To help you get the most value from AI Configurations in the PIM, we strongly recommend following the guides below:
- AI Configuration Overview
- Creating & Managing AI Configuration
- Executing AI Configurations
- Useful AI Configurations Examples
- AI Prompt Analyzer & Rewriter
- AI Configuration Considerations & Limitations
- Understanding AI Behaviour & Realistic Use Cases
- Understanding the Full Prompt Display
- AI Configuration Security & Data Privacy (You are here!)
- AI Configurations FAQ
Overview
Akeneo is committed to protecting your data privacy and maintaining the highest standards of security in every AI-powered feature.
All product information processed by Akeneo's AI Configuration features — including content generation, translation, and rephrasing — is handled securely through a dedicated AI gateway. Your data is never used to train AI models, never shared with third parties, and never stored after processing.
This page explains how your data flows through Akeneo's AI systems, what information is shared with the AI provider, and how you can safely use these features while complying with your internal governance policies.
AI providers used by Akeneo
Akeneo AI Configurations route requests through a secure AI gateway. The provider that processes your data depends on your setup:
| Setup | AI provider | Account relationship |
|---|---|---|
| Default (no BYOK add-on) | OpenAI (via Akeneo's enterprise agreement) | Akeneo manages the account and API keys |
| BYOK — OpenAI models | OpenAI | You provide and manage your own API key |
| BYOK — Anthropic models | Anthropic | You provide and manage your own API key |
The Bring Your Own Key (BYOK) add-on is a paid feature that lets you choose a specific AI model and connect your own API key. If you do not have the add-on, all Configurations use the Akeneo-managed default model (currently GPT 4.1 Mini). See AI Configuration Overview for the full list of supported models.
How data is processed
When you use an AI Configuration feature in Akeneo PIM — such as Generate with AI, Translate — the PIM temporarily sends specific product data and the related prompt to the AI provider's API for processing.
Once the AI model returns a response, the data is immediately discarded from the AI provider's systems. It is stored only within Akeneo PIM if you choose to save the result.
Key principles
- All data is transmitted over encrypted channels (HTTPS / TLS 1.2+).
- AI providers maintain no data retention — nothing is logged or reused for model training.
- Akeneo's AI integration is designed for stateless processing — each generation is a separate, temporary request.
- Only the minimum required information is sent to generate the result.
API key storage and handling (BYOK)
When you enter an API key in an AI Configuration:
- The key is encrypted at rest on the Akeneo platform.
- After saving, the key is never displayed in full — only a masked placeholder ("••••••••") is shown in the UI.
- The key is transmitted to the AI provider only at execution time, through a secure internal gateway.
- If you change the selected model, the stored API key is automatically cleared.
When using the BYOK add-on with your own API key, data processing is governed by your agreement with the provider (OpenAI or Anthropic). Ensure your provider account has appropriate data handling terms in place for your organization's requirements.
Information shared with the AI provider
The data shared depends on the action you're performing. The table below summarizes what Akeneo PIM sends for each type of AI Configuration operation.
| Use case | Data shared | Description |
|---|---|---|
| Content generation | Product name, selected Attribute values, Locale, prompt | Required to generate new text or values from your PIM data. |
| Translation | Source Locale, target Locale, value to translate, prompt | Used to produce accurate translations following your tone of voice. |
| Rephrasing | Value to rephrase, type of rephrasing | Used for text cleanup or tone adjustments. |
| Prompt analysis (AI Prompt Optimizer and Rewriter) | The prompt text itself, and all AI Configuration settings | Used to evaluate clarity, tone, and Attribute relevance based on C.R.A.F.T.+R. |
Akeneo does not send any customer-identifying metadata, such as company names, user details, or PIM environment information. If you include brand names or sensitive data directly in a prompt, they are visible to the AI model temporarily during that request only.
Only the data explicitly configured in the AI Configuration is shared. Akeneo does not send your entire catalog or unrelated product data.
Provider-specific considerations
OpenAI
- Default setup: uses Akeneo's enterprise OpenAI agreement with zero data retention and no model training.
- BYOK setup: uses your own API key. Review OpenAI's API data usage policies and ensure your organization has the appropriate plan (e.g., Enterprise or API tier with zero retention).
Anthropic
- Available only through the BYOK add-on.
- Review Anthropic's usage policies and ensure your organization has the appropriate plan and terms in place.
Additional security measures
To ensure the integrity and confidentiality of your data, Akeneo implements the following controls:
- End-to-end encryption for all data transfers
- Zero data retention by AI providers (both OpenAI and Anthropic)
- No third-party integrations outside the secured environment
- Encrypted API key storage for BYOK customer keys
- Access control by user role and permissions
- Regular security audits across all Akeneo systems
AI-related actions — such as prompt analysis or content generation — are logged internally for observability, without exposing sensitive content.
Customer responsibilities and recommendations
While Akeneo protects your data at every stage, responsible usage also depends on your internal governance. To maintain compliance and control, follow these best practices:
- Avoid including confidential data in prompts. Don't add sensitive internal information — such as financial figures, employee data, or proprietary source material — inside your prompts.
- Review generated content before publishing. Use Workflows or internal approval processes to validate content accuracy, tone, and compliance before release.
- Control user permissions. Ensure only trusted users have access to AI features or the ability to create AI Configurations.
- Follow internal data protection policies. Align Akeneo PIM usage with your company's GDPR, SOC2, or other compliance frameworks.
- Document your configurations. Keep a record of prompts, their purposes, and associated Attributes for transparency and audits.
- Manage your API keys (BYOK). Keep them active, rotate them as needed, and monitor usage through your provider's dashboard.
- Evaluate provider terms (BYOK). When using the BYOK add-on, the data processing agreement is between you and the AI provider. Ensure it meets your organization's requirements.
- Monitor costs (BYOK). BYOK usage is billed directly by your AI provider. Akeneo does not provide built-in usage dashboards for BYOK models at this time.
Frequently asked questions
Is my data used to train AI models? No. Under both the default Akeneo-managed setup and the BYOK add-on, product data is not used to train, fine-tune, or improve AI models.
Can I request deletion of all AI processing data? AI providers retain no data after processing. Akeneo PIM stores only the resulting values you choose to save.
Can administrators restrict AI access? Yes. Role-based permissions can limit which users can view, create, or execute AI Configurations in Akeneo PIM.
Does Akeneo review customer prompts or generated content? No. All AI processing is automated and isolated. Akeneo teams do not view or access customer data or prompts.
Can I use different API keys for different Configurations? Yes. Each AI Configuration stores its own model selection and API key independently. You can use different providers and keys across Configurations.
What happens if my API key expires or is revoked? Any AI Configuration using that key will fail at execution time. There is no automatic fallback to the Akeneo-managed model. Update the API key in the affected Configuration(s) to resume.
Who in my organization can see the API key? Once saved, the API key is masked in the UI and cannot be retrieved. Only users with permission to edit AI Configurations can replace the key with a new one.
Next steps
- Creating & Managing AI Configurations — learn how to select a model and enter your API key.
- AI Configuration considerations and limitations — review BYOK-specific constraints and model behavior differences.
- AI Configurations FAQ — quick answers to common data and usage queries.