Trunk Tools announces $40M Series B

FAQ: Data Security and Privacy

Your Data in Trunk Tools

  • We only use your data to train our models if you give us explicit written permission to do so. The data from customers who give us this permission is deidentified and used exclusively for training our AI “brain” to better understand your structured and unstructured data in the pre-processing phase. Nothing specific to any customer or project is accessible to any other customer or project.
  • Further, none of our training is automatic / autonomous. We have found that autonomous training does not capture the nuance of construction-specific workflows. All training of our models is done intentionally with oversight by construction industry subject matter experts to ensure we meet the needs of our customers.
  • Training on construction-specific data is what allows us to offer exceptional value to our customers. Without real data and documents from the field, Trunk Tools could not adequately understand industry-specific questions/queries and operate workflows such as a comparison of submittals against specs, or detecting changes from one set of drawings to another. If you attempted any of these workflows in foundational LLMs like ChatGPT, you would be sorely disappointed with the results and your data would not be private unless you were on a paid enterprise account.
  • A few examples of the types of training we do on data from the field include the model’s ability to recognize types of construction documents based on the type of content contained in their PDFs (i.e. specification vs. submittal, product data submittal vs operations & maintenance manual submittal, RFI vs. CO) and object detection (room boundaries and tags, doors, sinks, toilets, staircases).
  • We have also invested significantly in training the models to recognize the implicit relationship between different types of documents and information. We call this our “knowledge graph.” E.g. How do RFIs relate to submittals? How might a bulletin relate to a change order request? How does a rejected submittal impact the project schedule? This is an area we continue to work on in order to make these implicit relationships and their second and third-order effects explicit.
  • Absolutely. Every customer has the right to restrict their anonymized aggregate project data from being used to further train our AI models. We only leverage this anonymized data when given explicit written permission by our customers.
  • Anything you explicitly give your Trunk Tools project permission to use (via integration, manual upload, or information you directly type into TrunkText). We have intentionally designed each project as a sealed box that only you can open to share more information. During your integration setup, you specify which documents and modules are synced between your project management and/or document management system(s) and Trunk Tools so that our models and agents will be able to read and respond intelligently.

Data Security and Privacy

  • If you give us explicit permission in writing to train our models on your deidentified aggregate data, you have our guarantee that no specific information from your project is accessible to another company’s project. No proprietary or confidential information, data, processes, responses, or question/queries are transferred between any two projects. Each project is logically separated and closed from every other project in our platform.
  • For example, RFIs on one of your projects might help further train our models to recognize (a) that a document is an RFI rather than some other type of construction document and (b) what type of content is in an RFI, but we will never share (c) the actual contents of your RFIs outside of the context of your project.
  • Certifications and Compliance: Trunk Tools adheres to strict data privacy policies and complies with relevant legal and regulatory standards to ensure data protection. We maintain SOC 2 Type II compliance, which ensures robust security and data privacy practices. This certification covers various aspects of security, availability, processing integrity, confidentiality, and privacy. Additionally, Trunk Tools maintains compliance with relevant data protection laws such as CCPA and CPRA, and continuously monitors regulatory changes to address legal requirements.
  • Security Measures: Trunk Tools has also implemented comprehensive security measures to safeguard confidential project data. These include encryption of data at rest and in transit, access controls based on job roles, and regular vulnerability scanning. The AI system undergoes regular audits to ensure compliance with data protection policies.
  • Clean History: Our company and products have not experienced any data leaks or other security issues. We continuously implement robust security protocols to ensure the integrity and safety of our systems.
  • Our Data Policy: Trunk Tools has developed a comprehensive data policy that addresses the privacy and protection of sensitive information processed by AI. This includes a formal privacy program, policies for preserving privacy and protecting PII, and a data governance program. These measures ensure compliance with data protection laws and standards, safeguarding sensitive information effectively.
  • Human Governance: Trunk Tools has established an AI Governance Committee responsible for overseeing AI systems, ensuring compliance with legal and regulatory requirements, and maintaining AI system inventories. Regular audits and assessments are conducted to ensure transparency, fairness, and accountability.

Trunk Tools vs Other LLMs

  • Foundational LLMs are not trained with a high level of specificity for any given industry. We’ve found through rigorous testing that LLMs like ChatGPT do not understand the nuances of construction data and regularly return unsatisfactory answers to queries coming from construction field teams. They are even less likely to appropriately manage agentic construction-specific workflows that save time, detect discrepancies, mitigate risk, and protect you from rework. Trunk Tools is built on deep knowledge of construction data and intentionally trained by industry experts with decades of experience in the field.

  • Beyond our proprietary models, we do leverage the newest and best technology from multiple LLMs in proprietary sequences in order to maximize the value our customers get out of our platform. Given the billions of dollars of investment poured into making these LLMs increasingly useful, we want to ensure our customers can benefit from these tools where they augment our construction-specific models.

  • Absolutely not. Third-party LLMs only have access to your data momentarily to generate the response or vectorize the data, but the data is not retained. We have enterprise agreements with all third-party LLMs we use including security and privacy standards that we insist on (i.e. Zero Day Retention). As such, your data is never used to train their platforms.

Trunk Tools vs Other “Agents”

  • First, it is important to note that the word “agent” is often used to describe augmented workflows of various degrees of autonomy. A “custom agent” created by thorough human prompting that, for example, aggregates up-to-date information in a report for the purposes of an owner-architect-contractor meeting is only as useful as the human-provided prompts that guide it. By comparison, fully automated agents execute time-intensive tasks that humans have typically been responsible for in a fraction of the time and with a much greater likelihood of detecting issues, discrepancies, or missing information. For example, our TrunkSubmittal agent detects when a new submittal is uploaded into Procore or Autodesk, autonomously reviews the submittal against the relevant spec section, and generates a list of items that are compliant, partially compliant, or non-compliant. It even drafts communication to subcontractors whose submittals are marked as partially compliant or non-compliant. A human can review these findings for accuracy and take action, but the overall review time is dramatically reduced with this type of agent.

  • Second, knowing that properly prompting a custom agent, or building a fully autonomous agentic workflow, requires time and significant effort to build, Trunk Tools does not expect our end users to build agents themselves. In addition to our off-the-shelf agents like TrunkText (a Q&A agent for your construction documents), TrunkSubmittal (a submittal review agent), and TrunkReview (a drawing revision discrepancy detection agent), our implementation and customer success teams will work with you during onboarding to understand where you might benefit from custom agents and we quickly build and deploy these on your behalf so you can focus on building.

Login