Enterprise Privacy Policy
Last Updated: 18 August 2025
1. Introduction
This policy outlines the data privacy and security practices for Dennou's enterprise AI solutions, including our Retrieval-Augmented Generation (RAG) services. We are committed to protecting the confidentiality and integrity of our clients' proprietary data.
Our primary value is providing clients with powerful AI solutions, including privately hosted or on-premise deployments. This ensures that your organization's proprietary data remains within your control, in your own secure cloud environment.
2. Our Role: Data Processor
Under GDPR, a critical distinction exists between a "Data Controller" and a "Data Processor."
- You, the Client, are the Data Controller. You own and control all proprietary data, such as internal documents and user queries. You determine the purposes and means of processing this data.
- Dennou is the Data Processor. We process this data on your behalf and strictly according to the instructions outlined in our contractual agreement.
3. Data Processing Activities
Data We Process on Your Behalf (as Data Processor)
The core of our service involves processing data that you provide and control within your secure, isolated environment. This includes:
- Proprietary Documents & Knowledge Bases: The content you provide for the RAG system to learn from.
- End-User Queries: The questions your employees or authorized users ask the system.
- Generated Responses: The answers produced by the AI based on your data.
This data is processed exclusively within the infrastructure agreed upon with you (e.g., your private cloud instance) and is never co-mingled with other clients' data.
Data We Collect for Service Administration (as Data Controller)
To manage our business relationship with you, we collect a limited set of administrative data:
- Business Contact Information: Names, email addresses, and phone numbers of your designated administrative staff for communication, support, and billing.
- Billing and Contractual Information: Data required for invoicing and fulfilling our contractual obligations.
4. Data Security & Technology Transparency
Protecting your proprietary information is the cornerstone of our service. Our security framework is aligned with the principles of ISO/IEC 27001 (Information Security Management) and ISO/IEC 27701 (Privacy Information Management).
- Client-Controlled Environments: Our primary deployment model is within your own cloud or on-premise infrastructure. This means you retain ultimate control over network security, access policies, and data residency.
- Data Encryption: All data is encrypted at rest and in transit using industry-standard protocols.
- Technology Stack Transparency: We are transparent about the technology we use. The stack can vary depending on your specific use case, performance needs, and security requirements. We work directly with your technical teams to architect and deploy a solution that aligns with your organization's standards.
5. Data Subject Rights (GDPR)
Your employees and end-users have rights regarding their personal data. As the Data Controller, you are responsible for handling their requests. As your Data Processor, we are committed to providing you with the necessary support and tools to help you fulfill these requests, including assistance with data access, rectification, or erasure from the system as required by law.
6. Data Retention
The retention period for all proprietary data processed on your behalf is defined by you and stipulated in our service agreement. You have full control to delete data according to your own retention policies. Our administrative data (business contacts, billing information) is retained for the duration of our business relationship and as required by applicable financial and legal regulations.
7. How to Contact Us
For any questions regarding this privacy policy or our data processing practices, please contact your designated account representative or email us at:
[privacy@dennou.ai]