Privacy Policy
Effective Date: 09/05/2025
Last Updated: 09/05/2025
1. Introduction
DeepSweep.ai, Inc. ("DeepSweep AI," "DeepSweep AI, Inc.," "Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI safety platform and related services ("Service").
This policy applies to all users of DeepSweep.ai, including both Community Edition (open-source) and Professional Edition (commercial) users.
2. Information We Collect
2.1 Information You Provide Directly
Account Information:
Name, email address, company affiliation
Billing information for paid subscriptions
Profile information and preferences
Support communications and feedback
Service Usage Data:
AI guardrail policies you create or upload
Synthetic scenarios and test cases you generate
Evaluation results and compliance reports
Configuration settings and preferences
2.2 Information Collected Automatically
Technical Information:
IP addresses and device identifiers
Browser type, operating system, and version
API usage patterns and request/response data
System performance metrics and error logs
Usage analytics and feature interaction data
Service Telemetry:
Policy evaluation latencies and success rates
Adversarial Data Engine generation metrics
Compliance framework mapping usage
Service availability and performance data
2.3 Information from Third Parties
Integration Data:
Data from connected AI systems and applications
Authentication information from SSO providers
Compliance framework data from regulatory sources
Security intelligence feeds for threat detection
3. How We Use Your Information
3.1 Service Provision
Operate and maintain the DeepSweep.ai platform
Process guardrail evaluations and policy decisions
Generate synthetic adversarial scenarios
Provide compliance mapping and validation
Deliver technical support and customer service
3.2 Service Improvement
Analyze usage patterns to enhance platform features
Improve AI safety algorithms and detection capabilities
Develop new compliance framework mappings
Optimize performance and reliability
Conduct security research and vulnerability assessments
3.3 Communication
Send service-related notifications and updates
Provide security alerts and platform announcements
Deliver technical documentation and best practices
Respond to support requests and feedback
3.4 Legal and Compliance
Comply with applicable laws and regulations
Enforce our Terms of Service and policies
Protect against fraud, abuse, and security threats
Maintain audit trails for compliance purposes
4. Information Sharing and Disclosure
4.1 We Do Not Sell Personal Information
We do not sell, trade, or rent your personal information to third parties.
4.2 Service Providers
We may share information with trusted service providers who assist in:
Cloud infrastructure and hosting (AWS, GCP, Azure)
Payment processing and billing
Customer support and communication
Security monitoring and threat detection
Analytics and performance monitoring
All service providers are contractually bound to protect your information and use it only for specified purposes.
4.3 Legal Requirements
We may disclose information when required by:
Valid legal process (subpoenas, court orders)
Law enforcement investigations
National security requirements
Protection of our rights, property, or safety
Protection of users' rights, property, or safety
4.4 Business Transfers
In connection with mergers, acquisitions, or asset sales, your information may be transferred to the acquiring entity, subject to the same privacy protections.
4.5 Aggregate and Anonymized Data
We may share aggregate, anonymized usage statistics and research findings to:
Advance AI safety research
Contribute to industry best practices
Support regulatory policy development
Publish security research and threat intelligence
5. Data Security and Protection
5.1 Security Measures
We implement comprehensive security controls including:
Encryption:
TLS 1.3 for data in transit
AES-256 encryption for data at rest
End-to-end encryption for sensitive communications
Encrypted backups and disaster recovery
Access Controls:
Multi-factor authentication for all accounts
Role-based access control (RBAC)
Least-privilege access principles
Regular access reviews and deprovisioning
Infrastructure Security:
Zero-trust network architecture
Container and infrastructure hardening
Regular security audits and penetration testing
Intrusion detection and monitoring systems
5.2 Compliance Certifications
We maintain industry-standard certifications:
SOC 2 Type II (Professional Edition)
ISO 27001 compliance framework
GDPR compliance for EU users
CCPA compliance for California users
5.3 Incident Response
We maintain a formal incident response program including:
24/7 security monitoring
Automated threat detection and response
Breach notification procedures
Forensic investigation capabilities
6. Data Retention and Deletion
6.1 Retention Periods
Account Data: Retained while your account is active plus 7 years for business records
Usage Logs: Retained for 13 months for security and performance analysis
Evaluation Results: Retained according to your subscription plan:
Community Edition: 30 days
Professional Edition: 2 years (configurable)
Audit Logs: Retained for 7 years for compliance purposes
Billing Records: Retained for 7 years as required by law
6.2 Data Deletion
You may request deletion of your personal information, subject to:
Legal retention requirements
Legitimate business interests
Technical limitations of anonymization
We will respond to deletion requests within 30 days.
6.3 Account Deactivation
When you deactivate your account:
Personal information is deleted within 90 days
Anonymized usage data may be retained for research
Backup systems are purged within 6 months
7. International Data Transfers
7.1 Cross-Border Processing
We may process data in multiple jurisdictions to provide global services. Data transfers comply with applicable legal frameworks including:
EU Standard Contractual Clauses
UK International Data Transfer Agreement
APAC Cross-Border Privacy Rules
US-EU Data Privacy Framework (when certified)
7.2 Data Residency Options
Professional Edition customers may specify data residency requirements for:
EU/EEA data processing and storage
US FedRAMP compliance requirements
Other jurisdiction-specific requirements
8. Your Privacy Rights
8.1 Access and Portability
You may request:
Access to your personal information
Copies of your data in portable formats
Information about how we process your data
8.2 Correction and Updates
You may:
Update your account information directly
Request correction of inaccurate data
Modify privacy preferences and settings
8.3 Deletion and Restriction
You may request:
Deletion of your personal information
Restriction of certain processing activities
Objection to specific uses of your data
8.4 Regional Privacy Rights
EU/UK Residents (GDPR/UK GDPR):
Right to rectification, erasure, and portability
Right to restrict or object to processing
Right to withdraw consent
Right to lodge complaints with supervisory authorities
California Residents (CCPA/CPRA):
Right to know about personal information collection
Right to delete personal information
Right to opt-out of sale/sharing (we don't sell)
Right to non-discrimination for exercising rights
8.5 Exercising Rights
To exercise privacy rights:
Email: privacy@deepsweep.ai
Use in-app privacy controls
Contact customer support
We will respond within 30 days (or as required by applicable law).
9. Cookies and Tracking Technologies
9.1 Types of Cookies
We use:
Essential Cookies: Required for service functionality Analytics Cookies: Usage statistics and performance monitoringPreference Cookies: Settings and customization Security Cookies: Authentication and fraud prevention
9.2 Third-Party Analytics
We use analytics services including:
Google Analytics (with IP anonymization)
PostHog for product analytics
DataDog for performance monitoring
9.3 Cookie Controls
You may:
Configure cookie preferences in your browser
Opt-out of analytics tracking
Use privacy-focused browsers and extensions
10. Children's Privacy
DeepSweep.ai is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information promptly.
11. Changes to This Privacy Policy
11.1 Updates
We may update this Privacy Policy to reflect:
Changes in our practices or services
Legal or regulatory requirements
Industry best practices and standards
11.2 Notification
We will notify you of material changes via:
Email notification to account holders
In-app notifications and banners
Updates to our website and documentation
11.3 Effective Date
Changes become effective 30 days after notification, except for changes required by law which may be effective immediately.
12. Contact Information
12.1 Privacy Inquiries
Privacy Officer
Email: brad@deepsweep.ai
Address: 5 Heaters Lane, Layton, NJ 07851
12.2 Data Protection Officer (EU/UK)
For EU/UK privacy matters:
Email: dpo@deepsweep.ai
12.3 General Contact
DeepSweep.ai, Inc.
Email: info@deepsweep.ai
Website: https://deepsweep.ai
Documentation: https://github.com/deepsweep-ai/deepsweepai
13. Regulatory Contacts
13.1 EU Supervisory Authority
For EU residents who wish to file complaints: Contact your local data protection authority or the lead supervisory authority in Ireland.
13.2 UK Information Commissioner's Office
For UK residents:
Website: ico.org.uk
Phone: 0303 123 1113
13.3 US State Privacy Authorities
California Attorney General:
Website: oag.ca.gov
Privacy: privacy@oag.ca.gov
Virginia Attorney General:
Website: oag.state.va.us
Colorado Attorney General:
Website: coag.gov
Connecticut Attorney General:
Website: ct.gov/ag
For other states, contact your state attorney general's office regarding privacy complaints.
This Privacy Policy was last updated on 09/05/2025. Previous versions are available upon request.