Skip to main content

Cutover AI Data Security: What Happens to Your Data

Understand where your data is processed, what is retained, and how Cutover AI protects customer information.

Written by Cutover Documentation Team

Every enterprise security review of an AI feature starts roughly in the same place:

  • Where does my data go?

  • Is my data stored — and if so, for how long?

  • Is my data used to train AI models?

These are the right questions to ask. This article explains, in plain language, how Cutover AI handles your data, what is processed, what is retained, and what we do not do with your information.

At a glance

When you use Cutover AI:

  • Your runbook content, task details, and conversation history are sent to Cutover’s AI service for processing.

  • Requests are processed within AWS Bedrock, in the AWS region configured for your Cutover instance.

  • Customer content is processed in-flight and discarded once the response is returned.

  • We retain operational telemetry only (such as token counts and latency), not customer payload data.

  • Your data is not used to train Cutover AI models or third-party foundation models.

  • The AI operates using the same permissions as the user who invoked it, and all actions are auditable.

1. Where your data goes

AI processing stays within AWS and within your configured geography

When you use Cutover AI, your request is processed by Cutover’s AI service over the same internal service path used by the Cutover platform. The AI service is not exposed to the public internet and is reachable only by tenants using it through Cutover.

The service then calls AWS Bedrock in the AWS region configured for your Cutover instance:

  • US instances are processed in AWS US regions

  • EU instances are processed in AWS EU regions

This is a data sovereignty guarantee, not a configurable default. EU customer data is never processed in US regions, and US customer data is never processed in EU regions.

Cutover uses foundation models hosted through AWS Bedrock, including:

  • Anthropic Claude (primary model)

  • AWS Titan (for specific use cases)

These models run on AWS infrastructure through Bedrock. Third-party model providers do not receive customer requests directly — their models run within AWS infrastructure. Even when traffic moves between AWS services, it remains within the AWS network.

2. What we keep - and what we don’t

Customer content is not stored

Cutover AI processes customer data only for the duration of a request.

Examples of data processed may include:

  • Runbook content

  • Task details

  • Conversation history

  • File uploads used within the AI interaction

This data is:

  • Processed in-flight

  • Used only to generate the requested response

  • Discarded after the response is returned

Cutover does not retain:

  • Prompts

  • AI responses

  • Runbook content

  • Task payloads

  • File contents

  • Conversation content

The full conversation history is stored only locally on your device and is sent to the AI service each time a new request is made to provide the necessary context for generating a response. Cutover does not store this conversation history in a database or retain it after processing.

Customer payload data is not retained in databases, caches, or logs. Requests are isolated from one another, with no shared customer context between sessions or between customers.

Operational telemetry is retained

To operate and monitor the AI service, Cutover retains limited operational telemetry such as:

  • Token counts

  • Model identifier

  • Request latency

  • Tool usage counts

  • Timestamps

  • Service cost metrics

  • Workspace and request IDs for troubleshooting

This telemetry is used to monitor service health, investigate issues, and improve platform reliability.

Telemetry does not include:

  • Customer prompts

  • AI responses

  • Runbook content

  • Task payloads

  • File contents

  • API keys

  • Conversation history

3. What the AI is allowed to access

Cutover AI uses the same permissions as the user

Cutover AI does not have direct access to the Cutover core database.

Instead, it interacts with Cutover using the same Public API available to external integrations, using the credentials of the user who initiated the AI request.

This means:

  • If a user can access a runbook, the AI can access it on their behalf

  • If a user cannot access a runbook, the AI cannot access it either

All actions are:

  • Authenticated

  • Permission-checked

  • Validated

  • Audited

Every AI action is recorded in the platform audit trail in the same way as user actions.

In practice, Cutover AI can only perform actions that a human user could perform manually — it simply does so more quickly and through natural language interaction.

4. Is your data used to train AI models?

No - customer data is not used for model training

Cutover does not fine-tune models on customer data.

Customer inputs and outputs are not used to train:

  • Cutover AI systems

  • AWS-hosted models

  • Third-party foundation models used through AWS Bedrock

AWS Bedrock’s terms prohibit AWS and the third-party model providers it hosts from using customer inputs or outputs to train their models. This commitment is contractual and enforced at the AWS service layer, not dependent on Cutover configuration.

Cutover AI uses off-the-shelf foundation models and techniques such as:

  • Prompt engineering

  • Multi-shot prompting

  • Retrieval-Augmented Generation (RAG) over data already in your Cutover environment

These techniques do not require customer data to become part of model weights.

5. Customer data remains isolated

Each AI request is handled independently.

There is:

  • No shared customer context across tenants

  • No cross-tenant caching

  • No customer data reuse between requests

  • No “learning” from one customer environment to another

One customer’s runbooks and operational data do not influence another customer’s AI responses.

Summary

Cutover AI is designed to process customer data securely and only for the purpose of generating the requested response.

In summary:

Processed within AWS Bedrock in your configured AWS region

Not exposed to the public internet

Customer content processed in-flight and discarded after response

No customer payload data stored in databases, caches or logs

Operational telemetry retained without prompts, outputs, or API keys

Same permissions as the calling user

All actions authenticated and audited

No model training on customer data

AWS contractually prohibits model providers from training on customer inputs or outputs

No cross-tenant data sharing or reuse

If you have additional security or compliance questions about Cutover AI, please contact your Cutover representative or the Support team.

Did this answer your question?