Telepathic Data Privacy and Protection Policy
Telepathic Data Privacy and Protection Policy
Introduction
Telepathic is dedicated to safeguarding client data privacy and security. This policy outlines our approach to data collection, use, storage, and protection, ensuring transparency, compliance, and service quality.
DATA STORAGE
What We Store
• User Information: Basic user details such as email addresses (provided by you, a third party, or integrations) are stored to support our services, including customer support, question tracking, and user activity identification. Optional info (like pricing plans) may be saved for deeper insights as you wish.
• Resource Information: Public content, websites, or prompt performance data are also stored securely, using best industry practices. Anything you explicitly share with us is handled separately and with care.
DATA EXCLUSION
What We Do Not Store
We do not store information outside the scope of providing value—no extraneous personally identifiable information (PII) or client data not explicitly shared. We avoid collecting unnecessary data and always respect privacy boundaries.
DATA PROTECTION
Measures We Take
• Compliance: We comply with the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and GDPR.
• Encryption: Data in Amazon S3, EC2, and RDS is encrypted with AES-256 at rest. In transit, all communications use TLS 1.2+.
• Access Control & IAM: Least privilege access enforced, multi-factor authentication (MFA) required for AWS accounts.
• S3 Bucket Policies: All public access is blocked, access is restricted to authorized users/services.
• Retention & Deletion: Screenshots are retained only as needed, then deleted automatically or transitioned with lifecycle policies. User data is deleted promptly on request, compliant with CCPA/CPRA/GDPR.
• Monitoring & Auditing: CloudWatch logs all API activity. Centralized, continuous logging to detect and analyze access and anomalies.
• Secure SDLC: GitHub Actions for automated CI/CD, unit tests, code quality checks, dependabot for vulnerabilities—security is built in early.
COMPLIANCE AND PRIVACY
Your Data, Your Control
• Your data is never used for sales/marketing purposes—only to deliver or improve services.
• Third-Party Providers: Data is shared only as needed with vetted cloud, analytics, or support providers (bound by strict confidentiality). Never sold, never rented.
• Rights: You may access, update, delete, or stop sharing your data at any time. We honor all requests promptly and comply fully with privacy regulations.
CLIENT RESPONSIBILITIES
While we protect your data, you also play a role:
• Use strong, unique passwords.
• Watch for phishing or suspicious activity.
• Review the data you share for accuracy and relevance—ask us for help if needed.
POLICY UPDATES
We update our policy as practices or the law changes. You’ll get notified of any significant updates via email or through our platform. Please review the policy periodically for the latest updates.
AI-SPECIFIC ETHICS AND SECURITY
• Transparency: Our AI provides clear explanations, especially with personal information.
• Bias & Fairness: Regular model audits check for fairness and prevent bias.
• AI Security: Defenses against adversarial attacks/data poisoning are deployed. APIs and data transfers are always encrypted.
Conclusion
Your privacy and data security matter most. We constantly review practices to keep your data safe. Reach out any time with privacy requests or concerns.