Sidekick Platform - Security & Architecture FAQ

Platform Data Usage

Q1: Does the Sidekick platform use client data by default?

No, the pre-built assistants (e.g., Tax Assistant, Law Assistant) do not integrate with client data unless explicitly requested by the client. Clients retain full control over their data usage and integration.

Q2: How does the knowledge base assistant handle client data?

The Knowledgebase Assistant can integrate with a client’s database, but this requires integration and customisation. Clients need to manually curate the documents or datasets to include, ensuring they control and approve what is accessible to the Assistant.

Data Hosting, Data Integration and Security

Q3: Where is the Sidekick platform and associated client data hosted?

The Sidekick platform is deployed in the client’s Azure subscription, typically hosted in the Microsoft Azure Australia East region. The platform components include web services, containerised assistant services, storage accounts, PostgreSQL databases, and monitoring services—all within the client-controlled Azure environment.

Q4: Does data leave the client’s Azure environment?

No. All platform data, including uploaded files, chat transcripts, and knowledgebase content—remains within the client’s Azure subscription. propella.ai accesses resources only through Azure DevOps pipelines and service principals during deployment and backup.

Q5: How does the platform ensure data security with enterprise data integration?

All enterprise data that is made accessible to the Sidekick platform is stored in Azure blob storage. Clients select and upload specific documents (or folders), ensuring they have full control of what data is made accessible. This approach avoids direct integration with platforms like SharePoint, which provide access to ALL documents by default and can cause access permission issues (i.e. documents can be inadvertently shared with unauthorised platform users).

Q6: Does the platform provide real-time data access?

For internal data integrated into Assistants, not by default. For example, the Knowledgebase Assistant requires curated datasets that clients upload. The platform does not automatically access or sync with the source systems in real-time, like SharePoint. However, access to external data on the internet (which can be done via the Research Assistant, and specific Assistants like the Tax and Law ones) does occur in real-time.

Q7: How does the platform handle sensitive data like emails or historical records?

Clients control the data added to the platform, ensuring sensitive information like email archives is only included if necessary and approved by the Client.

Q8: Does the platform integrate with tools like SharePoint or Google Workspace?

Not directly. Currently, the platform uses Azure blob storage, allowing clients to curate and upload selected documents to the Sidekick platform for integration. This approach ensures better permission and security control.

Billing and Maintenance

Q9: How is the platform billed?

Infrastructure is provisioned directly under the client’s Azure subscription (which can be set-up if the Client does not have one already). All costs appear on the client’s monthly Azure bill, ensuring transparency and direct control over billing.

Q10: How is licensing to OpenAI or other providers managed, for access to AI models on the platform?

Access to the AI models (e.g. OpenAI's GPT-4o model which is used in ChatGPT) is managed within the Client's Azure subscription. Billing for use of models within the AI Assistants is based on consumption (i.e. number of chats and chat items performed on the platform). This will be visible within the monthly Azure subscription billing as a separate line item. Note that pricing for model consumption periodically changes (typically falling for existing models, but increasing for newer more sophisticated models - e.g. OpenAI's o1 model). propella monitors this pricing, seeking to provide the most cost effective platform service for clients.

Q11: What measures are in place for maintenance?

The Sidekick team manages the infrastructure (e.g., databases like Postgres) and automatically pushes application updates. From time-to-time, platform updates will be scheduled to push out new features and fixes to each Client's Sidekick platform deployment. This will be conducted out of hours to minimise disruption to each Client's business. Clients maintain and manage their curated datasets as required.

Q12: Is any uploaded data or user interaction used to train or improve AI models?

No. All client data, including chat prompts and files, are not used for model training or improvement by Propella, Microsoft, or OpenAI. Data remains within the client’s Azure subscription and is not shared externally.

Q13: Does propella access client data?

No. The Sidekick platform is designed so that all data access and control remain within the client’s Azure environment. Propella does not view, process, or store client data outside that environment.

Q14: Does the Sidekick platform support self-service features?

Yes. Users can access Assistants through a secure web portal, and appointed client staff can manage knowledgebase content by uploading or deleting files.

Q15: How is access to the platform secured?

Access is managed using Azure Active Directory (Entra ID), with enforcement of RBAC, MFA, and logging of all access events in Azure Log Analytics. Role-based permissions follow least privilege principles.

Q16: Are prompts or responses shared with Microsoft or OpenAI for monitoring?

No. All prompts and responses are stored within the client’s Azure subscription. Abuse monitoring or sharing with external parties is not enabled by default and would require explicit configuration by the client.

Q18: Has the platform or provider achieved any certifications?

While Propella has not yet achieved standalone certifications, the platform leverages Microsoft Azure, which is certified for ISO 27001, SOC 2, and Tier 3+ data centres. Security reviews are conducted via Azure Security