any unusual activities suggesting a potential data breach. An example of such tools that we use include: Datadog for monitoring our production systems, CloudWatch for monitoring of AWS cloud resources and the applications, and Sentry for our applications.
Our IT team is trained to quickly identify and assess the nature and scope of the incident. Upon detecting a breach, our immediate priority is to contain it to prevent further data loss. We then work to eradicate the cause of the breach, which may involve isolating affected systems, applying security patches, or taking other corrective actions.
In line with legal requirements and our commitment to transparency, we notify all relevant stakeholders, including affected users, regulatory authorities, and law enforcement if necessary. This notification is done in a timely manner, as per GDPR and other applicable laws.
TAIWA do not come under the purview of high-risk data processing activities. However, as a proactive step, we plan to conduct a yearly DPIA from 2024 onwards.
.svg){kind=logo}