Ask HN: How to ensure privacy while building a chatbot?

2 points by osm3000 ↗ HN
I am looking for pointers on how to ensure the privacy of the conversations in the design of a chatbot.

I am developing a chatbot on telegram & whatsapp to assist people in learning language.

I would very much like people to use it, without being used.

1. I want to offer satisfying privacy/encryption for those conversations, and some assurances that this is being honored (hopefully by design).

2. I use OpenAI APIs in the bot, so I need to decrypt these conversations before using the APIs, encrypt them again once the response has been delivered.

Any pointers would be most welcome.

3 comments

[ 6.6 ms ] story [ 19.0 ms ] thread
> I use OpenAI APIs in the bot

I don't think that you can really ensure privacy if you're using someone else's LLM, because you have no control over what that someone else is going to do.

True, but if we take their word on it https://openai.com/enterprise-privacy

then i don't see an issue

Taking a privacy policy at its word is not really "protecting privacy", in my opinion. It's just thinking that as long as they pinky-swear, then there is no privacy issue.

Even if the company intends on adhering to the policy, the policy does nothing to protect against that company itself being hacked.

It still represents a risk.