Security

Is data encrypted at rest and in transit?

Customer data is encrypted with AES-256 at rest and TLS 1.2+ in transit.

How are input prompts and output being secured?

Input sanitization and output validation methodologies are in place to reduce the risk of common attack vectors (e.g. prompt injection).

How does Juniper Square protect the confidentiality and security of the data that customers are sharing with AI models?

Data shared with AI models by customers are subject to the same security and privacy controls as other customer-provided data. Data protection controls are tested annually as part of Juniper Square's SOC 2 Type 2 report. Additionally, AI models acting on behalf of a particular user of the system can only access the data that the user is entitled to; they are subject to the same data access authorization model as the user-facing parts of the software.

What measures do you have in place to prevent unauthorized access, tampering, or modifications to the AI models?

Models are provided by third-party vendors and subject to the contractual controls provided by those vendors (e.g. OpenAI). Prompts are hardened against potential attack vectors and stored in version-control systems with the same protections as application code for auditability and rollback.

How will you ensure that the data we share with you is used solely for the agreed-upon purposes?

Data shared with Juniper Square will continue to be governed by our publicly available Privacy Policy and contractual commitments to the confidentiality of the customer data. Data protection controls are tested annually as part of Juniper Square's SOC 2 Type 2 report.

AI Model Training and Usage

What AI models do you use? How are they developed and secured?

Juniper Square uses models hosted on commercial LLM-hosting providers like Google Cloud and Amazon Web Services. All vendors are risk-assessed prior to contracting and at contract renewal as part of our overall information security program. Contractual measures are in place to ensure existence and adherence to security and privacy controls.

If using multiple AI models, how would you determine which response to provide the user?

Juniper Square AI products use various LLMs, and we rigorously evaluate them for the best user experience. This involves human and performance-based assessments.

Is customer data used to train Juniper Square’s AI models?

Anonymized and aggregated customer data is used to train AI models while preserving customer IP confidentiality. In the event that we develop additional AI tooling in the future that would require training on individual customer data, we would uphold existing customer confidentiality commitments, such as training customer-specific models for the exclusive use of that customer.

How is customer data used in third-party AI models?

• Data provided to third-party subprocessors providing AI services are treated in the same way as other third-party subprocessors.

• In particular, data is shared on an as-needed basis, and data deletion clauses are included in contracts and govern contractually defined data retention periods.

• Subprocessor agreements stipulate that they cannot use customer data to train their models.

Is the AI functionality in Juniper Square making decisions in the fund lifecycle process?

AI won't make fund lifecycle decisions independently; it will suggest actions for human approval and execution.

How can customers report quality problems?

The ability to report data quality issues is built directly into the product, and can be flagged by users.

Does your organization have a mechanism in place to inform personnel of legal and regulatory considerations of deployed AI/ML models?

• Juniper Square’s product and security teams actively collaborate to track and build features considering AI/ML regulation in scope.

• Juniper Square has formed an AI Governance committee that includes legal, compliance, and technical experts who set ground rules, establish policies, and ensure alignment with evolving standards and regulations.

• All Juniper Square personnel are required to participate in AI training at least once per year.

How are customer-facing AI models tested, evaluated, validated and verified?

Juniper Square uses models hosted on commercial LLM-hosting providers like Google Cloud and Amazon Web Services.

What are the known limitations in the system?

Like all AI use cases, any output should not be relied upon before being reviewed by a human for accuracy.