Privacy & Data Protection Policy

Enterprise-grade data protection commitment designed for business clients, ensuring the highest level of security for your business data and AI project information

Last Updated: January 2025
Version: 2.0

Service Scope & Confidentiality Commitment

AIRAI Technology specializes in providing AI automation solutions for SMEs. We understand the importance of business data and commit to protecting client project data, trade secrets, and intellectual property with the highest standards.

Core Principles

  • • Data minimization
  • • Project data isolation
  • • Strict access control
  • • Transparent processing

Our Commitments

  • • Follow Taiwan data protection laws
  • • Sign NDA agreements
  • • Regular internal security reviews
  • • Continuous security improvements

Business Data Collection & Classification

Business Collaboration Data

Company Information

  • • Company name & registration
  • • Contact person details
  • • Industry category
  • • Company size

Project Requirements

  • • Business process description
  • • System architecture info
  • • Technical specifications
  • • Expected goals & KPIs

Project Execution Data

  • • API keys & credentials
  • • Test datasets
  • • System logs
  • • Performance metrics

Data Classification Management

Confidential

Trade secrets, source code, API keys

Internal

Project docs, test data, meeting notes

Public

Company info, product specs, marketing

AI Project Data Processing Principles

Data Processing Commitment

Important Notice: Client project data will NEVER be used to train general AI models or for cross-project purposes

  • ✓ Complete project data isolation in independent environments
  • ✓ Client data used exclusively for specific project objectives
  • ✓ Data deleted or returned according to contract terms after project completion
  • ✓ Client data never used to improve our general services

AI Model Processing

  • Fine-tuning: Uses only authorized client data
  • Vector databases: Project-specific deployment
  • Prompt engineering: No other client information
  • Test data: De-identified processing
  • Model outputs: Client exclusive ownership

Usage Restrictions

  • Purpose: Limited to contracted project scope
  • Time: Used within project period only
  • Personnel: Authorized team members only
  • Location: Data stays within agreed regions
  • Sharing: No third-party sharing without consent

Third-party Services & API Usage

AI Service Providers

We use industry-leading AI services with Data Processing Agreements (DPA) for all third-party services

Primary AI Services

  • OpenAI API

    • Enterprise agreement, data not used for training

  • Claude (Anthropic)

    • Privacy-first design, no data retention

  • Azure AI Services

    • Enterprise compliance, regional data centers

Infrastructure Services

  • Google Cloud Platform

    • Regional data centers, ISO certified

  • AWS

    • Enterprise-grade security, compliance certified

  • Vercel/Netlify

    • Frontend hosting, global CDN

Important: All third-party service usage will be disclosed to clients in advance with explicit consent. Clients may request specific service providers or private deployment solutions.

Enterprise-grade Security Measures

Technical Protection Measures

Data Encryption

  • • AES-256 encryption at rest
  • • TLS 1.3 in transit
  • • End-to-end encryption

Infrastructure

  • • Firewall & DDoS protection
  • • Containerized isolation
  • • Automated backup & DR

Access Control

  • • Multi-factor authentication
  • • Role-based access control
  • • API key management

Administrative Protection Measures

Personnel Management

  • • All staff sign NDAs
  • • Regular security training
  • • Principle of least privilege
  • • Background checks

Audit & Monitoring

  • • 24/7 system monitoring
  • • Access logging
  • • Regular security audits
  • • Anomaly detection

Data Retention & Deletion Policy

Data Lifecycle Management

1

Project Execution Period

Data encrypted and stored in project-specific environment with regular backups

2

30 Days Post-Project

Data export service provided, ensuring client receives all deliverables

3

Retention Period Expiry

Unless otherwise agreed, project data automatically deleted after 6 months

4

Complete Deletion

Secure deletion methods ensuring data is unrecoverable

Retention Exceptions

  • • Legal retention requirements
  • • Litigation hold needs
  • • Client-requested extensions
  • • Service maintenance needs

Client Rights

  • • Request data copy anytime
  • • Request early deletion
  • • Deletion confirmation certificate
  • • Data portability rights

Client Rights & Guarantees

Your Data Control Rights

As our enterprise client, you have complete control and ownership of project data

Data Access Rights

  • • Real-time project data viewing
  • • Download complete data copies
  • • Access processing records
  • • View usage reports

Data Control Rights

  • • Correct inaccurate data
  • • Restrict processing scope
  • • Request processing cessation
  • • Revoke usage authorization

Transparency Guarantees

  • • Understand data processing methods
  • • Request security explanations
  • • Obtain processing records
  • • Specify data storage locations

Intellectual Property Declaration

All data provided by clients and models/results generated belong entirely to the client. We claim no ownership rights and will assist clients in protecting their intellectual property.

Security Incident Response Mechanism

Incident Notification Process

0-2 hrs

Internal assessment and initial containment

2-24 hrs

Notify affected clients with preliminary report

24-72 hrs

Complete investigation report and remediation measures

7 days

Improvement measures and prevention plan

Client Protection Measures

  • • Immediate affected service suspension
  • • Alternative solution provision
  • • Damage assessment assistance
  • • Active remediation efforts

Emergency Contact

  • • 24/7 emergency hotline
  • • Dedicated incident manager
  • • Real-time status updates
  • • Legal support assistance