Security & Privacy
      Back to home
      1. Help Center
      2. Security & Privacy

      Sub-processor Notice (Microsoft Azure Open AI) Answers to Frequently Asked Questions (“FAQs”)

      Updated on: March 14, 2024

      This document addresses common questions that may arise with respect to the sub-processor notification distributed by ContractSafe on March 14, 2024, relating to ContractSafe’s use of Microsoft Azure Open AI. This document is provided for informational purposes only, and does not form a part of any agreement for ContractSafe’s services between ContractSafe and its customers.

      1. Does this notice apply to my organization? The new sub-processor notice applies to all customers that currently or in the future use features that ContractSafe provides utilizing Microsoft Azure Open AI. Once these features are enabled (whether by your account Admin or by ContractSafe), Microsoft Azure Open AI will be considered a sub-processor of your company’s personal data. 
      2. What ContractSafe customer data will be transferred to Azure OpenAI? ContractSafe’s AI features involve the processing of contracts and associated data, which may contain personal data related to your contracts and users. In the future, ContractSafe may develop new generative AI product features utilizing Microsoft Azure Open AI’s services, as identified within ContractSafe’s online product documentation and/or sub-processor list. If you elect to use any existing or new generative AI product features, the feature’s functionality and your specific use case(s) will determine the scope of data transferred to Microsoft Azure Open AI. 
      3. How do I disable ContractSafe AI features? Instructions for enabling and disabling ContractSafe AI features can be found in our Help Center.
      4. What will Microsoft Azure Open AI do with my company’s data? Microsoft does not use AI model prompts or completions (customer data inputs and outputs, respectively) to train or improve Azure or OpenAI models or any other Microsoft service made available to other Microsoft customers. Microsoft Azure Open AI does not transfer customer inputs or outputs to OpenAI the company. For more information about how the Azure OpenAI protects customer data, refer to Microsoft’s Data, privacy, and security for Azure OpenAI Service article.
      5. How long will Microsoft Azure OpenAI store my company’s data? The Azure OpenAI service, by default, stores prompts and completions for 30 days for abuse monitoring and human review. 
      6. Does ContractSafe have a data protection agreement and cross border personal data transfer mechanism in place with Microsoft? Yes, ContractSafe’s agreement with Microsoft Azure includes the Microsoft Products and Services Data Protection Addendum, which incorporates the EU Standard Contractual Clauses (SCCs) and is protective of customer data, including personal data contained therein. Please note that all agreements governing ContractSafe’s use of Azure OpenAI are between ContractSafe and Microsoft Corporation, and you do not need to enter into a separate agreement directly with Microsoft in order to use ContractSafe features utilizing Microsoft Azure OpenAI.
      7. What is Microsoft Corporation’s address? Microsoft Azure Open AI, One Microsoft Way Redmond, Washington 98052
      8. Where does ContractSafe publish its list of sub-processors? A complete list of ContractSafe's sub-processors is published publicly here