Q. 

What is AI Studio? 

A: 

Z by HP AI Studio is an enterprise-grade SaaS platform designed for collaboration in local compute environments. With AI Studio users can create an account, download and install the app on Windows or Linux and invite collaborators to start creating AI projects locally and accelerate AI model development.  

Q. 

How are updates provided to AI Studio? 

A: 

Users are made aware of updates to AI Studio by notice provided through the application. Users can then elect to update/install new versions of the software. New features may require that all collaborators update to the latest version to take advantage of features. To update, users will need to visit ‘Account’ > ‘General’ > ‘App Version’ to review release notes and update the software.  Updates are also posted on ZDocs and on the Z by HP Data Science and AI Community.  

Q. 

What cloud technology and data centers are leveraged by AI Studio? 

A: 

AI Studio services are hosted on Amazon Web Services (AWS).  All data associated with a given account is hosted in a single data center. To learn more about AWS, visit https://aws.amazon.com.  AI Studio persists product and usage data in MongoDB. 

AI Studio uses HP-ID as an Identity Provider (IdP).  HP-ID performs user authentication and provides the results of authentication to AI Studio in the form of JWTs (JSON Web Tokens).  HP-ID is hosted on AWS. 

Q. 

How does the data flow throughout the AI Studio activation process? 

A. 

Account owners follow a link received at their designated owner email address. The welcome email includes instructions to download and install the AI Studio application. Account owners onboard additional users by inviting them to the account from within the application.  Users onboard in a similar manner.  Account owners and users are prompted to create an HP-ID account associated with their e-mail address if they have not done so previously.  After logging in, account data is synchronized across the devices of all users according to their role defined within the application by the account owner. 

Q. 

How does data flow between devices and various Z by HP AI Studio components and integrated software solutions? 

A.  

Data created through the use of Z by HP AI Studio (such as notebooks, ML Flow experiments and tensorboard logs) is first stored locally on the device where it originates. Users can share files with other users of the account by placing them in a project’s “shared” folder. AI Studio establishes an end-to-end encrypted peer-to-peer connection between the account users to sync data. If a peer-to-peer connection is not possible due to network restrictions, Z by HP AI Studio will use a relay hosted in the cloud to facilitate the transfer between peers. Cloud relays (and by association HP itself) cannot decrypt the data as it traverses the relay because the associated keys are generated and stored only within the local filesystem of each peer. 

AI Studio offers functionality that allows users to integrate data stored in various cloud storage solutions.  Access to that data is controlled by existing mechanisms established within the user’s IT organization.  When AI Studio accesses the data, it is sent directly to or from the device and then to or from the cloud provider using the cloud provider's software libraries.  

Q. 

Can the customer influence in which region/data center their data is processed or sent to? 

A. 

No. 

Q. 

What data does AI Studio collect and how is it used? 

A: 

AI Studio collects the following data to execute the contract services: 

Q. 

What types of data are not collected by AI Studio? 

A: 

AI Studio does not collect the following types of data: 

• Demographic information (with the exception of country or language preferences). 

• Financial account information, credit or debit card numbers, credit records, or payment data. 

• Social media account information. 

• Government-issued identifier such as social security, social insurance number, or Government ID. 

• Sensitive data such as ethnic origin, political beliefs, trade union membership, health data, sexual orientation, and genetic data. 

• Health information. 

Q. 

Can customers access their telemetry data that AI Studio transfers to the Z BY HP Backend? 

A: 

Telemetry data is anonymized and aggregated before storage and thus cannot be traced back to its origin after collection.  However, customers do get visibility in the app for account insights and delivery of analytics and features. 

Q. 

How often does AI Studio submit telemetry data to cloud services for storage? 

A: 

Telemetry data is submitted on demand based on usage. 

Q. 

How much data is generated and collected by AI Studio and sent to cloud services? 

A: 

Data is collected at the moment of user interaction. If a network connection is not available, data is stored locally for submission until a network connection is available. 

Q. 

What security measures are used by AI Studio to protect personal data? 

A: 

When capturing, transmitting, and storing data, AI Studio uses a variety of security technologies and processes to help protect your personal data from unauthorized access, use, or disclosure. These include: 

• data in transit is protected using TLS 1.2 or better 

• data at rest is protected using AES 256 

• RBAC is used to control access to data 

• only users with a business need are granted access to customer data 

• periodic reviews are performed to ensure RBAC access is up to date 

• AIS uses JWT tokens derived from the authentication process in all requests to backend cloud services. 

• when applicable, data is anonymized by replacing sensitive information with a suitable proxy replacement (e.g. SHA256 or one-way hash) of it before storage 

Q. 

What type of security testing is performed on AI Studio? 

A: 

AI Studio employs various security tests including but not limited to: 

• Penetration testing of all public facing cloud services 

• Static code analysis of all HP source code 

• Container scanning of all HP built images 

AI Studio undergoes these tests for all new functionalities being released and periodically for all minor enhancements to existing functionality. 

Q. 

What are the processes and procedures to ensure physical and environmental security? 

A: 

Most AI Studio cloud services run on Amazon Web Services. Amazon Web Services is responsible for physical and environmental security of its data centers. 

The Amazon Web Services data centers are Tier 3+ as per AWS documentation https://aws.amazon.com/compliance/uptimeinstitute/. 

• The Amazon Web Services compliance and certifications can be found at https://aws.amazon.com/compliance/. 

• Amazon Web Services takes care of protection against external and environmental threats (fire, flood, earthquakes etc.) 

AI Studio uses tools from Amazon Web Services (e.g., Cloud Watch) to monitor the performance of Amazon Web Services 

Q. 

A. 

What authentication and authorization methods does Z by HP AI Studio implement? 

AIS implements authentication and authorization of users using HP-ID. Once authenticated, AIS uses a role-based access control (RBAC) system to authorize requests made on behalf of users throughout the platform.  The RBAC system ensures users may only access the data they are authorized to according to their role.  AIS uses TLS 1.2 and 1.3 to protect data in transit and AES 256 encryption to protect data at rest. 

Q. 

What data can a customer opt-out from sharing with AI Studio? 

A: 

The following table provides opt-out information: 

The application requires specific data to function and deliver application features, including account management and user account analytics shared with the user. Customers are provided the option to consent to terms prior to gaining access to the software. Customers who do not consent will be unable to log in or access features within the application. 

Q. 

How is the data transmission to Z BY HP secured?  

A: 

AI Studio leverages TLS 1.2 or better to transmit data between the device and the U.S. data centers, the U.S. Analytics data center, and the U.S. Identity Management data center. 

Q. 

What ports need to be considered for customer firewalls? 

A: 

No inbound ports are required.  AIS uses port 443 for connections to cloud services.  Locally, AIS uses ephemeral ports (49152-65535) for inter-process communication. 

Q. 

Is data in databases stored securely? 

A: 

All databases in the cloud are encrypted at rest using AWS KMS with keys created, rotated and managed by HP.  Local databases are encrypted with AES256 using a locally generated key that is stored in the platform credential manager.  Windows credential manager and the gnome key ring for Windows and Linux respectively. 

Q. 

Is data securely disposed of when no longer needed? 

A: 

Analytics data is deleted permanently two years after its creation.  Account data is deleted 60 days after the expiration of the account subscription. 

Note: For data protection purposes, all personal data is removed prior to transmission to and storage. 

Q. 

How is access to data restricted? 

A: 

HP controls access to analytics data using RBAC policies.  Periodic reviews are performed to ensure that users with access have a business need.  Users that do have access are required to use 2 factor authentication whenever accessing the data. 

Q. 

Are the data anonymized? 

A: 

Analytics data is stripped of personally identifiable information (PII) before transmission to and storage in the analytics datacenter by replacing PII (e.g. e-mail address, first and last names) with proxy information (e.g. one way hash of the input data). 

Q. 

Does AI Studio share its data with its Z BY HP suppliers, and if so, does it include personal information? 

A: 

Yes, AI Studio shares account, application, contact, and device data with some of Z BY HP's key suppliers to ensure the correct functionality of all AI Studio features. HP Suppliers are contractually bound to by HP guidelines and requirements with regards to collection, use and maintenance of collected data. 

Q. 

Does AI Studio provide separate, dedicated database(s) for customers' exclusive use of their data? 

A: 

No. 

Q. 

Is customer data and information co-hosted with the data from other organizations or companies on the same physical server(s)? 

A: 

Yes. 

Q 

What are the sources and methodology of data capture and frequency of transmission by Z by HP AI Studio? 

A 

The sources and methodology of data capture and frequency of data transmission include: 

Q. 

What is GDPR compliance? 

A: 

The General Data Protection Regulation (GDPR) is a European-wide regulation for the protection of European citizens' data that was established in May 2018 and defined rules related to the protection of natural persons regarding the processing of personal data and rules relating to the free movement of personal data (Ref: https://gdpr-info.eu/art-1-gdpr/). Currently there is no ID or license required or available for GDPR. 

Q. 

What is the Z BY HP and AI Studio approach to GDPR? 

A: 

Z BY HP has a long-standing history of industry leadership in privacy and data protection. Together with our robust portfolio of products and services, we can support our customers' and partners' efforts in protecting personal data. With respect to AI Studio, Z BY HP acts as a Data Processor. Please refer to Data Processor section on Z BY HP Privacy Central. As a global company, it is possible that any information you provide may be transferred to or accessed by Z BY HP entities worldwide in accordance with the Z BY HP Privacy Statement and based on the International Privacy Programs listed in the International Data Transfers section. 

Q. 

Do you have an assigned Data Protection & Privacy Officer or equivalent? 

A: 

Yes. For more information refer to the Frequently Asked Questions (FAQ) in the Data Processor section on Z BY HP Privacy Central.