AI Policy
How we enable AI-powered features with user choice, transparency, and strong data protection.
Effective Date: February 12, 2026
Document Version: 1.0
Last Updated: February 2026
These policies are issued by TOTALSHIFT LEFT TECH PRIVATE LIMITED. Our primary website is totalshiftleft.ai. We also operate totalshiftleft.com, which is under the same company.
Related policies: Privacy Policy · Terms of Service · Security Policy · AI Policy · Cookie Policy
On this page
1. INTRODUCTION
Total Shift Left is committed to responsible artificial intelligence (AI) integration in our API testing platform. This policy outlines our approach to AI usage, data protection practices, and the options available to users for AI-powered features.
This document governs AI-related functionality within our platform and establishes guidelines for data handling, user choice, and security protocols.
2. AI PLATFORM OPTIONS AND USER CHOICE
2.1 Bring Your Own AI Platform (Recommended)
We strongly recommend that users integrate their own AI platform or Large Language Model (LLM) that they trust and with which they have established data governance agreements.
Benefits of using your own AI platform include:
- Complete control over data processing and storage
- Compliance with your organization's specific security policies
- Direct contractual relationships with your chosen AI provider
- Customization options tailored to your testing requirements
- Full transparency regarding AI model capabilities and limitations
2.2 Third-Party AI Platforms (Use at Your Own Risk)
Users may optionally choose to use third-party AI platforms integrated within our Services, including but not limited to:
- Google Gemini
- Anthropic Claude
- OpenAI GPT models
- Microsoft Azure OpenAI Service
- Other supported LLM providers
Important notice: When using third-party AI platforms, you acknowledge and accept that:
- Data processed by these platforms is subject to the third-party provider's terms of service, privacy policies, and data handling practices
- Total Shift Left cannot guarantee how third-party AI providers process, store, or use your data
- You are solely responsible for reviewing and accepting the terms and conditions of third-party AI providers
- Total Shift Left assumes no liability for data handling by third-party AI platforms
- Compliance with your organization's data governance requirements is your responsibility when selecting third-party platforms
2.3 Total Shift Left Private AI Environment
For organizations requiring the highest level of data security and privacy, we offer a private AI environment with enhanced data protection guarantees.
Key features:
- Data not shared: Your API testing data is never shared with external parties, used for model training, or commingled with other customers' data
- Dedicated infrastructure: Isolated AI processing environment specific to your organization
- Enterprise-grade security: Advanced encryption, access controls, and compliance certifications
- Custom data retention policies: Configure data lifecycle management according to your requirements
- Audit trails: Comprehensive logging and monitoring of all AI interactions
To learn more about our Private AI Environment and discuss custom deployment options, please contact our sales team at sales@totalshiftleft.ai.
3. DATA PROTECTION GUIDELINES
3.1 Data Minimization
We implement data minimization principles by only processing data necessary for AI-powered API testing features. Users should review the data sent to AI systems and configure filters to exclude sensitive information when possible.
3.2 Data Encryption
All data transmitted between our Services and AI platforms is encrypted using industry-standard protocols:
- TLS 1.3 or higher for data in transit
- AES-256 encryption for data at rest (in Private AI Environment)
- End-to-end encryption options available for enterprise customers
3.3 Data Retention and Deletion
For TotalShiftLeft.ai Private AI Environment:
- AI processing logs are retained for 90 days by default (configurable)
- Users can request immediate data deletion at any time
- All data is permanently deleted upon account termination within 30 days
For third-party AI platforms: data retention is governed by the respective provider's policies. Users must consult third-party documentation for specific retention periods.
3.4 Access Controls
Access to AI features and associated data is controlled through role-based access control (RBAC). Organizations can define granular permissions to ensure only authorized personnel can enable or use AI-powered testing capabilities.
3.5 Compliance and Certifications
Our Private AI Environment is designed to align with:
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- SOC 2 trust services criteria
- ISO/IEC 27001 concepts
- HIPAA (for healthcare customers with appropriate Business Associate Agreements)
4. USER RESPONSIBILITIES
When using AI features within the Services, users are responsible for:
- Selecting appropriate AI platform: Choosing an AI platform that aligns with your organization's security, privacy, and compliance requirements
- Reviewing third-party terms: Understanding and accepting the terms, privacy policies, and data practices of any third-party AI providers you choose to use
- Data classification: Ensuring that sensitive data is appropriately classified and protected before being processed by AI systems
- Monitoring and validation: Validating AI-generated test results and not relying solely on automated outputs for critical decisions
- Compliance verification: Ensuring your use of AI features complies with applicable laws, regulations, and organizational policies
5. TRANSPARENCY AND DISCLOSURE
We are committed to transparency regarding AI usage:
- All AI-generated content within the platform is clearly labeled
- Users are informed when AI features are enabled or processing their data
- AI model capabilities and limitations are documented in user guides
- Changes to AI providers or policies are communicated to users in advance
6. SECURITY MEASURES
We implement multiple layers of security to protect data processed by AI systems:
- Network security: Firewalls, intrusion detection systems, and DDoS protection
- Authentication: Multi-factor authentication (MFA) and single sign-on (SSO) support
- Monitoring: 24/7 security monitoring and incident response capabilities
- Vulnerability management: Regular security assessments and penetration testing
- Incident response: Established procedures for security incident handling and notification
7. CONTACT INFORMATION
For questions about this AI Policy or to learn more about our Private AI Environment:
- Sales inquiries: sales@totalshiftleft.ai
- Security and privacy: privacy@totalshiftleft.ai and security@totalshiftleft.ai
- General support: support@totalshiftleft.ai
8. POLICY UPDATES
We reserve the right to update this AI Policy as technology, regulations, and best practices evolve. Material changes will be communicated to users at least 30 days in advance via email and platform notifications. Continued use of AI features after policy updates constitutes acceptance of the revised terms.
9. ACKNOWLEDGMENT
By using AI-powered features within the Services, you acknowledge that you have read, understood, and agree to abide by this AI Policy and Data Protection Guidelines. You further acknowledge your responsibility to select appropriate AI platforms and ensure compliance with your organization's data governance requirements.