Skip to main content

AI Ticket Assistant - Data Privacy & Security FAQ

Overview: This document outlines the technical safeguards, architectural controls, and data privacy protocols governing generative AI features within the Incident IQ (iiQ) platform. For more information, please visit trust.incidentiq.com.


1. Architectural Integrity & Data Privacy

Q: Which AI model does iiQ use, and where is it hosted?
A: iiQ utilizes a private instance of Gemini models. Crucially, all AI processing is kept entirely within our secure, U.S.-based environment. Your data is never accessible to the public, Google, or any other non-iiQ entity.

Q: Is district data used to train or improve AI models?
A: No. District data is never used to train or fine-tune any large language model (LLM). Responses are generated dynamically at runtime and are not retained by or incorporated into the model's permanent knowledge base.

Q: How is data transmitted to the AI layer?
A: All communication with the LLM originates from the iiQ backend, not the user’s browser. This centralized architecture prevents unauthorized use or "hacking" of the AI tool and ensures districts do not need to whitelist additional websites or IP addresses.


2. Access Control & Permissioning

Q: Does the AI have broad access to our district database?
A: No. The AI does not have general access to data. It can only access information via our standard APIs, operating under the exact same permissions as the logged-in user. The AI can only "see" what that specific user is authorized to access within the platform.

Q: Can we control which users or groups have access to AI features?
A: Yes. AI enhancements are strictly opt-in. Administrators can selectively enable or disable AI features based on specific user roles or other attributes within the admin console.


3. Safety, Security, and Compliance

Q: How do you prevent inappropriate use or content generation?
A: We employ specialized sub-agents that actively monitor for illicit or inappropriate content within AI interactions to ensure the safety of the environment.

Q: What measures are in place to protect PII and student records?
A: iiQ’s AI is designed to align with FERPA, COPPA, and state-level frameworks like SOPIPA (CA) and SOPPA (IL). Tickets marked as sensitive are automatically excluded from LLM processing. Furthermore, data is encrypted both in transit (TLS 1.2+) and at rest (AES-256).

Q: How do you mitigate AI "hallucinations"?
A: We use a governed prompt architecture and a domain-restricted knowledge base. The model is restricted to referencing approved iiQ data and K-12 IT workflows rather than the open internet. Additionally, we utilize Human-in-the-Loop (HITL) methodologies, ensuring that technicians remain the final decision-makers for all resolutions.


4. Auditability and Retention

Q: Are AI interactions logged for auditing purposes?
A: Yes. All AI-assisted interactions are captured within iiQ’s system of record. Administrators can audit when AI was invoked, what information was processed, and the resulting actions.

Q: What is the data retention policy for AI-related requests?
A: AI-generated logs follow the same SOC 2-audited retention and deletion policies as standard ticket data. No separate or "shadow" data store exists for AI activity.

Did this answer your question?