Overview
CloudShare’s AI features are designed with an enterprise-first approach to privacy, ensuring your information remains your own. CloudShare does not use customer content to train public foundation models.
Unlike personal AI tools, we operate in AWS’s private, secure cloud environment (Bedrock) rather than on the public internet, providing a dedicated, isolated space for your organization’s knowledge.
The models we use (Anthropic’s Haiku and Sonnet) were selected for their technical suitability and performance. We continuously conduct feasibility tests and benchmarks with additional models and can easily switch to a different model if needed.
We protect your data through three core layers of security:
- Strict Information Barriers: We organize data so that it is completely siloed by group. The system is designed to prevent unauthorized retrieval across groups and to ensure that users retrieve only content assigned to their organization or class.
- Secure and Selective Access: When you upload documents (PDFs), the system never sends your entire file to the AI. Instead, it searches only for the specific snippet needed to answer a question, keeping the rest of your files private and secure in our internal storage.
- Automatic Data Cleanup: We do not keep a permanent record of interactions. To ensure a minimal data footprint, all user conversations are stored on our internal systems and are automatically deleted once a session or course ends.
Technical Deep Dive - AI Security and Data Sovereignty
Our AI features are built on a private-tenant architecture that uses Anthropic models (Haiku and Sonnet) via Amazon Bedrock.
This infrastructure is designed to maintain customer data control. All data processing occurs within a secure AWS environment. CloudShare uses AWS PrivateLink for connectivity to Amazon Bedrock, helping keep communication within the AWS network and reducing exposure to the public internet.
Crucially, we operate under a Zero Training Policy: no customer-uploaded content or session data is ever shared with third-party model providers (like Anthropic, OpenAI, or Google) or used to train or refine public LLMs.
To ensure strict organizational privacy, we utilize the following technical safeguards:
- Multi-Tenant RAG Isolation: We implement Retrieval-Augmented Generation (RAG) architecture isolation at the index level using AWS Managed OpenSearch. By partitioning vector data by index, we create a logical firewall that ensures a user can only query and retrieve information specific to their assigned class or organization.
- Static Data Handling (Knowledge Bases): Documents (PDFs) are stored in encrypted Amazon S3 buckets. Rather than transmitting full files to the LLM, documents are processed into small text chunks and converted into vector embeddings. During a query, only the most relevant snippets are retrieved and sent to the model as context, ensuring the full document is never exposed.
- Dynamic Data Lifecycle: User conversations are stored exclusively on our internal systems for the duration of the active session. This data is transient by design. We employ automated purging protocols that permanently remove conversation logs at the end of a session, class, or specified timeout period. Conversation data is retained only for the configured session period and deleted according to CloudShare retention policies to ensure no long-term data footprint.
To provide the most accurate context for your security review, it is important to clarify that our platform is a Generative AI solution built on a Retrieval Augmented Generation (RAG) architecture within a secure AWS Bedrock environment.
Because our approach is retrieval-centric rather than model-centric, many traditional questions regarding training datasets, data drift, and specialized hardware (GPUs) are not applicable.
We do not host, train, or modify the weights of the underlying Large Language Models (LLMs). Our infrastructure is designed around Data Sovereignty and Zero Retention principles:
- Generative AI via Secure Orchestration: We leverage the reasoning power of foundation models (like Anthropic’s Haiku and Sonnet via AWS Bedrock) as a stateless engine. The model provides intelligence, but it never learns from your data.
- Zero Training Policy: We never use customer data to train, teach, or fine-tune models (such as via LoRA/QLoRA). Your proprietary information is never incorporated into the permanent memory of the AI.
- Contextual Retrieval (RAG): Rather than storing information within the model layer, our system pulls only the specific, relevant snippets of your data required to answer a query in real time. The retrieved context is used only to generate the response and is not used to train or fine-tune the model.
- Multi-Tenant Isolation: Your data remains siloed within our secure infrastructure. Strict information barriers ensure that retrieval is limited to your authorized environment, preventing any cross-pollination of data.
- Enterprise-Grade Infrastructure: By utilizing AWS Bedrock, the underlying physical security, model versioning, and hardware lifecycle are managed within a high-compliance, enterprise-grade environment.
In short, our architecture is specifically designed to provide the benefits of Generative AI while significantly reducing the specific risks, such as data leakage and model bias, that traditional AI training questionnaires are built to audit.