Davis CoPilot data privacy and security

At Dynatrace, we take our responsibility to safeguard your data seriously. Understand how Davis CoPilot uses your data and understand your responsibility to keep your data secure.

Prompt data

Although we mask PII, we still recommend exercising caution when including personal or confidential information in your prompts.

Your prompts are sent to a third-party vendor, Microsoft Azure OpenAI Service, which provides the LLM behind Davis CoPilot. Microsoft Azure OpenAI Service does not store the data you submit or the responses you receive. The prompts you submit and the responses you receive are used only to serve your experience. Microsoft Azure OpenAI Service also does not use the prompts to fine-tune or improve any models or services, or to train models across customers or environments.

Each data request is sent to Azure OpenAI individually, over an SSL-encrypted service, processed by Azure, and sent back to Dynatrace. If your environment is located in EMEA, your prompts are processed in an EU region. If your environment is located in NORAM, LATAM, or APAC, your prompts are processed in a US region.

Dynatrace may store the prompts submitted to Davis CoPilot and the responses provided by the LLMs to understand the use cases, contextualize the feedback on the responses, and identify additional user expectations.

Learn more about the Davis CoPilot architecture and data flow.

Personal Identifiable Information masking

Dynatrace version 1.305+

Starting with Dynatrace version 1.305, Personal Identifiable Information masking is in place for user prompts. This ensures that sensitive information included in your prompts won't be forwarded to Microsoft Azure OpenAI.

Currently masked fields include:

  • Email address
  • Phone number
  • IBAN information
  • Credit card number
  • IP address
  • US bank number
  • US social security number
  • US ABA routing numbers
  • URL query parameters
  • Canadian Social Insurance Number (SIN)

In our logs and calls to LLM models, we replace values from the identified patterns above with fake patterns. This means that you'll be able see IBANs in logs, for example, but they'll be made up of random numbers, replacing the original values included in your prompts.