Ocean Sky Network Co., Ltd. and its affiliates (hereinafter referred to as “the Company” or “we”) are committed to delivering transparent, secure, and trustworthy services to foster confidence among our customers, users, and all individuals interacting with our services (hereinafter collectively referred to as “you”).

This policy has been developed to outline the principles and practices the Company adopts for managing personal data in relation to the use of Artificial Intelligence (AI) technologies, specifically within the AI Studio and AI Assistant systems. These systems are integral tools supporting in-depth data analysis and processing. The Company utilizes AI technologies provided by reputable and internationally recognized third-party AI service providers with strong security standards, to ensure that your data is handled with appropriate care and protection at every stage of processing.

1. Purpose of the Policy

We recognize the critical importance of protecting your personal data, especially in the context of leveraging Artificial Intelligence (AI) to enhance service efficiency and enrich user experience across all dimensions. Accordingly, this policy defines the guidelines for handling the data you provide to our AI systems, particularly through the AI Studio and AI Assistant services. These services are designed to support data analysis, deep content synthesis, and user interaction. Our approach emphasizes security, transparency, and respect for your data rights, aiming to build trust by adhering to international privacy standards and ethical AI principles.

2. Scope of Artificial Intelligence (AI) Usage

The Company utilizes Artificial Intelligence (AI) technologies provided by external third-party AI providers to enhance the efficiency of our services. These technologies are used to support data analysis, the generation of insights, and personalized interaction with users in ways that are tailored to individual needs.

The implementation of AI technologies encompasses the following key activities:

1) Analysis and summarization of publicly available data from social media platforms, including posts, comments, reviews, keywords, and hashtags.

2) Collection of public identity information, such as usernames and display names associated with public content.

3) Processing of related metadata, such as timestamps, post locations, and engagement metrics.

4) Extraction and analysis of public multimedia content, such as images, videos, and GIFs.

5) Trend analysis and insight synthesis, to identify behavioral patterns, emerging trends, or key topics of interest.

6) Content clustering or classification, grouping content by similar attributes or themes for structural analysis purposes.

7) Automated interactions via AI Assistant, enabling users to access and interact with information more efficiently.

8) Processing of uploaded files, including .pdf, .docx, and .csv formats, with content analyzed strictly according to the specific instructions provided by the user.

All data processing is strictly limited to content that users voluntarily input into the system. No data is retained within the Company's systems after processing is complete. The Company adheres to the principle of Data Minimization, ensuring that no personal data is used or stored beyond what is necessary.

Additionally, the Company may collect and analyze publicly disclosed personal data from online platforms based on a Legitimate Interest legal basis, ensuring that such processing is necessary, proportionate, and respects the fundamental rights and freedoms of the data subject.

3. Data Storage and Processing

3.1 The data you input into the AI Studio and AI Assistant systems will be stored temporarily (Temporary Storage) solely for the purpose of automated processing. Upon completion of the processing or the end of your session, such data will be automatically deleted from the system in accordance with the Company’s data management policies.

3.2 The Company does not retain such data on a long-term basis and will not reuse the data you provide for any purposes beyond the scope of the service provided at that time.

3.3 All data processing is conducted within a highly secure and isolated environment under a strict Zero Human Access Policy. This means no individual, including employees or system administrators of the Company, can access or disclose the raw data content you submit for any reason whatsoever.

3.4 Your data is transmitted through advanced encrypted channels to ensure confidentiality and security during transfer to the Company’s external AI service providers (Third-Party AI Providers).

3.5 The external AI service providers will process your data solely for the purposes explicitly instructed by you, such as summarization, categorization, or key information extraction, and usage is strictly limited to these instructions.

3.6 The Company only receives the results of the AI processing to display on its platform. The original data is neither stored nor retained within the Company’s systems after processing is complete.

3.7 To ensure proper management of user data by external AI providers, the Company has established guidelines and requirements in cooperation with the Third-Party AI Providers it engages. These guidelines are incorporated in agreements and collaboration frameworks aligned with international data protection standards as follows:

Purpose Limitation: Your data will be processed by external AI providers solely within the scope of the defined instructions and cannot be used for any other purposes beyond the agreement.

No Model Training: The Company requires that external AI providers are prohibited from using your data to train, improve, or develop AI models now or in the future.

Transient Processing Only: External providers perform only temporary data processing and do not retain any data after processing is completed.

Data Security and Confidentiality: The Company works exclusively with AI providers who meet high security standards and are bound by Data Processing Agreements (DPA) to ensure that your data is protected in compliance with applicable laws.

4. Disclosure of Information and Consent to Personal Data Processing

The Company places utmost importance on the principles of transparency and informed consent in the processing of personal data. Our systems and user workflows are designed to enable users to make fully informed decisions prior to using the Company’s AI Studio and AI Assistant services.

By using the Company’s AI Studio and AI Assistant services, you acknowledge and consent that any data you submit— whether text, files, or other data formats will be processed by the Company’s external AI service providers (Third-Party AI Providers) solely for the specific purposes related to the provision of services as requested by you.

Such processing will not be used for purposes beyond the scope of service delivery, and personal data will not be retained after the processing is completed. The Company implements appropriate controls and agreements with external AI providers to ensure compliance with applicable laws and protection of the data subject’s rights.

5. Data Security Measures

The Company places the highest priority on safeguarding the security of the data you input into the system by systematically applying technological and governance measures. These are designed to enhance security at all levels, prevent unauthorized data access, and maintain data confidentiality, integrity, and availability. The Company implements the following key security measures:

5.1 End-to-End Encryption All data transmitted between you and the Company’s systems is encrypted at every stage— from origin to destination—to prevent third parties from intercepting or accessing the data during transmission. This encryption includes:

Encryption in Transit: Data in transit is protected using the latest version of the TLS security protocol.

Encryption at Rest: Temporarily stored data is encrypted using AES-256, an internationally recognized standard.

Key Management: Encryption keys are rigorously managed and controlled to ensure that no unauthorized individuals can decrypt the data.

5.2 Access ControlThe Company enforces a Least Privilege access policy, granting access only to authorized personnel who require it to perform their legitimate duties, ensuring limited and controlled access to systems and data.

5.3 Non-Disclosure Agreements (NDA) All employees, developers, and relevant personnel are required to sign NDAs and strictly adhere to the Company’s security policies regarding data access.

5.4 Security Audits and TestingThe Company conducts regular internal audits and security testing to identify potential vulnerabilities proactively and implement corrective measures before risks can materialize.

5.5 Data Lifecycle Management Automated systems manage data throughout its lifecyclefrom collection, processing, to deletion after use, to minimize human error and maintain the highest data security standards.

5.6 Secure Infrastructure All Company systems operate on infrastructure certified to meet international security standards, including data centers, cloud technologies, and risk management controls, supporting secure data processing across all dimensions.

6. Core Principles for the Use of AI Technology

The Company adheres to a set of core principles in the use of Artificial Intelligence (AI) to ensure transparency, fairness, and strict protection of users' personal data. These principles include:

6.1 Transparency: Disclose the purposes, methods, and scope of AI usage.

6.2 Consent: Use data strictly within the scope of the user’s informed consent.

6.3 Fairness: Ensure AI systems are free from bias and do not negatively impact users.

6.4 Data Security: Implement data protection measures at every stage of the processing lifecycle.

6.5 Accuracy: Process data with care to produce reliable and trustworthy outcomes.

6.6 Accountability: The Company assumes full responsibility for the management and use of AI technologies.

6.7 No Retention Beyond Purpose: User data is not retained after the processing has been completed and is deleted once its intended use is fulfilled.

7. Use of AI Technologies from Third-Party Providers

The Company is committed to conducting appropriate Data Protection Impact Assessments (DPIA) when adopting new forms of Artificial Intelligence (AI) technologies. These assessments aim to evaluate potential risks associated with the processing of personal data and to ensure that control measures align with core privacy principles, including data minimization, appropriateness, and proportionality.

Currently, the Company integrates AI technologies from three trusted third-party providers GPT (by OpenAI), Gemini (by Google Cloud AI), and Anthropic to support data analysis and user interaction processes. All integrations are carried out under a clearly defined purpose, based on your informed consent, and do not involve data retention after processing is completed.

To promote transparency and enhance user confidence, you may review the privacy policies, terms, and conditions of each AI provider directly via their official websites:

• OpenAI (GPT): https://openai.com/policies/privacy-policy/
• Enterprise privacy at OpenAI: https://openai.com/enterprise-privacy
• Google Cloud AI / Gemini: https://policies.google.com/privacy
• Anthropic: https://www.anthropic.com/privacy

8. Your Rights Regarding Personal Data

The Company places great importance on your rights as the data subject and is committed to handling your personal data appropriately, transparently, and with clear accountability, especially when Artificial Intelligence (AI) technologies are involved in data processing. We are dedicated to ensuring that your data is treated fairly and with balance. Your rights include:

8.1 Right of Access You have the right to request information regarding the storage and processing of your personal data, including access to an appropriate copy of your data.

8.2 Right to Rectification If your data is inaccurate or incomplete, you may request that the Company correct and update the information accordingly.

8.3 Right to Erasure You may request the deletion or destruction of your personal data under certain conditions, such as when the data is no longer necessary or when you withdraw your consent. The Company reserves the right to consider such requests based on appropriateness and legal obligations.

8.4 Right to Restriction of Processing You may request a temporary suspension of the processing of your data in specific situations, such as during the verification of its accuracy or while your objection is under review.

8.5 Right to Object You may object to the processing of your personal data in certain circumstances, particularly when the data is used for profiling, in-depth analytics, or marketing purposes.

8.6 Right to Withdraw Consent You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal will not affect any processing that has already taken place prior to the withdrawal. You are advised to consider the potential consequences before exercising this right.

8.7 Right to Data Portability You may request to receive your personal data in a structured, commonly used, and machine-readable format, and, where technically feasible, request that it be transferred to another party.

8.8 Right to Raise a Concern If you have any concerns, questions, or complaints regarding how your data is being handled, the Company provides a communication channel for submitting inquiries or complaints, which will be considered and addressed as appropriate.

9. Policy Review and Updates

The Company reserves the right to periodically review and update this policy as necessary to ensure compliance with applicable legal requirements and relevant standards. Any changes will take effect immediately upon publication of the updated policy on the Company’s website or through other appropriate channels. We encourage you to review this policy regularly to stay informed of any updates.

10. Contact Information

If you have any questions or concerns regarding this policy, you may contact:

1) Data Controller

Company Name: Ocean Sky Network Co., Ltd.

Address: 846/6 Summer Lasalle Building A5 Unit no. A521-5, Lasalle Road Bangna Tai Sub-District, Bangkok, Thailand 10260

Phone: 0 2513 9744 at 9:00-18:00 น.

2) Data Protection Officer: DPO

Address: 846/6 Summer Lasalle Building A5 Unit no. A521-5, Lasalle Road Bangna Tai Sub-District, Bangkok, Thailand 10260

Email: [email protected]