Skip to main content

AI Security and Data Privacy: Where your data goes when you use Copilot

SqlDBM Support
Updated

This article describes exactly what happens to your data when you use Copilot: where prompts are processed, what is and is not retained, and how the architecture ensures data isolation between customers. Use this as the reference for security reviews, internal AI governance approvals, and procurement conversations.

Scope: This article covers the production Copilot architecture in effect for all SqlDBM accounts. A full AI Security and Data Privacy documentation package (including architecture diagrams, audit attestations, and detailed data flow descriptions) is available under NDA via trust.sqldbm.com or on request from your account manager.

The short version

When you submit a Copilot prompt, the following happens:

  • Your prompt and the relevant schema metadata from your SqlDBM project are sent to AWS Bedrock over the AWS private network.
  • AWS Bedrock invokes a frontier LLM running inside an isolated AWS Model Deployment Account.
  • The model generates a response and returns it to AWS Bedrock.
  • AWS Bedrock returns the response to SqlDBM, which presents it to you in the Copilot panel.
  • AWS Bedrock does not retain your prompt or the response after the request completes. No third-party model provider sees your prompt at all.

The only place your prompt is retained is inside SqlDBM’s optional conversation history, which lives on SqlDBM infrastructure and can be disabled (and permanently deleted) globally by your account administrator.

Data flow: in detail

Step 1: Your prompt leaves your browser. The prompt is transmitted to SqlDBM’s backend over TLS. Schema metadata from your current project (tables, columns, relationships, governance flags, pre-prompts) is assembled server-side to form the full context sent to the model.

Step 2: SqlDBM invokes AWS Bedrock. The full context is sent to AWS Bedrock using the Bedrock InvokeModel API. The call travels over the AWS private network — it does not traverse the public internet. All LLM processing happens in North America, primarily us-west-2, with routing across US and Canada regions for availability and throughput.

Step 3: AWS Bedrock runs the model. AWS Bedrock operates isolated Model Deployment Accounts per region. Model providers supply the LLM weights to AWS; they do not operate the inference environment and cannot access customer interactions. The isolation between model providers and customer data is a core part of the Bedrock architecture.

Step 4: The response returns. The response comes back through the same path. AWS Bedrock does not retain the prompt, the context, or the response after the request completes. Your data is not used to train or fine-tune any AWS or third-party model.

Step 5: SqlDBM presents the response. The response is rendered in your Copilot panel. If conversation history is enabled for your account, a copy of the prompt and response is saved to SqlDBM’s database (encrypted at rest, covered by SOC 2 controls). If history is disabled, nothing is saved.

Who can see your data

Third-party model providers: no access. Because SqlDBM uses AWS Bedrock, no model provider has access to your prompts, context, or responses. Model providers deliver weights to AWS; they do not operate the inference environment.

AWS: no access to the content of your prompts or responses. AWS operates the infrastructure and can see aggregate metrics (request counts, latencies) but does not read customer prompts. AWS’s data handling for Bedrock is documented in the AWS Bedrock Data Protection whitepaper.

SqlDBM: access to your prompts and responses only if conversation history is enabled. SqlDBM support personnel may access conversation history in the course of responding to a support ticket; all such access is logged and covered by SqlDBM’s standard support-access policy.

Other customers on SqlDBM: no access. Each SqlDBM account is isolated, and AWS Bedrock requests are tagged per account. No cross-customer access is possible.

Data residency and geographic processing

All Copilot LLM processing occurs within North America. Specifically:

  • Primary processing region: us-west-2 (US Pacific).
  • Failover and throughput routing: additional US and Canada regions.
  • No processing occurs in European, Asian, or other regions.
  • Data in transit is encrypted using TLS 1.2 or higher.
  • Data does not traverse the public internet once inside AWS.

For customers who require data residency outside North America or inside their own cloud tenant, Bring Your Own Key (BYOK) is planned for a future enterprise release. When BYOK is live, customers will be able to connect their own AWS Bedrock account so that Copilot processing runs inside the customer’s tenant. See “Bring Your Own Key for Copilot” for details.

Model training: your data is not used

SqlDBM does not use customer data to train, fine-tune, or improve any AI model — including internal models or routing logic. This is a firm commitment, not a toggle. Specifically:

  • Schema metadata sent to the model is used only to generate a response in the current session.
  • AWS Bedrock does not use prompts or completions to train AWS models.
  • AWS Bedrock does not distribute customer data to third parties, including model providers.
  • The frontier LLMs accessed through Bedrock were trained on publicly available data prior to SqlDBM’s integration. They are not retrained or fine-tuned on SqlDBM customer data.

Compliance posture

The Copilot stack inherits and extends SqlDBM’s existing compliance program:

  • SqlDBM platform: SOC 2 Type II. Covers platform components including Copilot. Contact your account manager for the current scope attestation.
  • AWS Bedrock: independently audited for SOC, ISO, HIPAA, GDPR, and CSA STAR Level 2 compliance.
  • AI governance policy: SqlDBM maintains a documented AI governance policy covering the full AI system lifecycle: creation, maintenance, testing, operation, and decommissioning. Available under NDA.
  • Risk assessments: internal risk assessments have been conducted covering data flow, prompt injection, output accuracy, and access control. Documentation available under NDA.
  • Penetration testing: the SqlDBM platform is continuously penetration tested as part of SOC 2. AI-specific penetration testing (covering prompt injection, jailbreak resistance, and privilege escalation) is planned as a future security roadmap item (dates TBD). AWS Bedrock is continuously tested by AWS as part of their own compliance program.

For your internal AI governance review

If your organization requires a formal AI governance approval before enabling Copilot, SqlDBM provides a complete documentation package to accelerate the review:

  • Detailed architecture diagram of the prompt-to-response flow.
  • AWS Bedrock Data Protection whitepaper reference.
  • SOC 2 Type II report (under NDA).
  • AI governance policy and risk assessment documentation.
  • Written Q\&A on specific security or compliance questions your team raises.
  • Written confirmation that pilot enablement does not alter your existing MSA, license, or pricing.

Request the package from your account manager or download the generally available portions from trust.sqldbm.com.

Related articles

  • Managing conversation history and the admin toggle
  • Enabling Copilot for your account and users
  • Bring Your Own Key for Copilot

Related articles