Privacy & Security
Data handling, LLM providers, access control, and opting out of AI features
LLM Provider
The groundcover Agent uses cloud provider LLM services for inference. Currently, all requests are processed through AWS Bedrock running Anthropic Claude models.
AWS Bedrock guarantees:
No model training on your data - your prompts and telemetry data are not used to train or improve the underlying models
No data retention - inputs and outputs are not stored by AWS Bedrock beyond the request lifecycle
Data stays in-region - requests are processed within your configured AWS region
For full details on AWS Bedrock's security posture, see AWS Bedrock Security.
What Data Reaches the LLM
When you ask the Agent a question:
Your prompt and current UI context (page, filters, time range) are sent to the Agent service running within your groundcover deployment
The Agent service queries your telemetry data (logs, traces, metrics) through internal APIs
Relevant query results are passed to the LLM via AWS Bedrock to generate analysis
The response streams back to your browser
Only the data needed to answer your specific question is sent to the LLM. The Agent does not send your entire dataset.
Conversation Storage
Conversation history is stored in a database within your groundcover deployment for session continuity. The Agent also maintains a long-term memory of facts it learns about your environment (e.g., service relationships, common query patterns) - this memory is stored within your deployment and scoped to your tenant.
Access Control
The Agent is only accessible to authenticated groundcover users -- there is no anonymous or public access.
All queries the Agent executes run with your user-level permissions, not elevated or admin privileges. The Agent respects your existing groundcover RBAC configuration and can only access data your account is authorized to see.
Disabling AI Features
AI features can be disabled at the workspace level in your groundcover settings. When disabled, the Agent panel and all AI-related UI elements are hidden. Contact your workspace admin to toggle this setting.
Questions
Contact your groundcover account team if you have questions about data handling or want to discuss your organization's specific security requirements.
Last updated