How CyberPilot Uses AI - And how we protect tour data
Here is a transparent overview of how we use AI today and how we safeguard your data.
At CyberPilot, we use Artificial Intelligence (AI) to improve the user experience and support our customers more efficiently. Just as importantly, we are extremely careful about not exposing personal data (PII) or any other sensitive information to external AI systems.
Our AI Services
We currently use two AI services:
1. Amazon Bedrock (within our product)
Amazon Bedrock is used to power certain intelligent features inside our platform. Here is how we use it, and how we protect your data:
- When our system sends prompts to Bedrock, we only pass non-sensitive information, for example generic training history (e.g., "Module X completed"), without names, emails, or identifiers.
- Bedrock is accessed only through our application code, and all requests are strictly controlled.
This ensures that Amazon does not receive or process any customer-specific or personal information when we use Bedrock.
For now, we continue to run these AI features through Amazon Bedrock. Over time, our goal is to move this part to a fully European setup as well. Our first priority has been the hosting environment where we process personal data, which is why that migration came first. Because no personal data is ever sent to Bedrock, this AI service carries a lower data protection risk.
2. Intercom Fin (customer support assistant)
Intercom Fin is used on our website and inside our support chat.
-
Fin does not have access to any customer data stored in CyberPilot's systems.
Fin is trained exclusively on CyberPedia, our public-facing knowledge base.
When you chat with Fin, it only sees the messages you type, and we never connect these to your training data or account information.
All personal support needs are handled by a human before anything sensitive is discussed.
This ensures that Fin operates purely as a general help assistant, without access to internal or personal data.
Where your data is hosted
Protecting your data also depends on where that data physically lives. Today, the CyberPilot platform runs on Amazon Web Services (AWS) in the EU (Frankfurt) region, which means all customer data is already stored and processed within the EU under GDPR.
We are now moving our infrastructure to Scannet, a Danish hosting provider and part of the TeamBlue group. This migration brings our hosting fully into Denmark and gives you Danish and EU based data residency end to end.
What this means for you:
- Your data stays within the EU throughout the migration, with no interruption to the service.
- Once the move is complete, all compute, storage, and database services run on Danish infrastructure.
- The change strengthens our GDPR posture and reduces our reliance on non European cloud providers.
We are carrying out the migration in structured phases and running both environments in parallel until every customer has been moved, so your training, phishing simulations, and reporting continue uninterrupted.
Our Commitment to Data Protection
Across both services, we follow these principles:
- No Personal data is sent to external AI systems.
- AI is only used on internal or public content.
- Customer data always stays within our secure platform.
- Your data is hosted within the EU, and we are moving to Danish based hosting with Scannet.
- We continuously review our AI usage to ensure compliance with GDPR and best-practice data protection.
If you have questions about our use of AI or want a deeper technical explanation, we're always happy to help.