A.I. Privacy and Data Security Policy

Introduction

We are aware of the unique privacy and security challenges presented by artificial intelligence technologies. Our AI Privacy and Data Security Policy reflects our dedicated approach to addressing these challenges, ensuring that the AI data we handle is managed with the highest standards of care and confidentiality. This policy outlines our commitments and practices regarding the collection, use, protection, and sharing of AI data, aiming to foster transparency and trust as we develop and deploy AI solutions.

Definitions

In this policy, we use the following AI-specific terms to ensure clarity and precision:

• AI Data: Data collected and used specifically for the development, training, and operation of AI systems, including both structured and unstructured data types.
• AI Models: Algorithms developed to perform tasks by processing data and making decisions based on that data, including machine learning models and neural networks.
• Training Data: Data sets used to train AI models to perform tasks accurately by learning from examples.
• Inference Data: Data that is input into an AI model to make predictions or decisions after the model has been trained.
• Anonymization: The process of transforming personal data in such a way that the individual is not or no longer identifiable.
• Data Controller: The entity that determines the purposes and means of the processing of personal data within the context of AI.
• Data Processor: Any natural or legal person who processes the data on behalf of the Data Controller, specifically in relation to AI operations.

Data Collection in AI

We are committed to ensuring the integrity and privacy of data used in our AI operations. Here is how we approach data collection for AI:

• Types of Data Collected: We collect inference data, which users provide in real-time to interact with our AI models. This data helps in delivering the intended functionalities of our AI-powered tools.
• Methods of Collection:
  • Direct Collection: Data is collected directly from users when they interact with our AI services. This includes inputs into our systems and feedback provided during usage.
  • Indirect Collection: We gather data on how users interact with our services to improve system functionality and user experience.
  • Third-party Sources: We may use data from external sources to enhance our AI solutions, ensuring that these sources adhere to stringent data protection standards and privacy laws.
• Purpose of Collection: The collected data is used solely for operating our AI models to provide and enhance services. This includes personalizing user experiences and maintaining the effectiveness of our AI applications. We do not use customer data for training our AI models.

Use of AI Data

The use of AI data is strictly governed by our commitment to ethical AI practices and respect for user privacy:

• Operational Use: AI data is primarily used to operate and maintain the functionality of our AI models. This includes processing inference data to provide accurate responses and insights in real-time during user interactions with our AI-powered tools.
• Improvement and Development: We use insights derived from usage data to improve the accuracy, efficiency, and usability of our AI systems. This helps in optimizing system performance and developing new features that enhance user experience.
• Personalization: Based on user interactions and preferences, we personalize the user experience to make our AI tools more relevant and effective for individual needs.
• Compliance and Security: Data is also used to ensure compliance with applicable laws and regulations, and to enhance the security of our AI systems, protecting them against unauthorized access and threats.
• Ethical Guidelines: All uses of AI data at NinjaCat are aligned with ethical guidelines to ensure fairness, transparency, and accountability in our AI operations.

AI Data Sharing and Disclosure

NinjaCat is highly selective and cautious about sharing AI data, prioritizing user privacy and data security:

• Partnership with OpenAI: We share AI data with OpenAI, our trusted AI service provider. This partnership enables us to leverage advanced AI technologies while upholding our high standards for data privacy.
• Data Processing Agreement (DPA): Our collaboration with OpenAI is governed by a defined Data Processing Agreement (DPA). This agreement ensures that OpenAI handles any shared data according to our specific privacy requirements and in compliance with applicable data protection laws.
• Purpose of Data Sharing: Sharing data with OpenAI allows us to enhance the capabilities of our AI tools and improve user experiences through more sophisticated and responsive AI interactions.
• Security and Compliance: Both NinjaCat and OpenAI commit to implementing robust security measures to protect shared data against unauthorized access, use, or disclosure.
• Legal Requirements: We may disclose AI data to comply with legal obligations, such as responding to lawful requests by public authorities, including to meet national security or law enforcement requirements.

• Transparency: We maintain transparency with our users regarding who their data is shared with and for what purpose. Users are informed through regular updates to our privacy policies and direct communications.

AI Data Security Measures

Protecting the security and integrity of AI data is paramount. We employ a comprehensive array of security measures to safeguard data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: We use state-of-the-art encryption technologies to secure data at rest and in transit. This ensures that data is shielded from unauthorized access and breaches.
• Access Controls: Strict access controls are implemented to limit data access to only authorized personnel who need it to perform their job functions. We regularly audit these controls to maintain their effectiveness.
• Security Training: All employees receive regular security training to ensure they are aware of and comply with our data security policies and practices. This training includes the latest practices for securing AI data and responding to potential security incidents.
• Incident Response: We have a robust incident response plan in place to quickly address any data breaches or security issues. This plan includes procedures for containment, investigation, and mitigation of any potential damage, as well as timely notification to affected parties.
• Regular Audits and Assessments: We conduct regular security audits and risk assessments to identify and address vulnerabilities within our systems and processes, ensuring continuous improvement of our security posture.
• Compliance with Standards: NinjaCat complies with internationally recognized standards and regulations, including GDPR, to ensure that our security measures meet rigorous legal and ethical requirements.

AI Data Retention and Deletion

We adhere to principles of data minimization and purpose limitation in the retention of AI data:

• Retention Period: AI data is retained only as long as necessary to fulfill the specific purposes for which it was collected, as outlined in this policy, or to comply with legal requirements. For instance, data collected to enhance user experience and system functionality is evaluated periodically to determine if it is still necessary.
• Deletion Procedures: Once AI data is no longer necessary for the purposes for which it was collected or once the user requests its deletion, it is securely and permanently erased from our systems. We use methods that ensure the complete destruction of data, preventing any potential recovery or misuse.
• Review and Audit: Retention policies are regularly reviewed and audited to ensure compliance with applicable laws and alignment with best practices in data management and security. Adjustments are made based on changes in legal requirements, technology, and operational needs.
• User Requests for Deletion: Users can request the deletion of their data at any time, and NinjaCat will comply with these requests in a timely manner, subject to any overriding legal obligations to retain the data for audit or compliance purposes.

Changes to the AI Data Policy

Data protection practices must evolve with technological and regulatory changes. Therefore, we may update this AI Data Privacy and Security Policy periodically to reflect changes in our practices, technology, or legal requirements:

• Notification of Changes: Whenever we make significant changes to this policy, we will notify our users through our website and, where appropriate, through direct communication. This ensures that our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
• Effective Date: The top of this policy will always contain the date it went into effect and the date of the most recent revision. Users are encouraged to review the policy periodically to stay informed of any updates.
• Review and Consultation: Prior to implementing significant changes, we may also engage in consultation with stakeholders, including users and privacy experts, to ensure the changes meet all ethical, legal, and operational standards.
• Archiving and Access: Previous versions of our privacy policy will be archived and made available so that users can review historical versions to understand how our data practices have evolved over time.

Contact Information

We welcome any inquiries or concerns you may have regarding our AI Data Privacy and Security Policy or the management of your data:

• Contact Details: For questions about this policy or your data, please contact our Data Protection Officer via email at [email protected].
• Online Support: Additional assistance is available through our support center at www.ninjacat.com/support, where you can find further information and submit support tickets.
• Feedback and Suggestions: Your feedback is crucial to us. Please share your thoughts and suggestions on how we can enhance our data protection practices.