Back

Privacy & Cookie Policy

Up to date as of February 2024

General

Dean Intelligence Ltd. (the “Company") respects the privacy of its customers and is committed to protecting the personal information provided by it and kept by it. It is recommended to read this policy document in its entirety, and if a question arises - you can contact us at the email address: info@deanintelligence.com.
The policy may change depending on the dynamism of technology and company activity. Suppose we substantially change how we use or share the personal information collected from the customer as part of our services. In that case, this will be announced on the website and distributed by email to all our customers.

Infrastructure and systems operation

The company uses virtual servers hosted in computer farms of the cloud provider AWS.

The company relies on two channels of information sources:

  1. Data for analysis received from the customer as part of the use of the GenAI tools (summarization, drafting, review, etc.), which is processed on the company's servers and deleted upon successful completion of the analysis process.
  2. Data used for indexing that is received from the customer as part of the use of the "context search of databases" feature that is saved on the company's servers and stored encrypted according to the latest and accepted standards in the industry. The data received from customers is stored in the cloud until it is deleted.

 

The access permission given by the company to the customer allows the customer to see his\her data at any time (View) and to do an audit (Cloud Trail). For each customer, we save his\her data in a storage unit (S3 bucket) with his\her name, which is separate from other units, which ensures total compartmentalization between the various units and non-leakage of information between customers.

The data from the documents received from the customers are files accompanying the DATA in a visual format - PDF or other - these are stored in the S3 server of the Amazon company in Europe - which has a survivability of 99.999% in a storage volume purchased from the supplier AWS Hybrid Cloud Solutions, to which access is limited.
Access to the files can be limited only to an exclusive and closed list of IP addresses in the company.

Also, the provider (AWS) supports several audit capabilities for monitoring access requests to the company's S3 resources.See more details on the AWS website regarding the management of access to information and its security at: https://aws.amazon.com/s3/features/#Access_management_and_security and AWS compliance at https://aws.amazon.com/compliance

Collecting information from customers

Indirect information may be collected during the use of our services automatically, which allows the company's servers to identify/verify the particular customer and his/ her preferences:

  • End Device Features - Internet Protocol (IP) addresses, browser and operating system type, Internet Service Provider (ISP), geographic location, referring/exit/landing page details.
  • The customer's identity, date/time and duration of the access attempt, the system component they tried to access, the type of access, scope, and if the access was approved/rejected/failed.
  • Information contained in messages that the customer sends to the company by email or in the system portal - including the content of the message and the Metadata.
  • The company relies on the fact that the customer's actions are lawful and with full legal authorization, and the customer agrees by signing the service agreement with it that it is not responsible in any way for the possible misuse of the platform it provides to the customer. To the extent that the customer who uses the company's services collects or processes personal data, he must act subject to the provisions of the law and regulations, for the avoidance of doubt - the customer will be responsible for the legal collection of the information he owns, the processing and use of it and the accuracy of the personal data, as well as for preserving the rights of the persons concerned, as detailed below:

    The personal data that will be processed by the company on behalf of the customer may include, for example - personal data of the customer's employees and/or the customer's end customers, such as contact details, etc.
    By signing up to this website, the customer confirms that, due to the nature of the service, the company has no obligation and no ability to verify personal data that the customer transfers to it for processing as part of the use of its services. The customer declares that he is legally entitled to transfer the personal data to the company for it to process them for the customer by this agreement.
    The company declares that it will not use the personal data received from the customer for any purpose other than providing the service to the customer and that it has no other rights in this information - the company undertakes not to disclose or sell said personal information to any third party without the customer's prior written consent.
    The company will process personal data solely by this policy and according to documented instructions from the customer - provided that they are commercially reasonable and by the provisions of any law relevant to the protection of information and this policy.
    It will be clarified that the company is not obligated in any way or manner to verify whether instructions given by the customer comply with the applicable laws, and the customer accepts full responsibility for compliance with their instructions - however, to the extent that the company discovers that the customer's instruction does not comply with the requirements of the law about its operations, it undertakes to notify the customer in writing.
    The company and the customer agree that they will take appropriate technical and organizational security measures to protect the personal information within their responsibility to protect it from unauthorized or illegal access or processing, or accidental loss/destruction or damage. These measures will assess the seriousness of the risk and the likelihood of its realization as estimated in good practice and by the scope and sensitivity of the information, the requirements of the law, the context and the purpose of the processing, and will include, among others:
    Access permission control to the database systems containing personal data.
    Ensuring confidentiality, integrity, availability, and continuity/survival of processing and storage systems and services.
    Restoring the availability of information systems and access to personal data in a desired/adequate time frame in the event of a physical/technical failure.
    A continuous/periodic organizational mechanism for auditing and evaluating the effectiveness of the technical and organizational measures.