We have built a bot leveraging Rasa Open Source and Rasa X for our company internal purposes, hosted on premise. The bot can only be accessed while within the company network. However there is some concern within management regarding security of the data being accessed via the Bot. As in whether the data is being sent to any 3rd party sources or if any one has access to any internal data or if RASA itself collects and stores any data.
Can someone suggest the best way to convince regarding data security to the team?
Hello @dearc and sorry for the late response. Rasa and Rasa X do not communicate data with 3rd parties other than:
channels: messages and responses are sent to the channels your connect to your bot
telemetry: which you can disable. Telemetry mainly helps us build a better product. You can see our doc on what we track in Rasa and Rasa X, which also explains that everything is anonymised and no training data is tracked.
