DocumentAI Training data usage/storage compliance

SrikanthGanta · 11-20-2024 10:16 PM

Hello all!

Context:
We're using DocumentAI in the EU to process our sensitive customer data. We need to train a customer processor to do that effectively.

Question:
Is it necessary to do PII (Personal Identifiable Information) masking to the documents before we send it to DocumentAI? I just want to be sure that the training data isn't stored and used anywhere else for training.
I went through the documentation (https://cloud.google.com/document-ai/docs/security
) on security and compliance for DocAI, but there was no specific mention on how the training data is used (or maybe it was and I missed it, sorry!)

ruthseki

Hi @SrikanthGanta,

Welcome to Google Cloud Community!

According to this page:

For document sharing purposes, PII is any information defined as personal identifiable data under applicable laws. Customers must redact the documents prior to sharing them with Google, for example when voluntarily done for technical support purposes to reproduce a problem.

Here are some documentation that you may find useful:

I hope the above information is helpful.

AbhinavJain14

You don’t need to mask PII before sending documents to DocumentAI, as Google ensures your data is protected and doesn’t use it for training unless explicitly opted in. However, if you have specific privacy or legal requirements, masking is an extra precaution you can take. Google also complies with GDPR, ensuring data is handled securely.