# GPT Pro
We understand that our customers need to be confident using GPT Pro, and be aware of our data collection practices.
Note
This section is subject to change and we recommend that you check back quarterly for updates.
# Data Management Practices
Through the implementation of its different features, GPT Pro access, processes and stores several kind of data:
- Users data & chat
- Bot configuration
- File
- Plugins configuration
Here is how we're managing data for these different categories:
Data | Accessed | Cached | Stored | Backup | Notes |
---|---|---|---|---|---|
User profiles | ✔ | ✔ | ✔ | 🚫 | Accessed and updated after each login. Stored as long as the organization is active. |
Bot Configuration | ✔ | ✔ | ✔ | 🚫 | Accessed and updated after creation of a bot. Stored as long as the organization is active. |
User data | ✔ | 🚫 | ✔ | 🚫 | Users data (AAD ID, UPN). Stored as long as the organization is active. |
Bot conversations | ✔ | ✔ | ✔ | 🚫 | Bot conversations. Accessed at each time the user connect to the bot. |
Conversations history | ✔ | ✔ | ✔ | 🚫 | Bot conversations history. Accessed at each time the user connect to the bot. |
User feedbacks | ✔ | ✔ | ✔ | 🚫 | User feedback about a bot message. Accessed when an admin coonect to the admin center. |
Document files | ✔ | ✔ | ✔ | 🚫 | Files for the knowledge of the bot. Accessed when the indexer vectorize the content and to check permissons |
Teams files | 🚫 | 🚫 | 🚫 | 🚫 | No access. No cache. No storage. |
TIP
Data is stored in the Azure cloud in France Central region.
# Microsoft Graph
TIP
All permissions are delegated permissions
# Admin center
Scope | Description | Justification | Admin Consent Required |
---|---|---|---|
User.Read | Retrieve the properties and relationships of user object. | Allows GPT Pro to read user information and to display it in the UI. | No |
email | Gives the app access to the user's primary email address in the form of the email claim | No | |
openid | Used to sign in with OpenID Connect | No | |
offline_access | Gives the app access to resources on behalf of the user for an extended time. | When a user approves the offline_access scope, GPT Pro can receive refresh tokens from the Microsoft identity platform token endpoint. Refresh tokens are long-lived. GPT Pro can get new access tokens as older ones expire. | No |
profile | Gives the app access to basic information about the user in the claims. | No | |
User.ReadBasic.All | Used in the add an administrator view to search for a user to promote as an administrator. | No | |
Files.Read.All | Used to read SharePoint library the admin can access. It is used to index the content of the library. This scopes is only used when adding a new library | Allow GPT Pro to access Files within a SharePoint Library to index it and ask question about those files in the bot | No |
TIP
The Azure AD App ID for the admin center is: b2c0dc10-7931-4437-8e5b-21aeb264b648
# Bot
The bot is available from Microsoft Teams Store. It uses Teams SSO to authenticate the user and ask for consent to access files when the user ask a question about a file stored in SharePoint.
Scope | Description | Justification | Admin Consent Required |
---|---|---|---|
User.Read | Retrieve the properties and relationships of user object. | Allows GPT Pro to read user information through SSO. | No |
Files.Read.All | Used to check for access to a specific SharePoint file | We want to ensure right about indexed Sharepoint files. If the user does not have access to it, the files will never be used as GenAI context. | No |
TIP
The Azure AD App ID for the admin center is: a4943772-4dd0-4fad-baaf-2a728b0cb0e0
# Microsoft Graph limits
In addition,Microsoft Graph apply another algorithm (token bucket) based on the complexity of the request. The maximum number of requests applies based on the number of users in the tenant (opens new window).
All the limits are available here (opens new window)
# Architecture and flow diagram
# Plugins
GPT Pro's plugins are designed as APIs, enabling efficient and seamless integration with various systems and applications. HTTPS Protocol:
All plugin communications are secured using HTTPS, ensuring that data transferred between GPT Pro and external services is encrypted and secure. OpenAPI Standards:
These plugins adhere to the OpenAPI standards, which guarantees consistent, accessible, and understandable documentation for developers, fostering a robust and interoperable ecosystem. Data Transmission to Third-Party APIs:
GPT Pro plugins may transmit certain information to third-party APIs. This includes:
- userId: A unique identifier for the user.
- User Display Name: The name displayed for the user.
- Context About the Query: Relevant contextual information to enhance the query's relevance and accuracy.
# Resource Endpoints
All the traffic from and to the GPT Pro platform uses HTTPS protocol on port 443. Here is a short description of each flow:
Name | Comments |
---|---|
admin.gpt-pro.com | for the admin center |
.msecnd.net and *.visualstudio.com | for performance metrics analysis |
token.botframework.com | for the SSO in bot authentication |