Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Privacy & Security

            Created by Carolina Martin, Modified on Tue, 16 Dec, 2025 at 12:40 AM by Carolina Martin

            At Coursebox, protecting your data and using AI responsibly are core to how our platform operates. As an AI-powered learning system, we are committed to strong data privacy, security, transparency, and ethical AI practices.

            This page explains how Coursebox safeguards course content and learner data, governs the use of AI, and meets global security and compliance standards—so you can use AI-powered features with confidence and trust.


            AI Governance & Ethics Policy

            Coursebox.ai is committed to leveraging artificial intelligence (AI) responsibly, ensuring fairness, transparency, and accountability in all AI-driven functionalities. This AI Governance & Ethics Policy outlines our principles, processes, and commitments to ensure that our AI systems operate ethically and align with user expectations, regulatory requirements, and societal values.


            1. Ethical Principles

            1.1 Fairness

            We ensure that AI-generated content, decisions, and recommendations are free from bias and inclusive of diverse perspectives. Our processes aim to:

            • Identify and mitigate potential biases in AI models and datasets.
            • Validate content for cultural, societal, and demographic fairness.


            1.2 Transparency

            We are committed to providing clarity about our AI systems. This includes:

            • Informing users when AI is used to generate content, make decisions, or automate processes.
            • Explaining how AI-driven outcomes are generated, where applicable.


            1.3 Accountability

            We hold ourselves accountable for the outputs of our AI systems by:

            • Enabling human oversight for all critical AI outputs, such as course content and assessment grading.
            • Providing clear channels for feedback and issue resolution.


            2. AI Design and Development

            2.1 Use of Pre-Trained Models

            Coursebox.ai leverages industry-standard pre-trained models, such as Azure OpenAI and OpenAI (Davinci). These models are selected for their adherence to ethical AI guidelines and their reliability.


            2.2 Customisation and Fine-Tuning

            When fine-tuning AI models for client-specific requirements:

            • We validate datasets to ensure they are representative, inclusive, and free from harmful biases.
            • All fine-tuning is conducted securely, ensuring client data privacy.


            3. Data Privacy and Security

            3.1 Data Protection

            We comply with global data protection regulations, including GDPR and Australian Privacy Principles, by:

            • Encrypting all data at rest and in transit.
            • Restricting access to authorised personnel only.


            3.2 Data Usage

            Client data is not used to retrain AI models unless explicitly authorised by the client. Any such usage is governed by strict contractual agreements.


            4. Risk Management

            4.1 Bias Mitigation

            To ensure fairness, we:

            • Conduct regular reviews of AI-generated outputs to identify and address biases.
            • Continuously improve prompt engineering to align with ethical standards.


            4.2 Monitoring and Audits

            • Real-time monitoring tools track AI performance and detect anomalies.
            • Regular audits ensure compliance with ethical and regulatory requirements.


            4.3 Handling Model Drift

            When model drift is detected, we:

            • Recalibrate or fine-tune models as needed.
            • Provide human oversight for affected outputs during remediation.


            5. User Empowerment

            5.1 Customisation

            Users have the ability to:

            • Review and modify AI-generated content before publication.

            • Customise prompts and outputs to align with organisational goals.

            5.2 Feedback Mechanisms

            We maintain open channels for users to:

            • Report concerns about AI outputs.

            • Provide feedback to improve system performance and fairness.

            6. Governance Structure

            6.1 Oversight Committee

            An internal AI Ethics and Governance Committee is responsible for:

            • Reviewing AI operations and outputs for ethical compliance.
            • Updating policies and practices in response to technological advancements and user feedback.


            6.2 Review Process

            • Policies are reviewed annually or as needed to align with new regulations and ethical standards.
            • Updates are communicated transparently to stakeholders.


            7. Continuous Improvement

            Coursebox.ai is committed to:

            • Staying informed of advancements in AI ethics and governance.
            • Incorporating best practices and emerging standards into our AI systems.
            • Engaging with users and experts to refine our policies and practices.


            8. Policy Updates

            This AI Governance & Ethics Policy is a living document. Updates will be made as necessary to reflect evolving technologies, regulations, and stakeholder expectations.


            Coursebox.ai strives to build trust and confidence in our AI-driven solutions by upholding the highest ethical standards. This policy is a testament to our commitment to responsible AI development and deployment. 


            For questions or further information, please contact us at support@coursebox.ai.



            Securing AI with Azure OpenAI 

            At Coursebox, protecting client data and ensuring platform security are top priorities. In June 2024, we transitioned to Microsoft’s Azure OpenAI Service to deliver a safer, more compliant environment for all AI-powered features within the platform.


            This move was driven by:

            • Client concerns about data privacy and sensitive information handling.
            • The need for greater transparency and control over how AI models operate.
            • A commitment to meeting enterprise-level security and compliance standards.


            Why Azure OpenAI?

            Unlike the public OpenAI API, which processes data through shared infrastructure, Azure OpenAI Service provides:

            • Enterprise-Grade Security
              • Hosted within Microsoft Azure’s trusted cloud infrastructure.
              • Built-in protections against data leakage and unauthorised access.
            • Data Privacy & Compliance
              • GDPR-aligned data storage and handling.
              • Greater assurance for clients in regulated industries.
            • Transparency & Control
              • Clearer visibility into how AI models manage sensitive or copyrighted content.
              • Options for organisations to set boundaries around AI usage.
            • Reliability & Performance
              • Backed by Azure’s global datacentres with high uptime and resilience.
              • Scalable infrastructure to support growing enterprise needs.


            What This Means for You

            By moving to Azure OpenAI, Coursebox ensures that:

            • Your course content, learner data, and proprietary materials are handled with stricter safeguards.
            • AI-powered features (such as AI Writer, AI Tutor, and AI Video) operate in a controlled, secure environment.
            • Organisations gain confidence and peace of mind knowing their data is not used to train public AI models.



            Coursebox Data Privacy

            Over the last year, some of our clients have asked us if OpenAI retrains based on their documents and data uploaded via OpenAI's Davinci or ChatGPT interface at Coursebox. While OpenAI has stated that they do not use data submitted by customers via the API to train their models unless customers explicitly opt-in, we decided to move to Azure's OpenAI service in June 2024 to provide additional peace of mind about how your data will be used.


            Navigating Data Privacy with AI: OpenAI vs Azure OpenAI Service

            As artificial intelligence (AI) continues to advance, concerns around data privacy and ownership have become increasingly prevalent. Two major players in the AI space, OpenAI and Microsoft's Azure, offer different approaches to handling customer data, each with its own set of implications. In this article, we'll explore the key differences between using OpenAI's API and Azure's OpenAI Service, with a particular emphasis on data privacy and usage.


            The OpenAI Approach

            OpenAI, a renowned AI research company, offers an API that allows developers to access and integrate their language models into various applications. OpenAI has measures in place to protect user privacy and data, as outlined in their privacy policy. They have also clarified that they do not use data submitted by customers via the API to train or improve their models unless customers opt-in. This provides a degree of assurance for businesses concerned about data privacy.


            The key points are:

            • OpenAI does not use your API data to train its models by default.
            • If you want to opt-in and allow OpenAI to use your data for model improvement, you can do so explicitly.
            • There are data retention policies in place, with most endpoints having a 30-day default data retention period after which the data is deleted, unless you choose otherwise.
            • For sensitive applications, zero data retention options are available where request/response data is not persisted at all.


            Note: Your documents and data uploaded through the Davinci API are kept private and not used for training OpenAI's models, maintaining your data privacy, unless you proactively choose to share the data.


            The Azure OpenAI Service Approach

            On the other hand, Microsoft's Azure OpenAI Service takes a different approach, offering greater control and assurance over data usage and privacy. This service allows you to create and manage your own fine-tuned models based on OpenAI's base models. Crucially, this means that you can fine-tune the model using your company's proprietary data, and the resulting fine-tuned model will be specific to your organisation.


            Advantages of Azure OpenAI Service:

            1. Data Privacy and Ownership: Azure provides assurances that your data will not be used for any other purpose or shared with third parties, including OpenAI. This level of data privacy and ownership is a significant advantage for businesses and organisations that handle sensitive or copyrighted information.
            2. Control over Data: By using Azure's OpenAI Service, you can ensure that your copyrighted content is used solely for serving your paid learners, customers, or internal stakeholders. The fine-tuned model created on Azure will be specific to your data and will not be shared or used to train OpenAI's publicly available models.
            3. Customisation: The Azure service allows you to create and manage your own fine-tuned models, offering greater customisation tailored specifically to your organisational needs.
            4. Data Retention: Azure's terms of service explicitly state that customer data will not be accessed or used for any other purpose, addressing any potential concerns about data ownership and privacy.


            Why Azure May Be Better Than OpenAI API:

            1. Increased Data Security: Azure’s data handling policies provide a higher level of security, ensuring that your data remains within your control and is not used to train external models.
            2. Custom Models: The ability to fine-tune models with your own data allows for more accurate and relevant AI solutions tailored to your specific business requirements.
            3. Peace of Mind: For many organisations, data ownership and privacy are paramount. Azure’s clear policies on data usage offer peace of mind that your sensitive information will not be exploited or shared without your consent.


            For many organisations, data ownership and privacy are paramount. Our clients own the copyright to the content available on their instance of the Coursebox LMS, and they understandably want to ensure that this data is not used by OpenAI to train its models and potentially share their copyrighted knowledge with others who are not their paid customers.


            By using Azure's OpenAI Service, we can address these concerns head-on. The fine-tuned model created on Azure will be specific to client data and will not be shared or used to train OpenAI's publicly available models. Azure's terms of service explicitly state that customer data will not be accessed or used for any other purpose, addressing any potential concerns about data ownership and privacy.


            The Choice: Convenience vs. Control

            Ultimately, the decision between using OpenAI's API or Azure's OpenAI Service boils down to a trade-off between convenience and control. OpenAI's API offers a more straightforward and potentially easier integration process, but Azure's OpenAI Service requires more upfront work in terms of fine-tuning the model with your data, but it provides greater control and assurance over data ownership and privacy. This approach may be more suitable for organisations that handle sensitive or copyrighted information and prioritise data privacy and ownership.


            As AI continues to evolve and become more integrated into various industries, the issue of data privacy and ownership will only become more critical. By understanding the differences between OpenAI's API and Azure's OpenAI Service, organisations can make informed decisions that align with their data privacy and ownership priorities.


            References

            • LinkedIn (n.d.) OpenAI API Reference - Superyacht CRM. Available at: LinkedIn
            • Microsoft (2023) What is Azure OpenAI Service? Available at: Microsoft
            • OpenAI (2023a) Privacy Policy. Available at: OpenAI
            • OpenAI (2023b) How your data is used to improve model performance. Available at: OpenAI
            • OpenAI (2023c) Data usage for consumer services FAQ. Available at: OpenAI Help


            Coursebox General Data Protection Regulation (GDPR) Compliance

            Coursebox is committed to protecting the privacy and security of our clients and their learners. As an AI-powered learning platform serving clients globally, we adhere to the General Data Protection Regulation (GDPR), ensuring that all personal

            data of individuals in the European Union (EU), European Economic Area (EEA), and other applicable jurisdictions is handled lawfully, fairly, and transparently.


            Coursebox Pty Ltd has been formally assessed and certified for GDPR compliance by American Quality Standards Registrars (AQSR), accredited by the United States Accreditation Council (USAC).


            Certificate Details:

            - Certificate Number: 17412

            - Date of Registration: 11 June 2025

            - Expiry Date: 10 June 2026

            - Re-certification Date: 10 June 2028

            - Scope: AI-powered learning platform enabling rapid course creation, corporate training, and vocational education solutions, including automation of assessments, tutoring, and content generation.


            What GDPR Compliance Means for Clients

            1. Data Protection & Privacy Rights

            Coursebox upholds the fundamental rights of individuals under GDPR, including access, rectification, erasure ('right to be forgotten'), restriction or objection to processing, and data portability. Clients and their learners can request access to,

            correction of, or deletion of their data at any time.


            2. Lawful Data Processing

            All personal data collected and processed by Coursebox is based on lawful grounds: contractual necessity, legitimate interests, or consent.


            3. Data Security & Safeguards

            Coursebox employs industry best practices aligned with SOC 2 and ISO 27001 standards, including encryption, penetration testing, access controls, and secure hosting environments.


            4. Data Transfers Outside the EU

            Where personal data is transferred outside the EU/EEA, adequate safeguards are ensured through Standard Contractual Clauses (SCCs) and GDPR-compliant cloud providers.


            5. Annual Assessments & Certification

            Our GDPR certification is valid for three years, subject to annual assessments to ensure ongoing compliance.


            What Clients Need to Know

            • For EU and EEA Clients: All data processing activities fully align with GDPR requirements, and Coursebox’s certification may be cited in compliance reporting.
            • For Clients in Other Regions: Even if GDPR is not legally required, Coursebox applies the same high standards globally.
            • Support Requests: Learners or administrators may exercise GDPR rights via Coursebox Support.


            How to Verify Our GDPR Certification

            Clients can verify the authenticity of Coursebox’s GDPR certificate via the AQSR portal at www.aqsrworld.com using Certificate Number 17412.


            In summary: Coursebox is fully GDPR-compliant and certified. We take data protection seriously and provide transparency, security, and control over personal data for all clients, whether in the EU or beyond.



            Hosting with Security

            At Coursebox, we take hosting and security seriously. Our infrastructure is designed to protect your data, provide reliable performance, and meet compliance needs for organisations of all sizes.


            Default Hosting — OVH France

            By default, every Coursebox portal is securely hosted on OVH France, a leading European cloud provider.


            Why OVH France?

            • Security first: ISO/IEC 27001 certified data centres.

            • Compliance: Meets GDPR and EU data protection regulations.

            • Reliability: Redundant infrastructure and daily backups (14 days by default).

            • Performance: Optimised servers for high availability and scalable learning delivery.

            This setup ensures a strong, compliant foundation for your learning platform.


            Add-On Hosting for Business & Enterprise Clients

            We understand that some organisations have specific hosting policies or geographic requirements. That’s why Business and Enterprise clients can choose Google Cloud hosting as an add-on, outside of France.


            Benefits of Google Cloud hosting:

            • Regional flexibility — select hosting closer to your learners or business HQ.

            • Enterprise security — leverage Google’s advanced cloud infrastructure.

            • Scalability — elastic resources for large deployments and rapid growth.

            • Integration — align hosting with existing enterprise Google Cloud setups.


            Which Option Should You Choose?

            • OVH France (included): Best for organisations seeking GDPR compliance and reliable performance out of the box.

            • Google Cloud (add-on): Recommended for larger organisations or enterprises needing hosting in other global regions, or those with strict IT/security requirements.


            How to Enable Custom Hosting

            1. Contact your Coursebox Account Manager or our Support Team.

            2. Let us know your preferred hosting region and add-on requirements.

            3. Our team will guide you through the migration or setup process.


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0