AI PRIVACY POLICY
Artificial Intelligence Privacy Policy (AI Privacy Policy)
Ocean Sky Network Co., Ltd.
Ocean Sky Network Co., Ltd. and its affiliates (hereinafter referred to as “the Company” or “we”) are committed to delivering transparent, secure, and trustworthy services to foster confidence among our customers, users, and all individuals interacting with our services (hereinafter collectively referred to as “you”). This policy outlines how we manage personal data in connection with the use of Artificial Intelligence (AI) technologies within our AI Studio and AI Assistant systems, which are designed to support advanced data analysis and intelligent interactions. We utilize AI technologies provided by reputable third-party providers with globally recognized standards and robust security measures to ensure that your data is handled appropriately at every stage.
1. Purpose of the Policy
The Company recognizes the importance of personal data protection and data security. This is especially true in the provision of services involving the application of Artificial Intelligence (AI) technology to enhance service efficiency and improve user experience.
Accordingly, the Company has established this policy to define guidelines for managing the data you provide to the Company’s AI systems, particularly through the “AI Studio and AI Assistant” services. These systems are designed to support content creation, data analysis, and answering user queries efficiently, while prioritizing data security, transparency, and respect for data ownership rights. This is to ensure your confidence that your data will be properly protected and managed in accordance with international standards of privacy and ethical AI use.
2. Scope of Artificial Intelligence (AI) Usage
The Company utilizes Artificial Intelligence (AI) technology from external service providers (Third-Party AI Providers) to enhance service efficiency. The purpose of this implementation is to support data analysis, in-depth data management, and user interactions in the form of responsive, relevant, and appropriate communication. The use of such AI technology covers the following key activities:
2.1 Public Data Processing
2) Publicly available profile information (usernames, display names, profile images)
1) Analysis and summarization of publicly available social media content (posts, comments, reviews, keywords, hashtags)
4) Public multimedia content, including publicly available images, audio, videos, and GIFs.
3) Metadata (timestamps, location, engagement metrics)
6) Content clustering or classification based on similar characteristics or topics (Content Clustering) for the purpose of structural analysis.
5) Trend synthesis and insight analysis for identifying behaviors, directions, or significant issues (Trend Analysis).
2.2 Consent-Based Data Processing
1) Access to your social media accounts (with explicit permission) for managing messages, posts, and interactions
2) AI Assistant interactions for answering queries
3) Processing of uploaded files (e.g., PDF, DOCX, CSV, XLSX, TXT, MD, PPTX, images, audio, video)
All data processing will be carried out exclusively on information that you voluntarily provide to the system, with your consent or authorization. Such data will be used solely for specific purposes related to data analytics (Analytics) and AI processing (AI Processing), and only within clearly defined and relevant scopes of use.The Company will not use your data for any other purposes. After the processing is completed, the data will not be retained in a form that can identify you, in order to ensure appropriate handling. The Company strictly adheres to the principles of data minimization and respect for data subject rights.
The Company may also collect and analyze personal data that data owners have made publicly available on online platforms, based on the legal basis of legitimate interest. This is done to support the Company’s services and objectives, with due consideration of necessity, appropriateness, and a balanced protection of the rights and freedoms of data subjects.
3. Data Storage and Processing
3.1 Data you provide to AI Studio and AI Assistant This does not include data collected directly from public sources (e.g., social media). It covers the following:
1) Data that the Company receives from the Mandala AI system.
2) Data that you have linked or authorized access to through your social media accounts (Social Accounts Link) or other related services.
3) Data files voluntarily uploaded by you into the system, including document files (.pdf, .docx, .csv, .xlsx, .txt, .md, .pptx), image files (.jpg, .png, .jpeg), audio files (.m4a, .mp3), and video files (.wmv, .mp4).
The Company does not permanently retain data for commercial purposes or for secondary reuse purposes (No Persistent Storage for Secondary Use). However, data may be temporarily retained for a limited period solely as necessary for processing purposes (Transient / Temporary Processing) in connection with the provision of services, such as analytics or AI processing activities performed by third-party AI technology providers (Third-Party AI Providers), within the scope initiated by you or based on your voluntary consent.
3.2 The Company will not retain personal data longer than necessary and will retain such data only for the period required to fulfill the purposes of processing or as required by applicable law. The Company will not reuse such data for activities unrelated to the stated purposes. Such retention may include limited retention periods for purposes relating to system security, audit activities, or compliance with legal obligations.
3.3 All data processing activities are conducted within a highly secure and isolated environment (Isolated Environment) under the principle of restricted human access (Restricted Human Access). The Company limits access to your data strictly to authorized personnel who have a legitimate need to access such data in the course of their duties and who are subject to strict access control measures (Strict Access Control). Monitoring activities are conducted at the system level (System-level Monitoring), and the Company avoids accessing personal data at the content level unless required by law and subject to appropriate control and governance procedures.
3.4 All data processing activities are conducted within a highly secure and isolated environment (Isolated Environment) under a strict Zero Human Access Policy. This means that the Company does not permit any individual, including employees or system administrators, to access or disclose your raw data content, except where necessary under the specified conditions and subject to applicable governance and control requirements.
However, in order to maintain the overall security and integrity of the system, the Company reserves the right to allow system administrators to access certain types of data only where necessary and within an appropriate scope. Such access may include reviewing user prompts entered into the system, examining linked social media accounts that may involve unlawful activities or conduct contrary to public morals, as well as monitoring other usage activities that may pose risks of violating the rights of others or contravening ethical standards relating to the use of the system.
Such access shall be carried out only where there is a legitimate reason and within an appropriate scope, for the purposes of preventing, monitoring, and maintaining the security of users, the system, and society as a whole, under strict control and governance measures. Such access shall not include access to content-level personal data (Content-Level Personal Data), unless required by law or expressly consented to by the data subject.
The Company shall not use, disclose, transfer to any third party, or utilize any data obtained through such monitoring processes — whether user prompts entered into the system (Prompts) or data linked from social media accounts — for the purpose of training, improving, or developing any artificial intelligence models, whether now or in the future. Such data will not be used for any such purposes.
3.5 Your data will be transmitted through advanced encryption channels (Encryption) to ensure confidentiality and security during transmission to the Company’s third-party AI providers (Third-Party AI Providers).
3.6 Third-party AI providers will process your data solely for the purposes requested by you, such as summarization, classification, analysis, or extraction of key insights, with the scope of use strictly limited to such requested instructions.
3.7 The Company primarily receives and displays the outputs generated by artificial intelligence (AI) systems operated by third-party AI providers (Third-Party AI Providers) solely for display on the Company’s platforms or systems. The original data entered into the system by users will be used exclusively for processing in accordance with the users’ instructions, and the Company will not retain such data beyond what is necessary or store it for long-term retention, except where required for maintaining system security, compliance with legal obligations, or related technical purposes, all of which shall be subject to appropriate data protection measures.
In connection with such services, data may be transmitted to third-party AI providers for temporary processing (Transient Processing) under the instructions of the user. Such providers shall act as Data Processors and shall not use the data for any purposes other than the instructions received.
The Company will implement appropriate measures to reduce the identifiability of data subjects (De-identification), as appropriate, and in accordance with the principle of Data Minimization. Such measures may include anonymization or pseudonymization processes conducted before or during processing, where appropriate.
3.7.1 Disclaimer on AI Outputs
The outputs generated by the AI system may be automatically generated and may not always be verified for accuracy, completeness, or suitability for any specific context. The Company does not guarantee the accuracy, completeness, or reliability of such outputs. Users should exercise their own discretion and should not rely solely on such outputs as the basis for decision-making without further review or verification. In particular, such outputs should not be used in legal, financial, medical, or other high-impact decision-making contexts without review by qualified professionals.
In the event of any errors, damages, or disputes arising from the interpretation, use, or application of outputs generated by the AI system in an inappropriate, unlawful manner, or in violation of the rights of others, users shall be solely responsible for exercising judgment and determining the use of such outputs. To the fullest extent permitted by applicable law, the Company shall not be liable for any damages arising from the use of or reliance upon such outputs.
3.8 Guidelines for Controlling Data Processing by Third-Party AI ProvidersTo ensure confidence in the management of users’ data, the Company has established guidelines and requirements with the third-party AI technology providers (Third-Party AI Providers) utilized by the Company. These guidelines are incorporated into agreements and cooperation frameworks that are aligned with international standards for personal data protection, as follows:
- Purpose Limitation: Your data will be processed by third-party AI providers solely within the scope of the specified instructions or purposes and will not be used for any activities beyond the agreed purposes, unless the Company has obtained your prior explicit consent (opt-in) or where you have specifically requested such processing.
- No Model Training: Your data, including Prompts, Outputs, and Metadata, will not be used for training, improving, or developing AI models, whether now or in the future, unless the Company has obtained your prior explicit consent (opt-in).
- Transient Processing with No Data Retention: Third-party AI providers will process data solely on a temporary basis in accordance with the user’s instructions, and no data will be stored or retained after the completion of such processing activities.
- Data Security and Confidentiality: The Company works with AI providers that maintain high security standards and are subject to Data Processing Agreements (DPAs) to ensure that your data is protected in accordance with applicable legal requirements and data protection principles.
If, in the future, the Company needs to use your data for purposes beyond those specified above, the Company will always obtain your prior explicit consent before proceeding with such use.
Conversely, if you request or express your intention for the Company to use your data for specific purposes, such as training, improving, or developing an AI model tailored specifically to your needs, the Company may proceed under a clearly defined agreement framework and based on your voluntary opt-in consent.
However, if a user requests that the system retain data in a non-transient storage manner for the purpose of tracking or continued processing, the system may do so subject to the user’s explicit consent (opt-in) and in accordance with the applicable agreement.
3.9 International Data Transfers In certain cases, data entered into the system by users may be processed by third-party AI providers located in foreign jurisdictions. Such processing shall occur solely in accordance with the user’s instructions and only on a transient processing basis (Transient Processing). The Company will ensure that such cross-border data transfers comply with applicable legal requirements and that appropriate safeguards are implemented to protect the rights of data subjects. Such safeguards may include internationally recognized transfer mechanisms, such as Standard Contractual Clauses (SCCs), together with consideration of the level of data protection in the destination country and the implementation of appropriate supplementary measures (Supplementary Measures).
3.10 The Company will not engage in profiling (Profiling) or automated decision-making (Automated Decision-Making) that may produce legal effects or similarly significant impacts on your rights, unless the Company has obtained your prior explicit consent (Explicit Consent) or there is a clear and sufficient legal basis for doing so. In all cases, the Company will implement appropriate safeguards (Appropriate Safeguards) to protect your fundamental rights and freedoms in accordance with Article 22 of the GDPR (GDPR Art. 22).
4. Collection, Use, Disclosure & Consent
The Company prioritizes the principles of Transparency and Informed Consent in the processing of personal data. Through the design of our systems and operational processes, we ensure that users can make well-informed decisions before commencing use of the Company’s AI Studio and AI Assistant services.
By using the Company’s AI Studio and AI Assistant services, you acknowledge and consent to having the data you input into our system—whether in the form of text, files, or any other data format—processed by the Company’s Third-Party AI Providers solely for specific purposes related to the services you have requested. Such processing will not be utilized for any purposes beyond the scope of service delivery, and no personal data will be retained after the process is complete. The Company maintains appropriate control measures and agreements with Third-Party AI Providers to ensure that operations comply with the law and do not infringe upon the rights of data subjects.
Furthermore, you may exercise your right to withdraw consent (opt-out) through the Company’s system. Such withdrawal shall not affect the processing of data carried out prior to the withdrawal. In the event that you do not wish for certain types of data to be processed or do not want your data to be used further, you may exercise your opt-out rights according to the procedures prescribed by the Company. The Company will respect your decision without affecting your fundamental rights to access and utilize the system.
5. Data Security Measures
The Company places the highest priority on maintaining the security of the data you input into the system. We systematically apply technological and governance frameworks to strengthen data security at every level, mitigate risks of unauthorized access, and ensure the confidentiality, integrity, and availability of data. Accordingly, the Company employs the following key security measures:
5.1 Data Encryption (Encryption) All data transmitted between you and the Company’s systems will be encrypted at every stage, from end to end, to prevent unauthorized third parties from accessing or intercepting such data during transmission. This encryption includes:
- Encryption in Transit: Data being transmitted is encrypted using the latest TLS security protocols.
- Encryption at Rest: Data temporarily stored in the system is encrypted using the AES-256 standard, which is an internationally recognized encryption standard.
- Key Management: The system employs rigorous management and control of encryption keys to ensure that no unauthorized individuals can decrypt the data.
5.2 Access Control: The Company enforces access restriction policies based on the principle of Least Privilege, ensuring that only individuals with a necessary and legitimate authorization can access relevant systems or data.
5.3 Non-Disclosure Agreement (NDA): All employees, developers, and relevant personnel are required to sign a Non-Disclosure Agreement and must strictly adhere to data access security requirements as stipulated by the Company's policies.
5.4 Security Audit & Testing: The Company conducts regular Internal Audits and security system testing to identify potential vulnerabilities and implement proactive corrective measures before risks can cause an impact.
5.5 Data Lifecycle Management: Automated systems are utilized to manage data throughout every stage of its lifecycle—from ingestion and processing to deletion after use—in order to eliminate Human Error and maintain maximum data security.
5.6 Secure Infrastructure: All of the Company's systems operate on infrastructure certified to international security standards, encompassing data centers, cloud technology, and risk controls to support secure data processing in every dimension.
6. Personal Data Breach Management
In the event of a personal data breach, the Company will investigate the incident, assess the associated risks, and notify the relevant supervisory authorities and affected data subjects within the timeframes required by applicable law. The Company will also implement appropriate and timely remedial measures to mitigate any potential impacts arising from such incident.
7. AI Governance Principles for the Use of AI Technology (AI Governance Principles)
The Company adheres to key principles in the use of Artificial Intelligence (AI) technologies to ensure transparency, fairness, and strict protection of users’ personal data. These principles include the following:
7.1 Transparency: Clearly communicating the purposes, methods, and scope of AI usage.
7.2 Consent: Using data only within the scope of the consent granted by users.
7.3 Fairness: Ensuring that AI systems are free from bias and do not adversely affect users.
7.4 Data Security: Implementing data protection measures at every stage of processing.
7.5 Accuracy: Processing data with due care to ensure reliable and trustworthy outcomes.
7.6 Accountability: The Company shall be fully responsible for the management and use of AI technologies.
7.7 No Retention Beyond Purpose: User data shall not be retained after the completion of the processing activities.
7.8 Human Oversight: The Company ensures that the use of AI technologies remains subject to appropriate human review and oversight, and that there will be no fully automated decision-making conducted without meaningful human supervision.
7.9 Explainability: The Company will endeavor to ensure that the operation and outputs of AI systems can be explained to an appropriate extent.
8. Use of AI Technologies from Third-Party AI Providers (Third-Party AI Providers)
The Company is committed to conducting appropriate Data Protection Impact Assessments (DPIA) when introducing new forms of Artificial Intelligence (AI) technologies. Such assessments are intended to analyze potential risks arising from the processing of personal data and to evaluate control measures that align with key privacy principles, including Data Minimization, Appropriateness, and Proportionality.
At present, the Company utilizes Artificial Intelligence (AI) technologies from reputable third-party providers to support data analytics processes and user interaction services, including GPT (by OpenAI), Gemini (by Google LLC), Claude (by Anthropic, PBC), Qwen (by Alibaba Cloud Intelligence Group), DeepSeek (by DeepSeek AI), and Perplexity (by Perplexity AI, Inc.
Such providers act as Data Processors under the instructions of the Company and/or the users acting as Data Controllers. Data processing shall occur solely on a transient processing basis (Transient Processing) for the purposes requested by users, and the data will not be used for any other purposes beyond those specified under the agreements established by the Company or for the benefit of such providers. The Company does not retain personal data after the completion of the processing activities, except where retention is necessary pursuant to contractual obligations or applicable legal requirements.
For transparency and to provide assurance, you may review the privacy policies, terms, and conditions of each service provider directly through their official websites, as follows:
- GPT (by OpenAI): https://openai.com/policies/privacy-policy/
- OpenAI (Enterprise Privacy): https://openai.com/enterprise-privacy
- Gemini (by Google LLC): https://policies.google.com/privacy
- Claude (by Anthropic, PBC): https://www.anthropic.com/privacy
- Qwen (by Alibaba Cloud Intelligence Group): https://www.alibabacloud.com/help/en/legal/latest/privacy-policy
- DeepSeek (by DeepSeek AI): https://www.deepseek.com/privacy
- Perplexity (by Perplexity AI, Inc.): https://www.perplexity.ai/hub/legal/privacy-policy
9. Your Rights Relating to Personal Data
The Company recognizes the importance of your rights as a data subject and is committed to handling your personal data in an appropriate, transparent, and accountable manner, particularly where Artificial Intelligence (AI) systems are used in data processing activities. The Company seeks to ensure that your data is treated fairly and proportionately. Details of your rights are as follows:
9.1 Right of Access: You have the right to request information regarding the collection, storage, or processing of your personal data, including the right to obtain copies of relevant personal data within an appropriate scope.
9.2 Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request that the Company correct and update such data to ensure its accuracy and completeness.
9.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data in certain circumstances, such as where the data is no longer necessary or where you no longer wish for the data to be retained. The Company reserves the right to consider such requests as appropriate and in accordance with applicable legal requirements.
9.4 Right to Restriction of Processing: You may request that the Company temporarily restrict the processing of your personal data in certain circumstances, such as during the verification of the accuracy of the data or while your objection request is under consideration.
9.5 Right to Object: You have the right to object to the processing of your personal data in certain circumstances, particularly where such data is used for profiling, analytical purposes, or marketing-related activities.
9.6 Right to Withdraw Consent: You may withdraw your consent for the use of your personal data at any time. Such withdrawal shall not affect any processing activities lawfully carried out prior to the withdrawal. However, the Company recommends that you carefully consider any potential impacts before proceeding with the withdrawal of consent.
The withdrawal of consent or objection to such processing constitutes your right to opt out of data processing activities that you no longer wish to be carried out. The Company will respect your decision without affecting your fundamental rights to access and use the system.
9.7 Right to Data Portability: You have the right to obtain your personal data in a structured, commonly used, and machine-readable electronic format (Machine-Readable Format), and may request that such data be transferred to a third party where technically feasible.
9.8 Right to Raise a Concern: If you have any questions or concerns regarding the use of your personal data, the Company provides channels through which you may contact the Company, submit inquiries, or file complaints for appropriate consideration and action.
10. Policy Review and Updates
The Company reserves the right to periodically review or amend this Policy as necessary to ensure compliance with applicable laws and relevant standards. Any changes shall become effective immediately upon publication of the updated Policy on the Company’s website or through other appropriate communication channels. We recommend that you review this Policy regularly.
11. Contact Information
If you have any questions or concerns regarding this policy, you may contact:
1) Data Controller
Company Name: Ocean Sky Network Co., Ltd.
Address: 846/6 Summer Lasalle Building A5 Unit no. A521-5, Lasalle Road Bangna Tai Sub-District, Bangkok, Thailand 10260
Phone: 0 2513 9744 at 9:00-18:00 น.
2) Data Protection Officer: DPO
Address: 846/6 Summer Lasalle Building A5 Unit no. A521-5, Lasalle Road Bangna Tai Sub-District, Bangkok, Thailand 10260
Email: [email protected]