User data usage policy for Now Assist

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of User data usage policy for Now Assist

    Now Assist prioritizes the security and privacy of user data while delivering AI capabilities within the ServiceNow platform. It uses secure transmission and isolated processing environments to ensure your data remains protected during AI workload processing. Additionally, customers have control options to mask sensitive data or opt out of data sharing that supports model improvements.

    Show full answer Show less

    Data Transmission and Storage

    • AI requests are securely sent from your ServiceNow instance to dedicated compute hubs using TLS 1.2 encryption.
    • Data is processed transiently in these centralized datacenters equipped with GPUs, with input and output data deleted immediately after response generation.
    • There is no data commingling between customers or across domain-separated instances when using Generative AI services.
    • ServiceNow may augment Now Assist capabilities using third-party services like Azure OpenAI, but such data remains within ServiceNow’s network boundary and is not accessed by third parties.
    • During peak demand, ServiceNow might use Azure-hosted GPUs for capacity bursting without compromising data security.

    Masking Sensitive Data

    • Customers can enable a plugin to mask sensitive data before it is sent to large language models (LLMs), enhancing data privacy.
    • This masking protects sensitive content from being included in AI prompts but may reduce the accuracy of AI-generated results.
    • Note that this masking does not affect sensitive data already stored in your instance or prevent new sensitive data from being saved there.

    Data Access Control with Retrieval Augmented Generation (RAG)

    • For some AI features like AI Search, the system only sends data to the LLM that the user is authorized to access, maintaining access controls.
    • Agents generating summaries should ensure that any shared information in work notes is appropriate for all users with access to the record, as permissions may vary.

    Opting Out of Data Sharing

    • ServiceNow uses customer data sharing to continuously improve Now LLM models based on usage patterns.
    • Customers who prefer not to participate in this data-sharing program can opt out following provided instructions.

    Now Assist is designed to keep user data safe and secure. You can also mask sensitive data or opt-out of sharing data for model improvements.

    How your data is sent and stored

    Your AI workloads are securely sent using Transport Layer Security (TLS) 1.2 from your ServiceNow instance to one of three centralized ServiceNow compute hubs (datacenters with GPUs for AI workloads), where the AI prediction processing takes place. The data used to generate the response is deleted from the compute hubs after the response has been generated. The result is then returned to the ServiceNow instance.

    The input and output data isn’t cached or stored on the compute hub and is transient.

    Your data isn’t commingled with other customer data when using Now LLM Service for generative AI.

    Also, there’s no commingling of data for domain-separated instances when you use Generative AI services.

    When appropriate, ServiceNow might leverage third-party endpoint services (for example Azure OpenAI Service) to augment Now LLM Service to power Now Assist capabilities. Azure OpenAI is a third-party model, but policies same as the company's, apply, as it's hosted in our compute hubs.

    Further, to confirm quality of service, ServiceNow might use Azure-hosted GPUs for Now LLM Service capacity bursting in case of high customer demand. Data processed by third-party endpoints isn’t subject to use or access by third-party providers and are operated within the ServiceNow network boundary.

    Mask sensitive data

    Sensitive data can be masked before sending it to LLMs using Now Assist for Data Privacy. To learn more, see Configuring Data Privacy for Now Assist.

    After you enable the plugin, it’s designed to mask sensitive data before it’s sent to the LLM, but could result in less accurate results because the specific data isn’t included within the prompt.
    Note:
    This plugin, within the context of generative AI products, doesn’t mask the sensitive data that exists in records within your instance, nor does it help prevent new sensitive data from being stored on the instance itself.
    ServiceNow might use Retrieval Augmented Generation (RAG) for selected AI features (for example NowAssist for AI Search) and passes information to the LLM based on what the requester can access within the system. If a user searches for something in the portal using Now Assist in AI Search, AI Search finds the article and then sends that to the LLM as a part of the prompt. Because AI Search knows what the user has access to, it won't send an article that the user isn't able to access.
    Note:
    For some features, such as case summarization, the agent generating the summary might have more permissions than other people who have access to the record. If they choose to paste that summary to the work notes, the agent should check to confirm that the data they're sharing in the work notes is appropriate to share with others who have access to that record.

    Opt out of data sharing

    Data Sharing helps ServiceNow to continuously advance and improve its Now LLMs, based on the latest customer usage. If you no longer want to participate in the customer data-sharing program, you’re able to opt out.

    To opt out, follow the instructions in Opt out of data sharing for Now Assist.