Last updated: 02/13/2025
This notice describes how the ACCESS Q&A tool ("the assistant") collects, uses, and protects information from your interactions. This notice supplements the ACCESS Data Sharing and Privacy Policy. For general information about the tool, see ACCESS Q&A Tool Information.
What the assistant is
The ACCESS Q&A tool is an AI-powered assistant that answers questions about ACCESS services, resources, and policies. It uses a large language model (LLM) to generate responses based on ACCESS documentation. It is not a human support agent.
Responses are generated by AI and may contain errors. The assistant is not a substitute for official ACCESS documentation, support tickets, or direct communication with ACCESS staff.
What information is collected
When you use the assistant, the following information is collected:
| Data | Where it's collected | Purpose |
|---|---|---|
| Your questions | Sent to the backend API | Processed by the LLM to generate a response |
| Session ID | Generated in your browser, sent with each request | Groups messages into a conversation for the backend |
| Query ID | Generated per question | Correlates questions with responses and ratings |
| Conversation history | Stored in your browser (localStorage) | Allows you to review past conversations locally |
| Your rating (if provided) | Sent to the backend API | Quality assurance and tool improvement |
When you submit a support ticket or security report through the assistant, the following additional information is collected and sent to the ACCESS support team via Atlassian JSM:
| Data | Purpose |
|---|---|
| Name, email, ACCESS ID | Identifies you for the support ticket |
| Issue summary and description | Content of the support request |
| Category, priority, resource | Classifies and routes the ticket |
| File attachments (if provided) | Supporting documentation for the ticket |
What information is NOT collected
- User identity for Q&A questions. The Q&A feature does not collect or transmit your name, email, ACCESS ID, or any personally identifiable information. Your identity is not linked to your questions or the responses you receive.
- IP addresses. The assistant does not log your IP address.
- Browsing history. The assistant does not track your activity outside of the chat.
- Research data. The assistant does not access your files, compute jobs, or allocations.
How your information is used
Q&A questions and responses are used to:
- Generate an AI-powered response to your question
- Monitor response quality and accuracy through ratings
- Improve the tool's knowledge base and response quality over time
- Produce aggregate usage reports (e.g., common question topics)
Support tickets and security reports are processed by the ACCESS support team. This data is governed by the ACCESS Data Sharing and Privacy Policy Section 4.3 (User help requests).
Third-party services
Your data is sent to the following third-party services:
| Service | What is shared | Purpose | Data used for training? |
|---|---|---|---|
| OpenAI API | Your question text | Generates a response using a large language model | No. OpenAI does not train on API data by default (OpenAI API data policy). |
| Atlassian JSM (via Netlify proxy) | Ticket form data (name, email, issue details, attachments) | Creates support tickets for the ACCESS support team | No |
| Google Analytics 4 (via Google Tag Manager) | Session ID, timestamps, question/response lengths, page URL, ratings (no question text or PII) | Usage analytics and service improvement | See Google's data practices |
The Q&A backend is hosted at the University of Kentucky. Questions and responses may be stored by the backend for quality assurance purposes.
What is stored in your browser
The assistant stores the following in your browser's localStorage:
| Key | Content | Purpose |
|---|---|---|
qa_bot_session_messages | Your recent conversation messages (up to 100 messages) | Allows you to review past conversations |
access-qa-bot-session-id | A random session identifier | Groups messages into sessions |
access-qa-bot-tooltip-shown | Whether the tooltip has been shown | Prevents repeated tooltip display |
This data stays in your browser and is not sent to any server. It is stored per domain — if you use the assistant on different ACCESS websites, each site stores its own copy. You can clear it at any time by clearing your browser's site data for the ACCESS site where you used the assistant.
Analytics events
The assistant fires client-side analytics events (e.g., chat opened, question sent, response received, rating sent) that are sent to Google Analytics 4 via Google Tag Manager. These events contain:
- Session ID (random, not linked to your identity)
- Timestamps
- Question and response lengths (not content)
- Page URL where the chat is displayed
- Rating value (if you rate a response)
These events do not contain your question text, response content, or any personally identifiable information.
Cookies
The assistant itself does not set any cookies. API requests include browser credentials, which means any existing cookies for the backend domain are sent with requests. The Q&A backend does not use cookies for user identification.
Your rights
- Opt out. You can choose not to use the assistant. All ACCESS support services remain available at support.access-ci.org without AI processing.
- Clear local data. Clear your browser's localStorage for the ACCESS site where you used the assistant to remove all locally stored conversation history.
- Request data removal. To request removal of your data from the backend, open a ticket with the subject "AI Assistant Data Request."
Changes to this notice
ACCESS will update this notice when the assistant's data practices change materially. Updates will be noted with a revised "last updated" date. Continued use of the assistant after updates constitutes acceptance of the revised notice.
Contact
Questions about this notice or the assistant's data practices may be directed to the ACCESS help desk.