Foxit AI Assistant
Security Overview

Foxit Software places a strong emphasis on security to protect its software and user data. We follow secure software development practices, including code reviews and vulnerability assessments, to identify and address potential security vulnerabilities. Encryption is utilized to safeguard sensitive data during transmission and storage. Secure document handling features, such as password protection and digital signatures, are implemented to prevent unauthorized access and tampering. User authentication mechanisms, including password-based authentication and multi-factor authentication, ensure that only authorized individuals can access specific features or perform certain actions.

About Foxit AI Assistant

Foxit AI Assistant is integrated with Azure OpenAI and Azure AI Document Intelligence, both are innovative solutions that help users understand and interact with documents more effectively. By combining advanced artificial intelligence technology with powerful language processing capabilities, the Foxit AI Assistant offers a range of functions that enhance productivity and streamline document comprehension.

• Document Summary - The OpenAI summary service uses artificial intelligence to generate a concise and accurate summary of a given text input.
• Document Re-write - The OpenAI rewrite service uses machine learning to automatically paraphrase or rewrite text while maintaining its original meaning. This service is free up to 100 pages per user per month.
• Content Translation - Translating selected text into corresponding languages. Maximum 2000 characters per prompt, 50 prompts per user per day.
• Document Q&A - Have a conversation with PDF and answer user questions based on PDF content, 50 prompts/questions per user per day.
• Content Explanation - AI-powered feature that provides concise explanations and definitions for selected text.
• Spelling and Grammar Correction - AI-powered feature that automatically detects and corrects spelling and grammar errors in your content.
• SMART PDF COMMANDS - Operate PDF functions through our AI Assistant for efficient document processing.

Foxit's Commitment to AI Security

At Foxit, we have a neutral approach to Large Language Models (LLMs), enabling us to leverage the most effective technology for each specific task. For the generative AI features of Foxit AI Assistant, we currently utilize Microsoft’s Azure OpenAI Service, which is contractually prohibited from manually reviewing or training its LLM on Foxit customer data.

To ensure we provide responsible responses, we use content filtering services to moderate inappropriate content. All reported content, bugs, or vulnerabilities and user-provided feedback are strictly accessible to a limited number of trained Foxit employees. These employees use both algorithmic and manual processes to address reported issues within the Foxit AI Assistant.

No Foxit customer data is used to train or fine-tune any LLMs. For a document to generate summaries and insights, a user must activate the AI Assistant or summary buttons. We also provide guidance on how users and organizations can disable the AI features in Foxit AI Assistant, if desired.

Foxit AI Assistant analyzes the information provided in the document and generates responses based on the document's content and the knowledge base of the model. Chat history remains under the user's control for deletion or query continuation. Except for the chat history retention and any content reported by the user, all other data are automatically deleted from Foxit cloud services after 48 hours.

Foxit AI Assistant provides enterprise-level data security and information governance capabilities, including granular admin-level controls for selecting users or user groups for access. To support data security, we have built robust testing and monitoring methodologies.

All user content, prompts, and responses are encrypted in transit. At rest, any data stored by Foxit AI Assistant is encrypted using AES-256-bit. The AI Assistant responses are for individual consumption only, ensuring privacy even when documents are shared.

Foxit AI Assistant Architecture

• Foxit Editor/Reader for Desktop, Mobile, Cloud - On Foxit Editor/Reader, users can open the AI panel and use AI functions by clicking the AI Assistant button on the toolbar.
• Foxit AI Assistant Service - When using AI Chat, Foxit Editor/Reader sends the target PDF document to Foxit AI Service. Foxit AI Service parses the PDF document and extracts content related to the query, it then calls Azure OpenAI to generate answers. To improve the response time of AI Q&A, the PDF content will be cached for up to 48 hours, and then automatically deleted.

When users use Foxit AI Assistant, AI Assistant mainly generates the following data:

• Chat History - User's chat history. This data is stored in the current session and will be automatically deleted after the session ends.
• PDF Content - PDF content related to the query, including the PDF document and the results of PDF parsing. To improve the response time of AI Q&A, PDF content will be encrypted using AES-256-bit and cached for up to 48 hours, then it will be automatically deleted. The encrypted data is stored in Amazon EFS or Azure Files.

All traffic is encrypted in transit over HTTPS using TLS 1.2 or greater.

Foxit AI Assistant Security Architecture

Data, privacy, and security for Azure OpenAI Service
https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy

When the user engages the AI Assistant button situated on the toolbar, and consents to Foxit's Terms of Service and Privacy Policy, as well as third-party privacy policies, the AI Assistant will proceed to acquire the current user identity from the Editor/Reader (Desktop/Mobile/Cloud). This process is executed based on the Foxit Account Service for the purpose of user identity authentication. Once the authentication process is successfully completed, the AI functionality will be enabled.

• When a user sends a prompt via the chat function, the Foxit Editor/Reader promptly uploads the active PDF document to the Foxit AI Assistant Service for comprehensive document analysis.
• The Foxit AI Assistant Service then dissects the PDF document into structured data, thereby laying the groundwork for an effective response to the user's query.
• During this extraction of PDF content, Document Intelligence is incorporated to enhance the efficiency and accuracy of the extraction process.
• To streamline the response time of the AI-powered Q&A system, the PDF document, along with the results derived from its extraction, are cached for a period of 48 hours.
• Upon receipt of the user's query, the Foxit AI Assistant dispatches the relevant PDF content to Azure Open AI, which is then responsible for generating an appropriate response.
• The Foxit AI Assistant subsequently delivers the generated response to the user's query.

The AI Assistant uses Azure OpenAI's content filtering system to filter out content including the hate, sexual, violence, and self-harm categories, preventing the output of harmful content.

• The development of Foxit AI Assistant complies with OWASP, a rigorously secure programing framework. And it took anti-virus, penetration, and vulnerability tests before releases.
• All web APIs are called via the HTTPS protocol, including calls to the Foxit AI Assistant Service API and Azure OpenAI API. This ensures the security of document and user’s data transmission.
• The databases used in the service (User Business Data/Vector Store) are not exposed to the public. They are protected by a firewall and can only be accessed within the internal network.
• User prompts (inputs), completions (outputs) and User document content are not stored permanently in Foxit AI Assistant Service, for performance reason,
  • User prompts (inputs) and User document content will be uploaded onto Azure Storage and processed by Microsoft and be temporarily stored in the same region as the request before being deleted within 24 hours;
  • Completions (outputs) will be stored in the same region in Azure Storage as the request before being deleted within 24 hours.
• The Azure AI services used by the AI Assistant has its own security standards. For details, refer to: https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy and https://learn.microsoft.com/en-us/legal/cognitive-services/document-intelligence/data-privacy-security?toc=%2Fazure%2Fai-services%2Fdocument-intelligence%2Ftoc.json&bc=%2Fazure%2Fai-services%2Fdocument-intelligence%2Fbreadcrumb%2Ftoc.json.