Seal AI Privacy and Security

Seal integrates AI capabilities powered by Google Cloud’s Generative Language API to enhance productivity while maintaining strict data protection standards. This page provides information regarding AI privacy and security with regards to Google Cloud Platform.
This page offers information regarding AI privacy and security. It does not serve as legal counsel. For binding legal commitments, please refer to Google’s Cloud Data Processing Addendum and Google Cloud AI Privacy Whitepaper.

How Seal AI Works

Seal AI operates through a secure integration with Google Cloud’s AI services. The system architecture follows this flow: 
Seal Platform → Google Cloud Run Server → Google Cloud Generative Language API → Google PostgreSQL Database
Key components include the Seal web platform, Cloud Run serverless hosting, AI service layer, Google’s Generative Language API, and PostgreSQL database with shared or private instance options.

AI Capabilities

Scripts Copilot (Code Generation)
  • Only sees Python script code from script entities
  • No access to actual entity data values or experimental data
  • Used for safe code generation assistance
AI Agent (Entity Processing)
  • Only sees entities within the working change set
  • Access restricted by database-level change set boundaries
  • Used for data analysis and entity processing assistance

Data Protection

Seal’s AI implementation is governed by Google Cloud’s legal commitments. Key protections include:
  • Your data does not train AI models
  • AI-generated content belongs to you as customer data
  • Google does not persistently store or use customer data outside your cloud tenant
  • Data is processed only according to customer instructions
These commitments are documented in the Google Cloud AI Privacy Whitepaper and Google Data Processing Addendum.

Data Processing Principles

  • All AI-generated content belongs to the customer
  • Customer data remains within customer-controlled Google Cloud regions
  • Data used only for contracted AI services, not for model training
  • Complete isolation from other customers’ data
  • Enterprise-grade access controls and encryption

Security Controls

Encryption

  • AES256 encryption for all customer data at rest
  • TLS/HTTPS encryption for all API communications
  • Hardware-level encryption in Google Cloud data centers

Access Controls

  • AI cannot directly query database
  • AI restricted to assigned entity groups (change set boundaries)
  • Role-based access controlled by Seal’s permission system
  • Complete audit trails of all AI interactions

Infrastructure Security

  • ISO 27001 certified security management (Google Cloud)
  • 24/7 security monitoring
  • Immediate breach notification procedures
Google’s security policies mandate encryption at rest for all user data, and authorize access to customer data only as strictly necessary to comply with customer instructions, as documented in the Google Data Processing Addendum.

Operational Safeguards

Data Minimization
  • Scripts Copilot: Only code, no data values
  • AI Agent: Only explicitly provided entities
  • Change set enforcement with database-level boundaries
Geographic Controls
  • Customer choice of data processing regions
  • Data residency compliance options
  • Regional API endpoint selection
Customers can control what regions customer data is stored at-rest when using Generative AI by using the corresponding regional or multi-regional APIs. Retention Controls
  • 30-day automatic log deletion
  • No persistent AI query storage
  • Customer-controlled data deletion rights

Customer Controls

Seal provides multiple levels of control over AI access:

Entity-Level Controls

  • Complete audit trails of AI interactions
  • Disable AI for specific entities (available on request)

Workspace-Level Controls

  • Disable AI for entire workspaces containing sensitive data
  • Enable only Scripts Copilot (code generation) while disabling data processing

System-Level Controls

  • Organization-wide AI policies
  • Role-based AI permissions
  • Complete AI disable options

Implementation Guidance

Compliance

Seal’s AI implementation supports regulatory frameworks through Google Cloud’s enterprise platform:
  • GDPR: European data protection compliance through Google Cloud’s Data Processing Addendum
  • ISO 27001: Google Cloud maintains independent security management certification
Enterprise customers receive complete audit documentation, AI interaction logging, and compliance verification suitable for governance board review.

External Connections

Primary AI Connection

Google Cloud Generative Language API:
  • Purpose: AI text generation and processing
  • Authentication: Secure API key
  • Data Flow: Customer data → Google Cloud → Customer database
  • Protection: Data Processing Addendum coverage

Infrastructure Dependencies

Google Cloud Services:
  • Cloud Run: Serverless application hosting
  • Cloud SQL: Database hosting (optional private instances)
  • Cloud Storage: File storage and processing
  • Cloud Logging: System monitoring (30-day retention, no sensitive data)

Frequently Asked Questions

Does the AI train on my data?

No, we do not use customer data to train AI models. Your data does not train our models, and your content is not shared with or used by any other customers. These commitments are documented in the Google Cloud AI Privacy Whitepaper and Google Data Processing Addendum.

Where is my data processed?

Customer data is processed in Google Cloud data centers within customer-controlled regions. Enterprise customers can choose data processing locations from available GCP regions. Data does not persistently store outside your cloud tenant.

What data can the AI see?

Scripts Copilot: Only Python script code - no access to your actual data values or experimental data. AI Agent: Only entities you explicitly include in change sets. The AI cannot directly access your database or query beyond assigned entity boundaries.

Can I disable AI features?

Yes. Seal provides multiple levels of control:
  • Individual users can choose not to use AI features
  • Specific workspaces can be configured as AI-free zones
  • Organization-wide AI disable available
  • Selective use: enable only Scripts Copilot while disabling data processing

Additional Resources

For more detailed information on Seal AI’s implementation and Google Cloud’s enterprise AI protections, please refer to the following official documentation: Core Documentation: Enterprise Resources: For specific AI governance questions or to discuss additional security controls, please contact support@seal.run.
All referenced documents are official Google Cloud publications that provide independent verification of the privacy, security, and compliance claims made in this documentation.