Privacy Policy

1. Introduction

Global AI Sentinel LLC ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use:

• Eternal Case Management (ECM) — Investigative case management platform
• Sentinel GPT (https://sentinelgpt.ai) — Enterprise AI platform
• Field Interview Assistant (FIA) — Forensic interview documentation software
• AI-Powered Citizen Services — Government AI chatbots and guided workflows
• Global AI Sentinel (https://globalaisentinel.com) — Company website and platform portal

This Privacy Policy complies with:

• General Data Protection Regulation (GDPR) - EU
• California Consumer Privacy Act (CCPA) - California, USA
• California Privacy Rights Act (CPRA) - California, USA
• Criminal Justice Information Services (CJIS) Security Policy - USA

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Name and contact details (email, phone)
• Organization and job title (for enterprise users)
• Payment information (processed by third-party providers)
• Government or law enforcement credentials (for verified users)

Content You Submit:

• Text inputs and queries to our AI systems
• Documents uploaded for analysis
• Case notes, investigative data, and case management records (enterprise users)
• Interview transcripts and reports
• Feedback and support communications

2.2 Information Collected Automatically

Usage Data:

• Pages viewed and features used
• Time, frequency, and duration of usage
• Search queries and AI interactions
• Error logs and performance data

Device and Technical Information:

• IP address and geolocation (approximate)
• Browser type and version
• Operating system
• Device identifiers
• Referral sources

Cookies and Tracking Technologies:

• Essential cookies for authentication and security
• Analytics cookies to improve our services
• Preference cookies to remember your settings

See our Cookie Policy for detailed information.

2.3 Information from Third Parties

• Identity verification services (for government and law enforcement users)
• Payment processors (Stripe, PayPal, etc.)
• Analytics providers (Google Analytics, etc.)
• AI service providers (OpenAI, Anthropic, etc.)

3. How We Use Your Information

3.1 Service Delivery

• Provide and maintain our AI-powered services
• Process your queries and generate AI responses
• Analyze documents and generate reports
• Store and retrieve your data
• Authenticate and authorize access

3.2 User Input Data

We collect prompts, questions, and other text submitted through the Services ("User Input") solely for the purpose of providing and improving the functionality of the Service. User Input may be logged and retained for diagnostics, abuse monitoring, and performance optimization.

3.3 AI Training Use Disclosure

We may use aggregated, anonymized data to improve our own service quality, but your specific prompts and conversations are not shared with AI model providers for training purposes.

3.4 Service Improvement

• Improve AI model accuracy and performance
• Develop new features and capabilities
• Analyze usage patterns and trends
• Train AI models on anonymized, aggregated data
• Conduct research and development

3.3 Communication

• Send service updates and notifications
• Respond to support requests
• Provide security alerts
• Send marketing communications (with consent)
• Conduct user surveys

3.4 Legal and Security

• Comply with legal obligations
• Detect and prevent fraud and abuse
• Protect our rights and property
• Ensure CJIS compliance for law enforcement data
• Respond to legal requests and court orders

3.5 Legal Basis for Processing (GDPR)

4. How We Share Your Information

4.1 We Do NOT Sell Your Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary consideration or other valuable consideration.

4.2 Service Providers

We share data with trusted third-party providers who assist in operating our services:

• AI Providers: OpenAI, Anthropic, Google (for AI processing)
• Cloud Infrastructure: Vercel, AWS (for hosting and storage)
• Payment Processors: Stripe, PayPal (for payment processing)
• Analytics: Google Analytics, PostHog (for usage analysis)
• Support Tools: Zendesk, Intercom (for customer support)

Data Processing Agreements (DPAs): We are in the process of finalizing DPAs with all third-party AI and service providers to ensure GDPR compliance and data protection standards.

4.3 Enterprise Customers

For Global AI Sentinel enterprise deployments:

• Your organization controls and owns the data
• We act as a data processor on behalf of your organization
• Data sharing is governed by your enterprise contract and DPA
• We do not use enterprise data for general AI training

4.4 Legal Requirements

We may disclose information when required by law:

• To comply with subpoenas, court orders, or legal processes
• To respond to government or law enforcement requests
• To protect our rights, property, or safety
• To prevent fraud or criminal activity

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA)
• Monitoring: 24/7 security monitoring and intrusion detection
• Auditing: Regular security audits and penetration testing
• Backups: Encrypted, geo-redundant backups

5.2 CJIS Compliance

For government and law enforcement data (enterprise products):

• CJIS Security Policy compliant infrastructure
• FBI-approved encryption standards
• Background-checked personnel with CJIS training
• Audit trails and activity logging
• Physical security controls for data centers

5.3 Incident Response

In the event of a data breach:

• We will notify affected users within 72 hours (GDPR requirement)
• We will report to relevant authorities as required by law
• We will provide details on the nature and scope of the breach
• We will take immediate steps to contain and remediate

6. Data Retention

6.1 Retention Periods

6.2 Deletion Process

When data is deleted:

• It is permanently removed from production systems within 30 days
• Backup copies are overwritten within 90 days
• Anonymized, aggregated data used for analytics may be retained
• We cannot recover data once the deletion process is complete

7. Your Privacy Rights

7.1 Rights Under GDPR (EU Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your data protection authority

7.2 Rights Under CCPA/CPRA (California Residents)

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the "sale" of personal information (we don't sell)
• Right to Non-Discrimination: Equal service regardless of privacy choices
• Right to Correct: Correct inaccurate personal information
• Right to Limit Use of Sensitive Data: Limit use of sensitive personal information

7.3 How to Exercise Your Rights

To exercise any of these rights:

• Email: privacy@globalaisentinel.com
• Account Settings: Manage preferences in your account dashboard
• Data Request Form: Submit a request at [link to form]

We will respond to verified requests within:

• 30 days (GDPR)
• 45 days (CCPA, extendable to 90 days)

7.4 Identity Verification

To protect your privacy, we may need to verify your identity before fulfilling requests. We may ask for:

• Email confirmation
• Account credentials
• Additional identifying information

8. International Data Transfers

8.1 Data Storage Locations

Your data may be processed and stored in:

• United States (primary)
• European Union (for EU users, when available)
• Other countries where our service providers operate

8.2 Safeguards for International Transfers

When transferring data internationally, we use:

• Standard Contractual Clauses (SCCs): EU-approved data transfer mechanisms
• Adequacy Decisions: Transfer to countries deemed adequate by EU
• Data Processing Agreements: Contractual protections with all processors
• Encryption: Data encrypted during transit and storage

8.3 EU-US Data Privacy Framework

We are monitoring developments in the EU-US Data Privacy Framework and will comply with certification requirements as they become available.

9. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected information from a child under 18, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@globalaisentinel.com.

10. AI-Specific Privacy Considerations

10.1 AI Training Data

• Sentinel GPT (Consumer): We may use anonymized, aggregated interaction data to improve our AI models
• Enterprise Products (ECM, FIA, Citizen Services): Enterprise data is NOT used for general AI training without explicit consent
• You can opt-out of data being used for AI training in your account settings

10.2 AI Model Providers

We use third-party AI providers (OpenAI, Anthropic, etc.). Your inputs may be:

• Sent to these providers for processing
• Subject to their privacy policies and terms
• Used to improve their models (per their policies)

Note: We are finalizing Data Processing Agreements with all AI providers to ensure your data is protected and not used for unauthorized purposes.

10.3 Data Minimization

We implement data minimization principles:

• Only collect data necessary for service delivery
• Anonymize data when possible
• Delete unnecessary data promptly
• Limit access to sensitive information

11. Cookies and Tracking

We use cookies and similar technologies. For detailed information, please see our Cookie Policy.

11.1 Cookie Categories

• Essential: Required for service functionality (cannot be disabled)
• Analytics: Help us understand how users interact with our services
• Functional: Remember your preferences and settings
• Marketing: Track engagement with marketing communications (requires consent)

11.2 Managing Cookies

You can control cookies through:

• Your browser settings
• Our cookie consent banner
• Opt-out links provided by third-party services

12. Third-Party Links

Our Services may contain links to third-party websites and services. We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

• We will update the "Last Updated" date
• We will notify you via email or in-app notification
• We will provide 30 days' notice before changes take effect
• Continued use after changes constitutes acceptance

We will maintain archived versions of previous policies for your reference.

14. California "Shine the Light" Law

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

15. Nevada Privacy Rights

Nevada residents have the right to opt-out of the sale of certain personal information. We do not sell personal information as defined by Nevada law.