TL;DR:
To use Altis compliantly, make sure to:
Select the option to automatically redact personally identifiable information (PII) data after uploading or scheduling a conversation to be sent to Altis.
Use a pseudonym or anonymize the names of participants when you identify them during the analysis call flow. For example, consider using first names only without demographics, pseudonyms, unique identifiers (ex: churn IDI #1) or demographic indicators (ex: F, 25-35, US-based).
Set an alert to remind yourself to purge the conversation *and* project data within 90 days of your project being complete.
Use informed consent best practices for recruiting and scheduling your participants. Update your participant agreements to include Altis' use of their data, which you can copy and paste from this article to send to your legal team.
If you need to comply with GDPR regulations as well, make sure to add your participant's email on the "Listen and identify participants" page of the analyze call flow. This will allow us to easily delete all data of theirs upon request.
Our Commitment to Protecting Privacy
At Altis, we recognize the paramount importance of data privacy and protection in our increasingly interconnected world. As technology advances, our responsibility to safeguard personal information becomes more intricate and crucial.
This help article explains Altis' approach to data privacy. The cornerstones of our approach are (1) prioritizing informed consent, (2) compliance with personally identifiable information (PII) data regulations, (3) routine data purging, and (4) encouraging adherence to the General Data Protection Regulation (GDPR).
Table of Contents
Altis' Platform Data Use and Privacy Measures
Altis' platform has been meticulously designed to protect your data privacy by implementing state-of-the-art security measures, including encryption for data both in storage and transit. We also understand the importance of safeguarding personal information, and to achieve this, we have integrated features that facilitate the redaction of personally identifiable information (PII) data. By incorporating these data protection mechanisms, we empower our clients to comply with even the strictest privacy regulations.
At Altis, we collaborate with reputable vendors for transcribing video and audio data. Our chosen transcription and machine learning model vendors employ cutting-edge technology and adhere to the highest security standards, including encrypting data in transit and not storing any of the data that we send to them. Our machine-learning vendors do not use our data to train models, meaning that your information is fully secure.
In addition to these robust security measures, we provide customers with the option to strip video data from conversations and easily substitute pseudonyms or anonymized strings of numbers to represent participants, ensuring comprehensive privacy protection. If you select to redact PII from any call added to Altis, the redaction occurs without ever storing the raw call itself, meaning there is no data trace of the non-redacted file. This capability to protect PII data immediately after collection exemplifies just one of the many ways Altis enables you to protect your participants' privacy more effectively than ever before.
Altis' terms and conditions contains a mutual non-disclosure clause to protect your confidential information by the terms and conditions agreement of our platform. This covers our relationships, including any data that might be shared with sales, support, or with our development team. While this protects your ability to use our platform with confidence, we would like to emphasize that we do not recommend uploading or discussing extremely confidential information, such as intellectual property details or trade secrets, on our platform. While we take extensive measures to ensure the privacy and security of your data, the true best practice for protecting such highly sensitive information is to minimize its exposure online.
We also recommend that if you need to discuss confidential matters with customers or clients, you have them sign a non-disclosure agreement (NDA) or confidentiality agreement before scheduling sessions. This precautionary step helps to safeguard your valuable information and mitigate potential risks.
PII Data Redaction
Altis is fully committed to complying with PII data regulations through data redaction. We understand the importance of protecting sensitive information from unauthorized access and misuse. Our data redaction processes involve the removal or anonymization of personally identifiable information from documents and records, making it challenging for malicious actors to exploit this data. By implementing robust data redaction measures, Altis significantly reduces the risk of data breaches and maintains compliance with various privacy regulations.
PII data redaction is a process that removes or anonymizes sensitive information from documents and records, ensuring that personal data remains confidential. All redacted text will be replaced with # characters. For example, if the phone number 111-2222 was spoken in the audio, it would be transcribed as ###-#### in the text.
Given that PII involves sensitive information, we expect to see 100% redaction rates where the content is transcribed correctly. If something is incorrectly transcribed, it may not be redacted. For example, if a U.S social security number is transcribed and formatted as a telephone number, and you’ve only chosen to redact U.S social security numbers, the social security number won’t be redacted.
For a comprehensive list of the information we redact, view the table below.
Redacted Information Type | Description |
medical_process | Medical process, including treatments, procedures, and tests (e.g., heart surgery, CT scan) |
medical_condition | Name of a medical condition, disease, syndrome, deficit, or disorder (e.g., chronic fatigue syndrome, arrhythmia, depression) |
blood_type | Blood type (e.g., O-, AB positive) |
drug | Medications, vitamins, or supplements (e.g., Advil, Acetaminophen, Panadol) |
injury | Bodily injury (e.g., I broke my arm, I have a sprained wrist) |
number_sequence | A "lazy" rule that will redact any sequence of numbers equal to or greater than 2 |
email_address | Email address (e.g., support@altis.io) |
date_of_birth | Date of Birth (e.g., Date of Birth: March 7,1961) |
phone_number | Telephone or fax number |
us_social_security_number | Social Security Number or equivalent |
credit_card_number | Credit card number |
credit_card_expiration | Expiration date of a credit card |
credit_card_cvv | Credit card verification code (e.g., CVV: 080) |
date | Specific calendar date (e.g., December 18) |
nationality | Terms indicating nationality, ethnicity, or race (e.g., American, Asian, Caucasian) |
event | Name of an event or holiday (e.g., Olympics, Yom Kippur) |
language | Name of a natural language (e.g., Spanish, French) |
location | Any Location reference including mailing address, postal code, city, state, province, or country |
money_amount | Name and/or amount of currency (e.g., 15 pesos, $94.50) |
person_name | Name of a person (e.g., Bob, Doug Jones) |
person_age | Number associated with an age (e.g., 27, 75) |
organization | Name of an organization (e.g., CNN, McDonalds, University of Alaska) |
political_affiliation | Terms referring to a political party, movement, or ideology (e.g., Republican, Liberal) |
occupation | Job title or profession (e.g., professor, actors, engineer, CPA) |
religion | Terms indicating religious affiliation (e.g., Hindu, Catholic) |
drivers_license | Driver’s license number (e.g., DL# 356933-540) |
banking_information | Banking information, including account and routing numbers |
To use this feature, make sure to toggle it on when adding conversations to Altis through our uploading or scheduling conversations features. Right now, we redact everything in this list. In the future, you'll be able to select which types of PII you'd like to redact and which you'd like to not redact.
For now, simply toggle it on, and let Altis handle the rest.
Using Pseudonyms
You can also use Altis to replace customer names with pseudonyms or anonymous strings of numbers. When on the "Listen and identify participants" page of the analyze call flow, simply write in an anonymous name or pseudonym instead of using the customers' actual name.
Informed Consent
In the research community, informed consent plays a pivotal role in protecting data privacy and ensuring ethical research practices. Researchers must obtain informed consent from participants before collecting, processing, or sharing their personal information. This process involves clearly explaining the research objectives, the types of data being collected, potential risks or benefits, and how the collected data will be used, stored, and protected. Informed consent ensures that participants understand the implications of their involvement and voluntarily agree to take part in the research, promoting an ethical and respectful research environment that upholds the rights and autonomy of the individuals involved.
Typically, obtaining informed consent is done upfront, prior to scheduling participants for research activities. This proactive approach allows researchers to address any concerns or questions participants may have, enabling them to make informed decisions about their participation. By providing detailed information about data privacy and security measures, researchers build trust with participants and demonstrate their commitment to protecting their personal information. In turn, this fosters a collaborative and transparent research atmosphere that upholds data privacy and ethical principles while advancing the pursuit of knowledge and discovery.
To comply with our guidelines, be sure to disclose how Altis uses their data on your informed consent agreements. Below are two blurbs you can use to copy and paste into your informed consent to cover your ability to use Altis compliantly.
Basic Data Handling:
Altis employs stringent security measures to protect your personal information, including encrypting your data both in storage and during transit. Additionally, our trusted vendors, who assist in tasks such as transcription and machine learning model development, adhere to strict privacy guidelines and do not store any of your personal data.
Altis has the capability to redact personally identifiable information (PII) from the collected data, ensuring that your sensitive information remains confidential. If you would like us to utilize this PII redaction feature for your data in this study, please inform the [Company Name] research team prior to signing this informed consent agreement and specify what information you prefer to be redacted from your session data.
Compliance with GDPR:
Altis is fully committed to compliance with the General Data Protection Regulation (GDPR). To facilitate seamless communication regarding your data, we use your email address as a means for you to contact us at any time at support@altis.io. You can request the deletion of your data at your discretion, and your email address will only be used for the purpose of communicating with you about the deletion of your data. If you prefer to opt-out and not have your contact information stored anywhere, you may do so; however, please be aware that this may affect our ability to accurately identify and delete your data upon request.
Routine Data Purging
At Altis, we also emphasize the importance of routine data purging to maintain data privacy and security. By frequently reviewing and deleting outdated or unnecessary information, we minimize the amount of data we store, reducing the potential impact of a data breach. Moreover, our routine purging practices aid in compliance with data retention policies and privacy regulations like the GDPR, which focus on data minimization and storage limitation.
In the future, Altis will build features to help you put data purging on autopilot. But until then, please make sure to set a reminder for yourself so you can purge the data manually after you have finished using it. To do this, go to the conversations tab of Altis. Click the three dots menu on any conversation card, and then click delete. Press confirm, and your conversation data will be purged from the platform. After deleting the conversations, be sure to delete any projects that may contain the conversations as well.
Note: In the future, if desired, you will be able to purge conversation data while still retaining project synthesis! Project synthesis is aggregated and anonymized by nature, allowing you to delete conversations to comply with data privacy standards while retaining the learnings of the project for posterity and future reference.
GDPR Compliance
The GDPR is a comprehensive data protection regulation that applies to organizations operating within the European Union (EU) or dealing with the personal data of EU residents. At Altis, we consider compliance with the GDPR not only a legal obligation but also a testament to our commitment to data privacy and security. By adhering to GDPR principles, we can ensure that we are protecting our customers and clients' data, mitigating the risk of regulatory penalties, and maintaining a positive brand reputation.
We comply with GDPR by enabling participants to request data be deleted from the platform at any time. To enable your customers to take advantage of this policy, please use the blurb above in your informed consent or recruiting process.