Does Corvana send my confidential business data to ChatGPT or other AI models?

No. Corvana runs an AI Data Firewall that masks confidential information — business names, people's names, ABNs, TFNs, bank details, emails, phone numbers and addresses — before any prompt is sent to an external AI model such as ChatGPT or Claude, and it converts exact revenue figures into ranges. The AI provider only ever sees anonymised placeholders like [BUSINESS_1] and [ABN_1], never your real data. The answer is then un-masked locally on Corvana's side, and every interaction is recorded in an audit trail.

Key facts

How the AI Data Firewall works

When Corvana needs an AI model to help analyse something, the request first passes through a masking layer. That layer detects and replaces sensitive values — your trading name, staff names, ABN, TFN, bank account, Medicare number, email, phone, address and postcode — with neutral placeholders. Exact dollar figures are coarsened into bands (for example, "$1M–$2M") because raw numbers can be sensitive on their own. Only this anonymised version leaves our environment. When the model responds, Corvana swaps the placeholders back so you get a useful, specific answer — but the AI provider never saw who you are.

Why this matters for Australian businesses

Most "AI-powered" tools send your raw data straight to a third-party model. For a business that means your customer list, revenue and identifying details can leave the country and sit in someone else's logs. Corvana was built the opposite way: confidential data is masked at the boundary, the underlying models are used under enterprise terms where inputs are not used for training, and your data is stored in Australia (MongoDB Atlas, hosted on AWS's Sydney region, which is independently assessed under the ACSC IRAP framework at the PROTECTED level).

What government and regulated buyers should know

For government, healthcare, legal and financial buyers, the combination matters: data masking before AI, Australian data residency, AES-256-GCM encryption for sensitive fields, role-based access, and a full audit trail of every data-access and AI-masking event. This supports Australian Privacy Act and APP obligations and provides the evidence trail procurement teams ask for.

Frequently asked questions

Can the AI model see my real revenue or customer names?

No. Names and identifiers are replaced with placeholders and exact financials are converted to ranges before the request leaves Corvana, so the model only ever sees anonymised data.

Is my data used to train the AI?

No. Corvana accesses AI models under enterprise terms where your inputs are not used to train their models, and the AI Data Firewall masks your data before it is ever sent.