...
What are the LLMs that can be used? | Any provisioned models can be connected to the system via config. So far all, OpenAI Models have been tested:
Other LLM’s:
|
Is the availability of Azure OpenAI models restricted to certain regions? | Yes, the availability of Azure OpenAI models is dependent on the deployment region. The specific models available in each region can be checked on the Azure website: https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/models This page is regularly updated, allowing users to see when new models become available in different regions. |
Will Azure retire OpenAI models over time? | Yes, Microsoft does retire OpenAI models over time. Information about model retirements is provided on the Azure page under “Model Retirements.” https://learn.microsoft.com/en-us/azure/ai-services/openai/concepts/model-retirements This section includes a table listing the current models, their versions, and the retirement dates. Clients will be informed in advance about any model retirements, as well as new models becoming available in their region. |
What is the difference between model retirement and deprecation communicated by Azure for their provided OpenAI models? | The difference between retirement and deprecation of a model is important to understand:
|
Can models be customized/bring our own models? | Yes, we even have customers that are doing this. |
Is there a platform available for conducting automated tests and comparing results for custom models? | Yes, through benchmarking, it is possible to perform comparisons. There is a documentation for this process: https://unique-ch.atlassian.net/wiki/x/AQDJIw |
How can one train, test, and deploy a model for use with Unique’s solution? | So far, we have not directly trained a model ourselves; instead, our customers have undertaken this task. However, our Data-Science team has provided support and guidance to them throughout the process. |
Does one need to use Azure AI Studio? | There's no need to restrict yourself to Azure AI Studio exclusively. As long as the model can be provisioned, we are capable of integrating it. |
Is it possible to implement version control for models, such as maintaining a development version, publishing a beta version, and continuing to use a previous version? | Yes, within the system, each prompt allows for the selection of the model and its version at will. We practice this on a regular basis, especially with the release of new minor or preview versions from Azure OpenAI. |
Can models be shared by user-groups? | Yes, it can be scoped by user-groups. |
Can models be restricted by | Yes, it can be restricted by user-groups. |
Can token consumption be followed by model or by user-groups? | This feature is currently under development and not available yet. However, an Analytics Framework with downloadable CSV-Reports is already in place and covers these points:
Read more about this here: Analytics A report incl. consumption by assistant/model is planned for Q2 2024. |
Are there several types of prices depending on the models used? | Our pricing model remains fixed, however, the costs of the underlying models set by Microsoft are subject to change and are transparently communicated back to you. Prices may fluctuate. We offer guidance on which prompts require specific models. |
How is visibility kept on the costs related to the API usage? | We report the costs generated on the Subscription on a monthly basis. In the early days of the project, we can negotiate a faster rhythm. |
Is it possible to set token limits for each model or user group, including actions like sending alerts or shutting down the API? | This feature is not available yet and is currently under development, planned for Q3 2024. |
Is it possible to grant standard access to ChatGPT-3.5, replacing the direct access currently provided to certain staff members? | Yes, this is even included in the base configuration of Unique. You can even give access to ChatGPT-4. |
Is your solution offered on the MS Marketplace? | Unique is currently not offered in the MS Marketplace. |
What tests have been done to select the appropriate LLM models? | We conducted benchmarks using our documents, and our clients performed similar tests. This process helps us select the most suitable models for each prompt or use case. While we have evaluated other models, we found that they do not yet match the performance of GPT-4, especially in situations requiring RAG. |
...
How do guardrails work? | The language model operates within a set structure, using only the data provided by the organization to ensure its responses comply with specific standards and do not include external information not given by the company. Furthermore, by including citations in each reply, the origin of the information used in the responses can be traced. |
What tooling is used for pseudonymisation? | A local model is employed, executed directly within the cluster and independent of OpenAI, to recognize names and entities. These identified elements are subsequently substituted with anonymized tokens, which are later restored to their original form. |
How is Document ingestion maintained? | We maintain multiple default ingestion pipelines for the different types of files. See the documentation here: Ingestion Customers can build their own in the context of our Co-Development Agreement if needed. We are improving continuously to get the best possible results for the RAG. |
How long is the retention period for uploaded files? | Clients can configure their retention period for uploaded files how they want. Most of our clients have set it between 2-7 days. |
Are the sources always shared with the users? | Yes, Unique adds references to each answer to indicate to the user where the information is coming from. This happens through the RAG process. |
Can automated workflows be executed? | Yes, we already have customers that use our API to execute workflows autonomously without the intervention of a user. |
How is a continuous feedback loop orchestrated? | As an admin, you can export the user feedback as CSV on demand. There will be monthly meetings with the project lead to analyze the feedback and derive improvement options. |
Can your system integrate with various Identity Providers (IDPs), and does it support seamless user provisioning and login with credentials from external systems? | The IDP can be integrated into our system. Your logins can be used, and users are automatically provisioned. We support the following list: https://zitadel.com/docs/guides/integrate/identity-providers |
What gets anonymized and how does it work? | The anonymization service processes the prompt intended for the OpenAI Endpoint by performing Named-Entity Recognition. It replaces identified entities with placeholders before sending them to the model. Once the model responds, the anonymized placeholders are replaced with the original identifying data. The user will not receive the anonymized entities in the response. Additionally, the data is stored in subscription databases, which are exclusively accessible by the client. |
What happens with client names in the recordings, are they anonymized? | Clients show up as “Participant X” in the recording transcripts until you explicitly assign a name to them. After that, they are recognized by name on other recordings in the same deal. |
How flexible can new services be developed and tested? | This can be done independently developed, and tested. Each developer can run an independent version of FinanceGPT on their local machine to develop without interfering with others. |
How would customized workflows be prepared and released? | If you develop your own assistants that are not coming as part of the default, these assistants need to be deployed. The deployment can be orchestrated by you or us. Below you find a drawing explaining the process. |
Can we view defined users or applications in the tenant? | Yes, this is possible. |
Is there monitoring and alerting for the network? | Yes. |
Is encryption and integrity protection in place for all external (public) network traffic that potentially carries sensitive information? | Yes. |
Do you use an automated source code analysis tool to detect security defects in code prior to production? | Yes, GH Advanced security and trivy. |
What service hosting models and deployment models are provided as part of Unique services? |
|
Is a website supported, hosted, or maintained that has access to customer systems and data? | Yes. |
...
Has a Data Protection Impact Assessment (DPIA) been undertaken for the processing activities. | Yes. |
Have you engaged a third party to assess your organization's privacy compliance? | Yes, ISO 27001 and also SOC 2 Type 1. |
Are the services provided by you outsourced or delegated to any third party and if yes, which parts and to whom? | Yes, Microsoft cloud services. |
Do you notify your tenants when you make material changes to your privacy policy? | Yes. |
What data gets collected for a recording call? | In general, we fetch meeting events from your calendar. We only fetch deal-related data and only data of Unique users and never from the whole organization. |
Is personal data collected from the data subject or from any other sources? | No. |
How is Customer Identifiable Data (CID) handled at Unique? |
|
How do we make sure people do not upload documents they are not allowed to upload? | Uploading documents can be restricted by roles. Furthermore, we encourage you to build your own DLP to prevent ingestion of sensitive data. DLP integration can also be done with us. Refer to: https://unique-ch.atlassian.net/wiki/x/CIDmHQ |
Which sub-processors do you work with? | All mandatory and optional subprocessors are listed in our DPA which can be found here: Trust at Unique. |
Does Unique monitor its (sub)processors to ensure that they are in compliance with applicable privacy legislation? How often do you monitor them? | Yes, we monitor them yearly. |
Do subcontractors such as backup vendors, hosting providers, etc. have access to customer systems and data or processing facilities? | Subcontractors may have access to the cloud provider (Microsoft Azure). |
Has Unique appointed a Data Protection Officer? | Yes (voluntary appointment). |
Is there a privacy awareness training program? If yes, how often are the trainings conducted for the employees? | Yes, during onboarding and yearly. |
Is there a process in place that enables individuals to exercise their data subject rights (e.g., access, update, or correct their personal data)? | Yes. |
If you transfer personal data to a third country, are appropriate safeguards (e.g. Standard Contract Clauses, Binding Corporate Rules) in place? | No, data remains in Switzerland. However, some OpenAI services can come from Europe if agreed. |
Is there a breach notification process in place? | Yes. |
Does Unique process client personal data as a: controller, joint-controller, or processor? | Processor |
Are Cookies used for performance, tracking, analytics, and personalization purposes and can contain non-identifiable/aggregated extracts of such information? | No. Unique does not use any tracking on enterprise tenants, this is only the case on our public SaaS offering. |
What security-relevant events are logged on your servers, workstations, firewalls, and switches? | Authentication events, access logs, error logs, risky sign-ins in Entra, audit logs |
Is there a designated individual responsible for: | Yes, the CDO is responsible for all of those. |
Is there a documented privacy policy or procedures for the protection of personal information collected, transmitted, processed, or maintained on behalf of the clients? | Yes, more information can be found here: https://www.unique.ch/privacy |
...