From 2f3df8ac4812dbb6d8e6bdacae7651e88718a6fc Mon Sep 17 00:00:00 2001
From: elijames-codecov <88844267+elijames-codecov@users.noreply.github.com>
Date: Fri, 6 Sep 2024 14:50:50 -0400
Subject: [PATCH] update ai-ml policy (#11278)

* update ai-ml policy

* fix

* updates tracked
---
 .../security/ai-ml-policy.mdx                  | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/docs/security-legal-pii/security/ai-ml-policy.mdx b/docs/security-legal-pii/security/ai-ml-policy.mdx
index 15559b9090127..4e0da20372b24 100644
--- a/docs/security-legal-pii/security/ai-ml-policy.mdx
+++ b/docs/security-legal-pii/security/ai-ml-policy.mdx
@@ -5,18 +5,16 @@ description: "Learn about Sentry's approach to AI/ML"
 ---
 
 <Note>
-
 These settings will be rolling out to users over the next few weeks.
-
 </Note>
 
-Throughout Sentry’s history, we’ve operated under a policy of [privacy by default](https://sentry.io/lp/privacy-by-default/). This same principal applies to our work in the Artificial Intelligence (AI) and Machine Learning (ML) space, where we want to be just as [transparent](https://blog.sentry.io/terms-of-service-update/) about what data we’re using and why.
+Throughout Sentry’s history, we’ve operated under a policy of [privacy by default](https://sentry.io/lp/privacy-by-default/). This same principle applies to our work in the Artificial Intelligence (AI) and Machine Learning (ML) space, where we want to be just as [transparent](https://blog.sentry.io/terms-of-service-update/) about what data we’re using and why.
 
 Sentry is at a juncture where prior heuristics-based approaches cannot sustain the demands of the product. For example, fingerprinting error events as part of creating groups, has gotten a lot more complicated with the rise of JavaScript and the use of extensions and third-party services.
 
 To train and validate models for grouping, notifications, and workflow improvements, Sentry will need access to additional service data to deliver a better user experience.
 
-You can update these settings within the new “Service Data Usage” section of the **Legal & Compliance** page in [Sentry](https://sentry.io/orgredirect/organizations/:orgslug/settings/legal/), which is located within the “Usage & Billing” Settings.
+You can update these settings within the new “Service Data Usage” section of the Legal & Compliance page in [Sentry](https://sentry.io/orgredirect/organizations/:orgslug/settings/legal/), which is located within the “Usage & Billing” Settings.
 
 ## Use of Non-Identifying Data
 
@@ -38,9 +36,9 @@ For upcoming features like Autofix that use Generative AI and Retrieval Augmente
 - Stack traces
 - Relevant code to linked repositories
 
-All functionality leveraging RAG will require user opt-in. By opting in, you agree to send relevant stack trace and code from your linked repositories to third-party AI subprocessors, as disclosed in our [subprocessor list](https://sentry.io/legal/subprocessors/).
+All functionality leveraging RAG will require user opt-in. By opting in, you agree to our use of relevant stack trace and code from your linked repositories with generative AI models hosted by the feature-specific subprocessors identified on our [subprocessor list](https://sentry.io/legal/subprocessors/).
 
-To ensure our BAA customers can remain HIPAA compliant, we will disable generative AI features in Sentry for all BAA customers by default.
+To ensure our BAA customers can remain HIPAA compliant and that data stays in your selected region, we will disable generative AI features in Sentry for all BAA customers and EU region customers by default where we are unable to flow-down necessary BAA terms or where data storage in the EU region is not available, as applicable.
 
 ## Data Access Summary
 
@@ -69,7 +67,7 @@ To ensure our BAA customers can remain HIPAA compliant, we will disable generati
   <tr>
     <th>Identifying data for generative AI features</th>
     <td>Yes</td>
-    <td>Approved AI subprocessors</td>
+    <td>Approved feature-specific subprocessors</td>
     <td>No</td>
     <td>No</td>
   </tr>
@@ -79,10 +77,10 @@ To ensure our BAA customers can remain HIPAA compliant, we will disable generati
 
 In addition to the consent mechanisms mentioned above:
 
-1. We'll continue to encourage all customers to use our [various data scrubbing tools](https://docs.sentry.io/product/data-management-settings/scrubbing/) so that service data is sanitized before we receive it.
+1. We'll continue to encourage all customers to use our [various data scrubbing tools](https://docs.sentry.io/product/data-management-settings/scrubbing/) so that service data is sanitized before we receive it.
 2. We'll apply the same deletion and retention rules to our training data as we do to the underlying service data. This means that if you delete service data, it will also be removed from our machine learning models automatically.
 3. We'll scrub data for PII before it goes into any training set.
-4. We'll ensure that the only service data presented in the output of any ML feature belongs to the customer using the feature.
-5. We'll only use AI models built in-house or provided by our existing trusted [third-party subprocessors](https://sentry.io/legal/subprocessors/) who have made contractual commitments that are consistent with the above.
+4. We'll ensure that the only service data presented in the output of any generative AI feature belongs to the customer using the feature.
+5. We'll only use AI models built in-house, deployed in our production cloud, or provided by our existing trusted [third-party subprocessors](https://sentry.io/legal/subprocessors/) who have made contractual commitments that are consistent with the above.
 
 We're confident that with these controls in place, we'll be able to use service data to improve our products through AI while at the same time protecting that data.