Meet Poppy: California’s Digital Assistant
Built by state staff for state staff
Poppy is CDT’s secure, GenAI platform, built by state staff for state staff. Poppy helps state employees at all levels leverage Gen AI to in everyday work with less friction and more confidence. Because Poppy is centrally-managed by CDT, your inputs and prompts shared with Poppy stays in the State’s hands, supporting privacy, accountability, and public trust.
Vendor agnostic
Poppy is vendor agnostic and allows you to access multiple leading AI models in one place. This allows you to explore and select the best tool for your needs, and compare results side-by-side.
Security, compliance, and integration
Unlike many commercial tools, departments do not have to separately configure security, compliance, and integration requirements – Poppy includes these service capabilities up front, reducing implementation time and staff burden.
Poppy evolves
The GenAI landscape changes fast, but with Poppy you do not have to worry about falling behind. Under CDT governance, upgraded models are regularly rolled out, so the service and technology keeps improving while staying reliable and secure for departments statewide.
What you can do with Poppy*
Expedite digital tasks
Draft content, summarize research, analyze datasets, and more (with human review).
Build and integrate
Get help with code and documentation, and integrate Poppy into existing tools and systems that support state work using familiar standards (including an OpenAI compatible API).
Streamline repeat work
Ability to save prompts, while keeping teams organized with Workspaces and shared knowledge (where configured).
Model results comparison
Choose the best response for your audience and task.
*Always review and verify outputs before using them in decisions or final materials.
Benefits at a glance
Ready day one
Security and compliance are built in (no hidden setup).
Grounded in trusted CA sources
Web search focuses on *.ca.gov and uses trusted CA.gov and public datasets.
Trust & security
- SIMM 140 compliant
- No installation required (Browser-based)
- Single Sign On (SSO)
- No model training
- State infrastructure (CDT-managed cloud)
- Encrypted in transit (HTTPS) and at rest
- Cal-Secure aligned
Choose the best model
Vendor agnostic access to leading models, with side-by-side comparison.
Built for teams
Use Workspaces to organize work, control access, and share reusable prompts and knowledge.
How can Poppy assist you?
Poppy supports a broad range of business functions. Discover practical ways Poppy streamlines your daily work, enhances productivity, and supports your business goals across state government.
User role and Poppy use & benefits
| User role | User role examples | Examples of Poppy use & benefits |
|---|---|---|
| Senior Staff |
|
|
| Data Specialists |
|
|
| IT Security Specialists |
|
|
| Developers |
|
|
| Analysts |
|
|
| Program Staff |
|
|
| HR/Administrative |
|
|
| Procurement & Finance |
|
|
Rates
Departments may choose either a pay-per-user (PPU) option or a department-level committed capacity tier.
Option 1: Pay-per-user (PPU)
Departments pay a flat monthly rate per authorized user ($8 per user per month). This option is best when you want predictable costs based on a defined user count.
Option 2: Department committed capacity tier
Departments subscribe to a fixed monthly capacity tier. This option provides access to a shared usage pool available to all authorized users within the department, with usage dynamically distributed across users rather than assigned per license. Departments can adjust tiers over time as adoption changes.
Committed Capacity Tiers (monthly)
- Tier 1: $7,500/month
- Tier 2: $10,000/month
- Tier 3: $15,000/month
- Tier 4: $20,000/month
- Tier 5: $25,000/month
- Tier 6: $35,000/month
- Tier 7: $50,000/month
Overage rules (applies to both options)
Each subscription option includes an applicable monthly capacity threshold (which varies by option and, for committed capacity, by tier). If usage exceeds the applicable threshold, the department is subject to a 2.79% pass through applied to compute costs.
Subscription Terms:
Poppy subscriptions (including upgrades and downgrades) will start on the first (1st) day of the month following your request. Billing is monthly – each subscription tier has a fixed fee covering the entire calendar month.
Exceptions:
- If you add users to a Pay-Per-User (PPU) subscription and want them active before the 1st of the next month, you will pay for the entire month for those users, no matter when they are activated.
- If you request a change in your subscription tier (upgrade or downgrade) to be effective before the 1st of the next month, you will pay the full monthly fee for that tier for the current month.
- There are no partial-month discounts, credits, or fee reductions for users, services, or tier changes that become active after the monthly cycle has begun. All billing is for the full month, regardless of activation date.
Request service
New standard subscription or new tier
| Step | What you do | How / Where |
|---|---|---|
| 1 | Start discovery session (optional) | Contact your CDT Account Lead to schedule a collaborative conversation with a CDT expert about your goals, constraints, and priorities to identify the right path forward. |
| 1a | Or schedule a demo (optional) | A demo can be scheduled via the Poppy: California’s Digital Assistant Case/Request in the CDT IT Service Portal. |
| 2 | Complete the Poppy User List | Include users approved by your Agency Information Officer or Department’s Chief Information Officer. Attach it to the Case/Request. |
| 3 | Submit request | Submit one (1) Poppy: California’s Digital Assistant Case/Request for your state entity in the CDT IT Service Portal. The Case must be submitted by the state entity’s AIO or department CIO, or they must be an approver of the request, if submitted by someone other than the aforementioned. |
| 4 | Review the Terms of Service (TOS) for Poppy | Use Poppy securely and confidently. |
| 5 | Onboard and start using Poppy | Upon receipt of your email notification, sign in via single sign on (SSO) and follow onboarding guidance. |
| 6 | Share your feedback | Help measure Poppy’s impact on your business outcomes and contribute to continuous improvement for all state employees. |
New dedicated Poppy environment – COMING SOON!
| Step | What you do | How / Where |
|---|---|---|
| 1 | Start discovery session | Before submitting your request for this option, you must attend a Discovery meeting; else your request may be cancelled. Contact your CDT Account Lead to schedule a collaborative conversation with a CDT expert about your goals, constraints, and priorities to identify the right path forward. |
| 2 | Complete the Poppy User List | Include users approved by your Agency Information Officer or Department’s Chief Information Officer. Attach it to the Case/Request. |
| 3 | Submit request | After your discovery session, submit one (1) Poppy: California’s Digital Assistant Case/Request for your state entity in the CDT IT Service Portal. The Case must be submitted by the state entity’s AIO or department CIO, or they must be an approver of the request, if submitted by someone other than the aforementioned. |
| 4 | Attend a design session | Your CDT Account Lead will schedule a design session to confirm scope and requirements. |
| 5 | Build & receive your dedicated Poppy | CDT will build, implement, then deliver your secure dedicated Poppy environment. |
| 6 | Same as "New Standard..." steps 4 - 6 | Review the Terms of Service for Poppy, onboard, and share your feedback. |
Modify: add/delete users, change tiers, or discontinue
| Step | What you do | How / Where |
|---|---|---|
| 1 | Update the Poppy User List | Compile the list of Poppy users approved by your Agency Information Officer or Department’s CIO. Attach it to the Case/Request. |
| 2 | Submit request | Submit one (1) Poppy: California’s Digital Assistant Case/Request for your state entity in the CDT IT Service Portal. The Case must be submitted by the state entity’s AIO or department CIO, or they must be an approver of the request, if submitted by someone other than the aforementioned. |
Consultation and support
| Step | What you do | How / Where |
|---|---|---|
| 1 | Start discovery session | Contact your CDT Account Lead to schedule a collaborative conversation with a CDT expert about your goals, constraints, and priorities to identify the right path forward. |
| 2 | Submit request | Submit one (1) Case/Request for your state entity via Professional Services Case/Request in the CDT IT Service Portal. |
| 3 | Meet with CDT | Your CDT Account Lead will coordinate a discussion with you and our Poppy experts. |
Giving you the best version of Poppy
Have a suggestion for a new Poppy feature or function? You can share your ideas, suggestions for improvement, or complete our Feedback Survey in the Poppy header.
Feature request
Suggest a new feature or option.
Report an issue
Notify us about a problem or error.
Limitations and responsible use
Like all generative AI tools, Poppy has certain limitations to keep in mind. Here’s how to get the most out of Poppy while using it responsibly.
Poppy can be confidently wrong.
Even when an answer sounds right, it may be incomplete or incorrect. Always review and verify outputs before using them in decisions or final materials, especially for official guidance.
Results can change based on wording and retries.
Small changes to how you ask a question—or running the same prompt again—can produce different answers. If results aren’t useful, try rephrasing, adding context, or comparing responses across models.
Responses may be longer than you need.
Some models may be overly verbose or use repetitive language. You can usually improve this by asking for shorter answers, bullet points, or a specific format, or by switching models.
Poppy may not ask clarifying questions.
If your request is ambiguous, Poppy may guess what you meant. You’ll often get better results by stating your goal, audience, constraints, and desired output format up front.
Guardrails can block or allow content imperfectly.
Poppy uses safety controls intended to block harmful content and restricted data, but no guardrail is perfect – false blocks and misses can happen.
Do not use Poppy for sensitive or restricted data.
Poppy is not intended to process or store sensitive data types, and users are strictly prohibited from entering confidential or sensitive data, including CJIS, PCI, PHI, PII, and FTI. Follow your department policies and the Terms of Service for Poppy.
Terms of Service for Poppy: California's Digital Assistant
For acceptable use and data-handling rules, review the official Poppy Terms of Service.
FAQs
1. How does it improve business outcomes?
Poppy reduces time spent on repetitive computer tasks and can streamline large workloads for teams, freeing up time for them to work on what matters most. It supports safe, compliant operations, while improving operational efficiency and helping teams focus on strategic goals.
2. Is my state entity’s data secure?
Yes, Poppy uses state-compliant technology platforms and robust privacy safeguards. Per the Terms of Service, Poppy may only be used for purposes that (a) support official State businesses, (b) are authorized under State entity’s Acceptable Use Policy (AUP) and (c) are not otherwise prohibited under this TOU. Types of official use may include:
- Accessing and retrieving state entity-specific information, policies, and procedures.
- Receiving assistance with routine tasks and workflows (e.g., FAQs, scheduling, document retrieval).
- Drafting internal content.
- Navigating internal systems or public services.
- Supporting productivity and operational efficiency.
- Engaging in professional, respectful, and constructive communication.
NOTE: Please review the Terms of Use for Poppy for additional information on the use of Poppy including limitations on data input, prohibited use, and other requirements.
3. Will my uploaded data be used to train the AI models?
No. A key feature of Poppy is that your data remains under state control and is not used to train external commercial models. The minimal data required for a query is sent to the LLM via API, but the API provider is contracted not to retain or use this data for model training.
4. Where can I get more information or support?
Contact your CDT Account Lead or visit the Poppy: California’s Digital Assistant website.
5. Will I need to complete a 5305-F to use Poppy?
No.
6. Who do I contact for technical issues?
Please follow the standard procedure for submitting incidents. Select “Poppy: CA’s Digital Assistant” in the system options dropdown, or contact the CDT Service Desk at (916) 464-4311, or submit a ticket via the CDT IT Services Portal.
7. What browsers and devices are supported?
Chrome, Edge, Firefox have all been used and tested. But please provide any feedback if issues are seen.
8. How do I get started with Poppy?
New to Poppy or interested in exploring its features? Poppy is here to help you learn how to use its tools, with example prompts and step-by-step instructions for common actions. Not sure how to phrase your question? Poppy will suggest sample questions to help you get started. “What should I do if Poppy gives me an answer I’m not sure about?”
Here are a few sample prompts you can try:
- “What should I do if I’m unsure about Poppy’s answer?”
- “How can I verify the accuracy of Poppy’s responses?”
- “Show me how to create and save custom prompts in LiteLLM.”
- “How do I share my custom model or knowledge base with my team?”
Feel free to ask Poppy anything—just start typing your question!
9. How is CDT ensuring that Poppy is not being used for unacceptable use cases?
If you enter PHI, PCI, CJIS, etc., it will be scrubbed.
Poppy is not intended to process or store sensitive data types. In addition to complying with Poppy’s Terms of Use, users are responsible for following their department’s relevant policies, including those related to acceptable use, privacy, disclosure, and data governance. Users must also adhere to applicable state policies outlined in the State Administrative Manual (SAM), the Statewide Information Management Manual (SIMM), and the Information Practices Act. Users are strictly prohibited from entering any confidential or sensitive data into Poppy.
Prohibited data types include:
- Criminal Justice Information (CJIS)
- Payment Card Data (PCI DSS)
- Protected Health Information (PHI)
- Personally Identifiable Information (PII
- Federal Tax Information (FTI)
10. Is there any training on how I can use Poppy?
Check out the Poppy FAQs model (selected from the Poppy drop-down menu) to start a conversation and get answers to common questions about using Poppy. The Poppy FAQs model contains useful guidance and links to resources like the User Guide. If you need additional help, feel free to ask more specific questions within that model.
References
California’s GenAI Executive Order N-12-23
SIMM 140
If you have questions
Your CDT Account Lead can assist with business alignment, while the CDT Service Desk remains your first stop for technical support needs.