Egnyte Generative Artificial Intelligence (“AI”) Policy

At Egnyte, the generative AI-powered solutions of our all-in-one-platform (“Egnyte Generative AI”) have evolved over the years, from sensitive information classification to detection of anomalous usage patterns, and we have now introduced content intelligence for our users. Throughout all our Egnyte Generative AI innovation, our core values have remained consistent: we continue to strive to provide each customer with a platform that safeguards its most valuable and sensitive information and fuels its essential business processes.

We understand the adoption of Egnyte Generative AI brings uncharted risks and challenges. As such, we have developed this Egnyte Generative AI Policy (“Policy”) to showcase our principles in creating a better Egnyte Generative AI for our users. Note: A separate policy shall govern AI adoption and internal usage within Egnyte’s employee base.

Egnyte may update this Policy from time to time on written notice (which may include posting the updated Policy on Egnyte’s website) to reflect changes in applicable laws, standards, and/or privacy and security practices.

Any capitalized terms herein that are not defined shall have the same meaning ascribed to them in a customer’s agreement with Egnyte.

Generative AI Principles for Egnyte-Developed AI

Our developed Egnyte Generative AI models support Egnyte’s apps and integrations, such as content collaboration, data security, data governance, privacy and compliance, controlled external file sharing, and the integration ecosystem.

Egnyte Generative AI models are built upon the AI principles listed below:

  • Data Privacy and Security.
    • General: Data privacy and security continue to be of utmost importance to Egnyte when developing and implementing Egnyte Generative AI. Each customer remains the owner of its Content and, in using Egnyte Generative AI on Content, a customer is training the Egnyte Generative AI for customer’s use. Egnyte Generative AI’s access to Content is subject to the customer’s Egnyte domain content governance policies and administrative settings. Customer content within a customer’s Egnyte domain will not be (i) made available to other Egnyte customers, (ii) accessible by personnel of Egnyte, or (iii) used for training large language model (“LLM”) AI tools available to the public at large (Egnyte does not currently possess LLM AI tools).
    • Metadata Traits Aggregation: Certain metadata-centric traits relating to Content may be identified by our systems and aggregated with other similar information in Egnyte’s systems to help improve customers’ and users’ experiences in the usage of Egnyte Generative AI. In no manner will Egnyte’s systems be deployed to identify customer proprietary or confidential information to Egnyte personnel, nor allow for the use of such information by Egnyte personnel.
    • Personal Data Protection: Any personal data accessed by Egnyte Generative AI is done so within the framework of a user’s prompt, and the minimum access necessary for creating the response is the norm by design and default. It is noted that since Egnyte personnel do not have access to customer Content, there is no risk that a user’s prompt will expose personal data to Egnyte personnel.
  • Data Residency. Egnyte Generative AI runs on separate deployments by region. This allows for Content subject to applicable data protection laws, such as the General Data Protection Regulation (“GDPR”), to remain in the required region.‍ For clarity, Egnyte Generative AI is deployed in the same region as that within which a customer’s domain exists and cannot be changed to a separate region.
  • Output Explainability. The Egnyte Generative AI solution will cite the source data and its limitations when generating output per a user’s prompt.
  • Data Quality. Egnyte Generative AI augments out-of-the-box foundational models (trained on general knowledge) with domain-specific knowledge related to a user’s prompt and/or task at hand. Customers can select high-quality data sources, such as specific documents or sets of documents, which allow for more specific output generation.
  • Egnyte Generative AI Transparency. Egnyte will continue to: a. identify clearly to users that they are interacting and/or chatting with Egnyte Generative AI when Egnyte Generative AI appears for usage by such users, and b. provide information on how to use Egnyte Generative AI to ensure our customers are receiving the full benefits of its capabilities.

  • Compliance and Bias Reduction. In its operations and offerings, including Egnyte Generative AI, Egnyte strives for compliance with applicable laws and regulations, including any applicable requirements of Regulation (EU) 2024/1689 ("EU AI Act") and the California AI Transparency Act (SB 942). Egnyte Generative AI’s foundation incorporates the principles of bias reduction and discriminatory practices avoidance.

     

AI Classification Model

Egnyte Generative AI does not rise to the level of a “general purpose AI model” as set forth under Article 51 of the EU AI Act. Egnyte Generative AI has not been built to perform multiple tasks, rather its focus is on generating unique output for a particular customer or user as more particularly described above under the principle of “Data Privacy and Security.”

Customer Usage

While Egnyte strives to develop accurate and reliable Egnyte Generative AI output, there are inherent limitations with what AI can generate. It is a customer’s responsibility to conduct human review on all Egnyte Generative AI-generated output. Customer should not rely solely on Egnyte Generative AI when making business decisions, including, but not limited to, critical employment, financial, legal, and health-related determinations, and Egnyte fully disclaims any liability relating to any such reliance by a customer. A customer must ensure its use of Egnyte Generative AI complies with internal policies, obligations, and applicable laws, such as data protection, privacy, and security regulations.

If a customer would like to opt-out of the use of specific Egnyte Generative AI features (e.g., Q&A and Document Summarization), it may do so pursuant to the instructions located here or by written request to: privacy@egnyte.com. For clarity, a customer may not opt-out of the use of Egnyte Generative AI in its entirety.

Third-Party AI Solutions

Egnyte may offer customers and their users the ability to leverage third party AI solutions via API integrations, partnerships, etc. It is not anticipated that any of such solutions will be hosted or supported by Egnyte, and customers using them do so at their own risk.

Subcontractors

A customer should understand that certain functions of Egnyte’s Services, including Egnyte Generative AI, may leverage third-party subcontractors, including third-party cloud providers. Egnyte remains the primary provider of the Services and is responsible for all such subcontracted obligations under our customer agreements. Before we engage with these subcontractors, Egnyte performs due diligence on the subcontractor’s privacy and security practices. Egnyte also executes appropriate contractual agreements with such subcontractors in an effort to meet the requirements of applicable data protection laws.

A current list of Egnyte’s subcontractors/subprocessors may be found at the following link: https://www.egnyte.com/subcontractors.

Last updated: August 2025