Managing security with Assist
Understand how Assist interacts with your data and LLMs.
| Assist Availability | |||
|---|---|---|---|
| Cloud | Public beta | ||
| Self-hosted Edge 3.283 or later | Public beta | ||
| Self-hosted Stable 3.284 or later | Public beta | ||
When working with an LLM, you may want to be aware of how Retool and LLM providers use your data. This page outlines how your data is handled when you use Assist.
For more information, refer to the Assist Beta Terms.
What Retool sends to LLMs
In order to create and edit apps that securely use your real data, Retool sends your resource schemas (such as table names and column names) to LLM providers to help Assist understand the available data, and generate resource queries.
The outputs of your queries are also sent to LLMs. Assist needs this information to understand data, format responses, and construct transformers or JavaScript queries. Humans often use the same process, by using read or GET requests to understand the structure of their data.
Assist only has access to the resources that you explicitly provide access to through the Resource Access list, and Assist will always ask you for permission before writing a query against a resource.
Data storage, routing, and training
The following tables outline key details of Retool’s AI data storage and usage policies and practices based on your hosting option and API key strategy.
- Cloud instances
- Self-hosted instances
| API key | Internal database storage | Observability | API call routing | Training LLM models |
|---|---|---|---|---|
| Retool-managed key | Retool securely stores your prompts in an internal database, which is required for the feature to function. | Retool securely stores your prompts with a third-party observability provider for QA and debugging. | API calls are routed through Retool’s managed infrastructure. | Retool does not use prompts to train or fine-tune internal models and does not permit external LLM providers to do so. More information. |
| Use your own key (Enterprise only) | Retool securely stores your prompts in an internal database, which is required for the feature to function. | Retool does not store prompts from Enterprise organizations with an observability provider. | API calls are routed through Retool’s managed infrastructure, but are sent to the LLM provider with your own key. | Usage of your data depends on your negotiated agreement with the LLM provider. |
| API key | Internal database storage | Observability | API call routing | Training LLM models |
|---|---|---|---|---|
| Retool-managed key | Prompts are stored in your platform database, and Retool does not have access to them. | Retool does not store prompts with an observability provider. | API calls are routed through an online proxy (OPENAI_PROXY_HOST) and sent to the LLM provider using Retool-managed keys. | Retool does not use prompts to train or fine-tune internal models and does not permit external LLM providers to do so. More information. |
| Use your own key (Enterprise only) | Prompts are stored in your platform database, and Retool does not have access to them. | Retool does not store prompts with an observability provider. | API calls are sent from your instance to the LLM provider and bypass Retool’s managed infrastructure. | Usage of your data depends on your negotiated agreement with the LLM provider. |
API key permission level
If you are using your own key with Assist, Retool requires the following permission levels, depending on your provider.
OpenAI
For more information, refer to the OpenAI documentation.
| Capability | Permission level |
|---|---|
| List models | Read |
| Model capabilities | Request |
| Responses | Write |
| Text-to-speech | Request |
| Realtime | Request |
| Chat completions | Request |
| Images | Request |
Anthropic
Anthropic keys don’t have fine-grained scopes, so Retool has no additional requirements.
Limiting Assist usage
To enable Assist, the Retool AI and Assist Tab settings must be toggled on from the Settings > AI page. These are organization-wide settings and apply to all users. It is not currently possible to scope AI or Assist usage to a subset of users in your organization.
However, Enterprise plan users can isolate Assist usage to a single space. Each space has its own user accounts, permission groups, and settings. Therefore, an admin could disable Assist in the admin space, but enable it in another space, and only users invited to that space would have access. Learn more about spaces.