Articles in this section

Azure OpenAI Security & Privacy in AI Nodes

Avatar
Mark Dyer
  • Updated
Follow

Overview

This article explains how data is handled when using AI within Softools workflows, specifically when leveraging Azure OpenAI–powered nodes such as Prompt, Classification, and Web Search.

This article provides reassurance that your data remains secure and is not exposed to the public internet or reused by AI providers, unless explicitly designed in your workflow prompts or integrations.

 

Core Privacy Principles (Azure OpenAI)

All AI nodes using Azure OpenAI operate under Microsoft’s enterprise privacy guarantees:

  • Your prompts (inputs) and completions (outputs):
    • Are NOT shared with other customers
    • Are NOT accessible by OpenAI
    • Are NOT used to train or improve models
    • Are NOT used by Microsoft or third parties without your permission
  • The service runs entirely within Microsoft Azure infrastructure
  • It does NOT interact with the public OpenAI API

In short: your data stays within your controlled Azure environment unless your workflow explicitly sends it elsewhere.

 

 

AI Node Types & Data Exposure

Below is a breakdown of each AI node type and how data flows through it.

1. Azure OpenAI Prompt Node (and Managed Prompt Node)

🎯 What it does

Generates AI responses based on input prompts (e.g. summaries, analysis, recommendations).

⚙️ Data Flow

  • Data sent: Prompt text (including any field values you include)
  • Data received: AI-generated response
  • Data is sent securely to: Your Azure OpenAI endpoint (or Softools-managed Azure instance)

🛡️ Security Position

  • Data remains within Azure OpenAI
  • Not shared externally or reused for training
  • Not visible to other customers

⚠️ When data can be exposed

Only if your prompt explicitly instructs it, for example:

  • “Send this data to an external API”
  • “Generate a webhook payload including customer details”
  • “Include sensitive data in a public-facing response”

The prompt design controls exposure, not the AI service itself.

💡 Example

Safe usage:

Summarise this internal report for management

Potential exposure:

Send this report summary to https://external-system.com/api

 

 

2. Azure OpenAI Classification Node

🎯 What it does

Classifies text into categories for workflow automation (e.g. routing, tagging).

⚙️ Data Flow

  • Data sent: Input text to classify
  • Data received: Classification label(s)
  • Data is sent only to: Azure OpenAI endpoint

🛡️ Security Position

  • No external integrations by default
  • No data persistence or reuse by the model provider
  • Fully contained within Azure

⚠️ When data can be exposed

  • If classification results are later:
    • Sent via webhook
    • Included in emails
    • Stored in externally integrated systems

The node itself is secure — exposure depends on downstream workflow actions.

💡 Example

Safe usage: Classify support tickets into categories

Potential exposure: Use classification result to trigger a webhook containing original sensitive text

 

 

3. Web Search AI Node

🎯 What it does

Performs web searches and returns results for use in workflows.

⚙️ Data Flow

  • Data sent: Search query (which may include dynamic field data)
  • Data received: Public web results

🛡️ Security Position

  • Uses Softools-managed AI infrastructure
  • Only sends the search query, not entire records (unless configured)

⚠️ Key Difference (Important)

This is the only AI node that interacts with external/public data sources

⚠️ When data can be exposed

  • If your search query includes sensitive data:
    • Customer names
    • Internal IDs
    • Confidential text

That information becomes part of a public web search request

💡 Example

Safe usage:

Search: "UK GDPR compliance requirements"

Potential exposure:

Search: "Complaint from John Smith at ACME Ltd about contract breach"

 

 

Privacy & Data Exposure Summary

  • Azure OpenAI is private by design
  • Your data is not used for training or shared externally
  • Data exposure only occurs if your workflow or prompts explicitly send it elsewhere

You remain in full control of how and where your data flows.

AI Node Type Sends Data To External Exposure Risk Key Control
Prompt Node Azure OpenAI ❌ None by default Prompt design
Classification Node Azure OpenAI ❌ None by default Workflow outputs
Web Search Node Public search services ⚠️ Possible Query content

 

 

Best Practices for Secure AI Usage

To ensure your data remains protected:

✅ Do

  • Keep prompts focused on necessary data only
  • Avoid including personally identifiable or sensitive data unless required
  • Review downstream workflow actions (emails, webhooks, integrations)

❌ Avoid

  • Embedding confidential data in web search queries
  • Sending AI outputs directly to public endpoints without validation
  • Over-sharing full records when only partial data is needed

 

 

Managed AI Nodes (Softools-Hosted Azure OpenAI)

When using Managed Prompt or Managed Web Search AI nodes, the Azure OpenAI service is hosted and managed by Softools.

This means you do not need to configure your own Azure OpenAI resource — Softools provides and operates the AI service on your behalf within its Azure environment.

What This Means for Your Data

  • All prompts and responses are processed within Softools-managed Azure OpenAI infrastructure
  • Data remains within Microsoft Azure enterprise environments
  • The same Azure OpenAI privacy guarantees apply:
    • Data is not used for model training
    • Data is not shared with other customers
    • Data is not exposed to the public internet

 

Role of Softools

As the provider of the managed service:

  • Softools acts as the service operator (data processor)
  • Softools may have restricted and controlled access to data only for:
    • Platform operation
    • Troubleshooting and support
    • Maintaining security and performance
  • This access is:
    • Limited to authorised personnel
    • Audited and controlled
    • Not used for AI training or external sharing

 

When to Be Aware

Even when using managed nodes, data exposure can still occur if configured within your workflow, for example:

  • Including sensitive data in a web search query
  • Sending AI outputs via webhooks, email, or third-party integrations
  • Designing prompts that intentionally pass data to external services

The hosting model does not change this — you remain in control of what data is sent where.

 

Key Takeaway

  • Managed AI nodes = Softools-hosted Azure OpenAI
  • Your data stays within secure Azure infrastructure
  • Softools provides the service with controlled operational access only
  • No data is used for training or shared externally unless your workflow explicitly does so

Related articles

Comments

0 comments

Article is closed for comments.