Add transparency on data protection and use with the chatbot
robvanderveer opened this issue · comments
I suggest to add the text to the chatcre page: "Your question will travel to bla over a protected connection, and will be removed after your session ends (??correct??). There is a small risk that your question can be eavesdropped by a potential attacker that has compromised the ChatCRE server. Bla - add more attack vectors."
Let's set a good example.
Talking about compromises is scary to people, how about
Disclaimer:
ChatCRE uses Google's PALM2 LLM, you can find the code for OpenCRE in https://github.com/owaps/OpenCRE.
Your question travels to Heroku (OpenCRE hosting provider) and then to GCP over a protected connection.
Your data is never stored in the OpenCRE servers, you can start a new session by refreshing your page.
The OpenCRE team has taken all reasonable precautions we could think off to protect your privacy and security.
Good read. I suggest to change the term disclaimer to something else. Disclaimers are for waiving liability. Better just remove that word.