At TextCortex, we understand the importance of privacy and data security. Our platform is designed not only to enhance content creation but also to respect user privacy and handle data with utmost attention and care. This article provides a comprehensive explanation of how we manage and utilize the data you share with us.
1. General Usage Data
When you use the TextCortex App, TextCortex Browser Extension or TextCortex API, we may utilize the data you provide to enhance and refine our AI models. This is aimed at ensuring an improved and more personalized user experience. However, we respect your privacy preferences. If you choose not to have your data used in this manner, you can opt out simply by submitting this form. Once you opt out, be assured that none of your new interactions will be used to train our models.
2. Knowledge Base Document Uploads
The documents you upload to your knowledge base are solely for your personal use and enhancement of the tool's functionality. By default, we do not use the uploaded data for re-training our models. These files are stored securely and persist only as long as you keep them in your knowledge base. Should you choose to delete them, they are permanently removed from our systems.
3. Knowledge Base Document Processing
The processing of your knowledge base documents is done exclusively by TextCortex, without the involvement of any third parties. This helps maintain the confidentiality and integrity of your data.
4. Persona Creation
We do not use the data you provide during persona creation to train our AI models. The "Text Examples" or "Backgrounds" you provide are used solely for the purpose of defining your AI persona and do not contribute to our general model training data.
If at any point you decide to delete a persona you have created, the corresponding "Text Examples" and any related data are also completely removed from our system.
5. AI Models and Data Compliance
We currently employ three AI models: Sophos-1, Sophos-2, and GPT-4. Sophos-1 and Sophos-2 are hosted in Europe, strictly adhering to the General Data Protection Regulation (GDPR) policies. On the other hand, the GPT-4 model is hosted in the US, and the user data associated with it is shared with the third party, OpenAI, in compliance with their policies.
6. Data Retention and Improvement
While we do retain certain data from your interactions with us, we make sure to minimize the personal information in our training datasets before they are used to enhance our models. This anonymized data helps us better understand user needs and preferences, allowing our AI models to evolve and become more efficient over time.
In conclusion, at TextCortex, we strive to offer you a robust AI tool that not only helps you create content faster but also respects and protects your data. Your trust is our top priority, and we are committed to maintaining the highest standards of data privacy and security.
7. Enterprise Data
At TextCortex, we understand that enterprise-level services require heightened levels of privacy and data security. We are committed to providing our enterprise clients with the assurance they need when it comes to their data protection.
For our enterprise services, we maintain a strict no-data-collection policy. This means that no data shared with us through our enterprise services is collected or stored. Furthermore, we do not use any enterprise data to train our AI models. This includes all data generated during the use of our services, from content creation to any form of communication.
We ensure that your data remains strictly within your control, providing a secure environment for you to leverage our AI tools without any concerns about data usage.
This policy, like all our data handling practices, reflects our unwavering commitment to data privacy and security. At TextCortex, we provide not just powerful AI tools, but also the peace of mind that comes with knowing your data is in safe hands.
8. Speech-to-text Data
We offer a speech-to-text function that requires microphone access within users' browsers. Keep in mind that we do not collect or retain any voice data from this function. The speech-to-text function is only executed within the user's browser and requires explicit permission to enable microphone access within the browser settings. Once enabled, the function processes the voice data in real-time and converts it to text within the user's browser. We take data privacy and security very seriously, and we are committed to ensuring that your data remains safe and secure with us.
9. AI Content Policy
We have designed our AI models to thoroughly scrutinize and control any input that may imply violence, bias, or harmful content. The models are trained not to generate, endorse or promote any content that is violent, harms or threatens the safety of individuals or groups, or promotes discrimination or bias based on attributes such as race, religion, gender, age, nationality, or sexual orientation.
Our AI Content Policy is a testament to our commitment to uphold ethical standards in AI usage. We continuously work towards refining our models to detect and prevent the generation of inappropriate content. By doing so, we aim to create a safer, more respectful environment for our users and contribute positively to the broader online community.
10. Admission control (physical)
In order to ensure the security of personal data processed and utilized within the ICT facilities, it is imperative that access to these facilities is strictly regulated and limited only to authorized personnel. To this end, TextCortex implements a range of technical and organizational measures as outlined in the basic contract, including but not limited to:
- 1.1. Implementation of alerting mechanisms for personnel operating in critical areas
- 1.2. Establishment of a manual locking system with robust key management protocols, including key registration and distribution systems
- 1.3. Implementation of visitor registration protocols to track and monitor access to the facilities
- 1.4. Installation of an electronic locking system utilizing chip card or transponder technology for securing sensitive areas
- 1.5. Careful selection and training of third-party personnel, such as cleaning and building services, to ensure they are aware of and adhere to the established security policies and procedures.
11. Access control (logical)
At TextCortex, we are committed to ensuring the secure processing of data throughout its lifecycle. To prevent unauthorized access, logical access controls are implemented to regulate access to our information and communication technology (ICT) systems.
We also implement technical and organizational measures to safeguard the collection, processing, and use of personal data by our processors.
These measures include:
- 2.1 Authentication measures with username and password, with password issuance based on valid password rules
- 2.2 Updated anti-virus software to detect and prevent potential threats
- 2.3 Updated firewall versions to secure the perimeter and/or between other networks
- 2.4 User profiles with restricted access to sensitive information
- 2.5 Encryption of mobile data carriers to protect against data loss or theft
- 2.6 Encryption of data carriers in laptops/notebooks to ensure data security
- 2.7 Centralized smartphone management software for external data erasure
Our standard policy is to prohibit anything that is not explicitly permitted, further enhancing our data security measures. By prioritizing the implementation of these measures, we ensure that our enterprise clients can confidently leverage the power of large language models while maintaining a secure digital environment.
12. User Access Control
User Access Control is a crucial aspect of data security. To ensure that only authorized personnel can access information within their respective user access area, robust authorization systems and information security measures are implemented. The following technical and organizational measures are implemented for the collection, processing, and use of personal data by TextCortex:
- 3.1. Roles and authorizations based on the "need-to-know principle" are used to control access.
- 3.2. The number of administrators is minimized, restricted to the absolute minimum needed.
- 3.3. User access to applications, as well as data entry, modification, and erasure, are logged.
- 3.4. Data carriers are securely erased before reuse.
- 3.5. Physical destruction, in accordance with DIN 66399, or hiring an appropriate service provider, are used to dispose of data carriers.
- 3.6. Rights are managed by specified system administrators and/or an identity management system with a defined process.
- 3.7. A password guideline, defining the complexity, length, and period of validity of the password or authentication using two factors and/or biometric methods, are implemented.
- 3.8. Data carriers are stored securely based on the criticality of the data, using lockable cabinets and drawers, data safes, and similar measures.
- 3.9. Data is stored securely based on its classification and/or encryption.
Enterprises can ensure that access to sensitive data is closely controlled and monitored, reducing the risk of unauthorized access, data breaches, and other security incidents.
By implementing these measures, TextCortex can significantly reduce the risk of unauthorized access to personal data and ensure compliance with data security regulations.
13. Transfer Control
To maintain data security during electronic transmission and storage, strict transfer controls are implemented to prevent unauthorized access, copying, modification, or removal of personal data. It is also essential to track and monitor where personal data is sent. The following technical and organizational measures are implemented for the collection, processing, and use of personal data by TextCortex:
- 4.1. Encryption measures, such as TLS, must be implemented during data transfer on the internet or networks that are not under sole control, using secure cryptographic procedures.
By implementing these measures, enterprises can ensure that personal data is protected during transfer and storage, minimizing the risk of data breaches and unauthorized access.
14. Input Control
Input control is an essential aspect of data security, as it enables to monitor and track the entry, modification, and removal of personal data within the data processing systems. To ensure effective input control, TextCortex implemented the following technical and organizational measures:
- 5.1. Logging measures: A robust logging system should be in place to record all entries, changes, and erasures of data. This log should be regularly reviewed and audited to identify any suspicious activities or potential security breaches.
- 5.2. Traceability measures: To ensure traceability, it is important to track individual user names rather than user groups. This allows for more precise identification and accountability in case of any data security incidents.
- 5.3. Authorization measures: Access to data should be granted based on an authorization concept that specifies the rights of each user or user group. This ensures that only authorized users can enter, modify, or remove specific data.
- 5.4. Overview measures: Maintaining overview lists that indicate which applications can be used to enter, modify, or remove data is also crucial. This helps organizations keep track of their data processing systems and ensures that only authorized applications are used to access sensitive data.
By implementing these measures, TextCortex can ensure effective input control and maintain a secure and compliant data processing environment.
15. Availability Control
To ensure the protection of personal data against inadvertent destruction or loss, TextCortex ensures in own data centers as well in collaboration with leading Cloud providers to follow technical and organizational measures for the collection, processing, and use of personal data:
- 6.1. Climate control measures have been put in place in server rooms to ensure optimal temperature conditions.
- 6.2. Equipment has been installed to monitor temperature, humidity, and other variables in server rooms to prevent data loss.
- 6.3. Fire alarm systems have been implemented in server rooms to prevent and detect fires.
- 6.4. Suitable fire extinguishers or extinguishing systems have been installed in server rooms to prevent data loss due to fires.
- 6.5. A backup and restoration concept has been developed to ensure the availability of data in case of data loss.
- 6.6. Measures have been put in place to check the restoration of data within a defined time frame to minimize downtime.
- 6.7. Suitable organizational measures for PATCH management have been implemented to ensure the security of personal data.
- 6.8. Backed-up data is stored in another fire compartment or in a secure external location to prevent data loss in the event of a disaster.
- 6.9. Measures have been implemented to protect server rooms in flood zones to prevent data loss due to floods.
These measures are designed to ensure the availability and security of personal data throughout the data lifecycle. By implementing these measures, TextCortex can assure its clients of the highest level of data security and privacy compliance.
16. Separation Rule
We have established a separation rule to ensure that data collected for different purposes are processed separately. This includes implementing functional separation and limiting processing rights only to the extent necessary (separation of duties), which applies to administrators as well.
7.1. Measures for the establishment of database rights are in place
7.2. Measures for the separation of user access rights for various clients are in place
7.3. Measures for the separation of productive, quality and/or testing systems are in place
By adhering to these measures, we can guarantee the security and integrity of your data, providing peace of mind for our enterprise clients.