AI Usage in Middleware
Middleware leverages AI to provide insightful reports on sprint performance and pull request (PR) analytics, helping teams optimize their development processes. This page outlines how we use AI and the measures we take to ensure data security and privacy.
Sprint Insights
We use AI to generate reports summarizing sprint performance. To protect sensitive information, we do not send any issue descriptions or other potentially sensitive fields to our AI integration. The following metadata is shared:
- Issue titles
- Issue authors
- Issue status in sprint
- Assignees
- Reporters
- Start and end states of issues within a sprint
- Date-related fields
- Time spent in various states by issues
- No issue descriptions or comments are shared.
- No custom fields are shared.
Custom fields are skipped to avoid sending potentially sensitive data to AI.
Pull Request Insights
AI is used to analyze PR data and provide insights into code delivery performance. The following data points are shared:
- PR number
- PR title
- PR authors
- Reviewers
- Number of lines changed
- Number of lines added, and deleted
- Number of commits
- Cycle time and lead time metrics, including breakdown metrics
- Analytics numbers displayed in PR Tables within Middleware
- No commit messages are shared.
- No comments/review content.
- No code data is shared.
Middleware does not sync, store, or even access code data. Therefore, we cannot provide any code-level analysis, even without AI.
Quick Configuration
Quick Configuration refers to small settings adjustments that can be automatically applied with a single click. The LLM powering this feature receives no organizational context and is provided only the limited data already visible in the specific UI area. This feature is currently in limited release.
Ask AI
Ask AI comes in different versions, each with varying capabilities and data access:
- Ask AI v1 [Limited Release]: This is a full-fledged AI-powered chat that can access insights of the last 90 days Middleware has synced for your organization.
- Additionally, it can access any extra data you consent to sharing before the chat has started. No extra data is shared after the chat has started.
- The same metadata filtering applied to Sprint Insights and Pull Request Insights is also applied to Ask AI v1.
- Ask AI v1 is in limited release and may not be available to all organizations.
- Ask AI v2 [In Development]: This is a more capable two-way AI agent that can also access data you create on Middleware, such as teams, users (including identity mappings like GitHub and Jira usernames), and settings changes.
- Data is only shared as needed during the conversation, and not all at once (this is opposite of Ask AI v1).
- Simply starting a conversation without sending any messages does not share any data with AI either.
- Data is shared based on the specific requests made by the user. For example, if the user never asks anything about code delivery but only asks about running their sprints, code-related insights are not shared with the AI during that chat session.
We are committed to data privacy and security, and are using OpenAI's LLMs.
For more information on our privacy policy, visit here.
For more information on their privacy policies, please see OpenAI's commitment to privacy.
Data Security and Compliance
We are SOC 2 Type 2 certified, demonstrating our commitment to data security and privacy. This certification means that, in addition to our own rigorous security practices, every tool we use internally is also SOC 2 Type 2 certified (or equivalent). This ensures a high standard of security across our entire ecosystem.