General Security Consideration for IT
AIction solution is a self-service web platform. It does not require any integration with the Enterprise network or with any Enterprise server or cloud services. The user accesses on the web as he/she was accessing Google or other web services from his/her computer.
The customer administrator creates and manages an account inside AIction. This account is accessed only by the enterprise users designated by the administrator (account creator). The account profile will include general information about the enterprise (name, location, type of business, product/services offered and general business information including customer’s website url).
When working on a project, the authorized user will create a session by filling a form, providing data related to a query and obtain results (text, graphic) in the account that can be kept in the user account or downloaded in users own PC/laptop. The entire set of information and data (provided by the user and the results received from Aiction after a query) belongs to enterprise owner of the account. AIction does not share any customer information or data to any third party. The only parties receiving some of this data are the Gen AI platform service providers (e.g. Open AI, Gemini, ...) performing the AI analysis as part of the services provided by AIction.
For convenience, and at the request of some early users, we have implemented a mechanism to store inside the user account information about one session to facilitate re-use at a later session. This info accessed only by our customer (the user) can be deleted at any time.
Payment service providers (e.g. Stripe) are the only other category of 3rd party receiving customer’s payment data to pay for AIction subscription services. The payment processing partners comply strictly to bank and payment network’s data security and privacy rules regarding user card and payment information. AIction does not capture or store any payment card data from the customers.
Note: For some enterprise customers, we are open to have our AIction solution hosted in their own internal cloud and accessed only by their enterprise users: if technically feasible, this option can be considered by the enterprise customer to keep this service entirely under their own control. Please consult with us to explore this option.
GDPR Consideration
Data Usage Transparency:
The customer data is used only for the purpose of delivering AIction services to the customer. This data is not used for any other purposes or shared or monetized with another 3rd party. See note above ‘Security consideration for IT’ for more detail.
Consent:
Enterprise and business users share voluntarily information about their business in order to use AIction services. This information resides in their respective user account. The customer may use and store in their account their end-users contact information (loyalty info such as email, phone number) to communicate with them directly. The customer is always under total control of their account and can update/delete their information at any time without restrictions. AIction will store this info in the customer account with encryption.
Note: AIction customer may communicate via email and/or SMS to their end-customer to share promotional information. This communication is subject to privacy consent as per the rules and regulation from the telecommunication industry. AIction will help these customers review and agree to comply with these requirements through our partner Twilio.
Purpose Limitation:
The customer information and data belong entirely to the customer. AIction does not share it or monetize it with any other party. Only the Gen AI platform providers have partial access to it to perform AI analysis as per the queries submitted by the user. The information and data entered by the customers in their respective account is only used by AIction to provide our services to the customers together with the major Generative AI partners. We do not use customers’ information and data for any other purposes.
Storage Limitation:
Enterprise information and data are stored inside the business account, and remains at all time under the control of the enterprise/business account administrator. The customer can update or delete their information at any time by accessing their account.
Security:
Only the registered and authorized users will access an enterprise account with a secure login. AIction technical staff may access it at the request of the customer for technical troubleshooting or support. In the event of data breach or data loss, AIction will immediately notify all affected customers. See also note above ‘Security consideration for IT’ for additional information.