UNPKG

@astermind/astermind-premium

Version:

Astermind Premium - Premium ML Toolkit

astermind.ai

astermindai/astermind-premium

332 lines (221 loc) 9.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
# DATA PROCESSING AGREEMENT (DPA) ## Astermind Premium **Last Updated: November 20, 2025** This Data Processing Agreement (“DPA”) governs the processing of personal data in connection with Astermind Premium services provided by **AsterMind AI Corporation** (“Processor”, “we”, “us”, or “our”) to you (“Controller”, “you”, or “your”). **This DPA supplements and forms part of the Terms of Service, Privacy Policy, and End User License Agreement (“EULA”).** It applies whenever you are a Controller of personal data and we act as a Processor on your behalf. --- # 1. DEFINITIONS 1.1. **“Controller”** means the entity that determines the purposes and means of processing personal data. 1.2. **“Processor”** means the entity that processes personal data on behalf of the Controller. 1.3. **“Personal Data”** means any information relating to an identified or identifiable natural person. 1.4. **“Processing”** means any operation performed on personal data, including collection, storage, use, disclosure, or deletion. 1.5. **“Data Subject”** means the natural person to whom personal data relates. 1.6. **“GDPR”** means the General Data Protection Regulation (EU) 2016/679. 1.7. **“Sub-processor”** means a third party engaged by the Processor to process personal data on behalf of the Controller. --- # 2. SCOPE AND APPLICATION ## 2.1. When This DPA Applies This DPA applies when: - You act as a Controller of personal data - We process personal data on your behalf as a Processor - Processing occurs in connection with Astermind Premium services ## 2.2. Limited Processing by AsterMind Astermind Premium is an SDK/library that runs entirely on your systems. We do **not** process your application data, user datasets, or model outputs. We process only minimal personal data for: - **License validation** (stored only during your subscription) - **Account creation and management** - **Support interactions** - **Security, fraud detection, and legal compliance** We do not access or process end-user content of your applications. ## 2.3. Controller Responsibilities You remain solely responsible for: - Determining lawful basis for processing - Complying with GDPR/CCPA and other laws - Obtaining consents where required - Ensuring your use of the Services is lawful --- # 3. PROCESSING DETAILS ## 3.1. Categories of Data Subjects - Your employees, contractors, and authorized users - End users of software you build using the Services - Individuals whose data you upload, store, or process ## 3.2. Categories of Personal Data We may process: ### **Account Data** - Name, email address, company, role - Authentication information ### **License Data** - License keys - Subscription status - Validation timestamps - **Retained only during your active subscription** ### **Technical Data** - IP address - Device or system identifiers - Runtime environment metadata - Error logs (anonymized where possible) ### **Support Data** - Information voluntarily provided in support requests ### **Aggregated / Anonymized Data** - Usage statistics - Non-identifying telemetry ## 3.3. Processing Purposes We process personal data to: - Provide, operate, and maintain the Services - Validate licenses and enforce licensing restrictions - Provide customer support - Detect fraud and security issues - Comply with legal obligations - Improve the Services using anonymized data ## 3.4. Processing Duration - **License and account personal data is retained only for the duration of your active subscription.** - Upon cancellation or non-renewal, retention ends unless longer retention is required by law. - Aggregated/anonymous data may be retained indefinitely. --- # 4. PROCESSOR OBLIGATIONS ## 4.1. Processing Instructions We will: - Process personal data only according to your documented instructions - Not use personal data for unrelated purposes - Notify you if instructions appear unlawful - Assist you in responding to data subject requests ## 4.2. Security Measures We implement appropriate technical and organizational measures, including: - Encryption in transit (TLS 1.2+) - Encryption at rest - Role-based access controls - Multi-factor authentication for internal systems - Regular vulnerability assessments - Incident response procedures - Secure key management - Staff confidentiality and security training ## 4.3. Confidentiality We will: - Ensure personnel are bound by confidentiality obligations - Limit access to personal data to those who need it - Maintain confidentiality even after termination ## 4.4. Data Subject Assistance We will assist you with: - Access requests - Rectification - Erasure requests - Data portability - Objections - Restriction of processing ## 4.5. Personal Data Breach Notification We will: - Notify you **without undue delay**, and in any event within 72 hours - Provide details sufficient for you to meet legal obligations - Support your investigation and remediation efforts --- # 5. SUB-PROCESSORS ## 5.1. Authorization You authorize us to use Sub-processors, provided that: - Each Sub-processor is bound by data protection obligations equivalent to this DPA - We maintain an up-to-date Sub-processor list - We notify you of changes before new Sub-processors are engaged ## 5.2. Current Sub-processors These may include: - Cloud infrastructure providers - Payment processors - License validation services - Customer support platforms - Email service providers ## 5.3. Objection Rights You may object to new Sub-processors on reasonable grounds. If we cannot resolve your objection, you may terminate the affected service. --- # 6. DATA TRANSFERS ## 6.1. International Transfers Personal data may be processed outside the EEA. We will implement appropriate safeguards required by law. ## 6.2. Transfer Mechanisms We rely on: - Adequacy decisions - Standard Contractual Clauses (SCCs) - Other legal transfer mechanisms --- # 7. AUDIT AND COMPLIANCE ## 7.1. Documentation and Cooperation We will: - Maintain records of processing activities - Cooperate with supervisory authorities - Provide compliance documentation upon request ## 7.2. Audit Rights You may request: - SOC2, ISO27001, or similar certifications - Third-party audit summaries - Security documentation On-site audits may be available for enterprise customers under separate terms. --- # 8. DATA RETENTION AND DELETION ## 8.1. Retention - **License data and account data are retained only during your active subscription.** - Data required by law (e.g., tax, invoice records) may be retained longer. ## 8.2. Deletion Upon termination: - We will delete or return personal data within **30 days** - You may request deletion at any time - We may retain anonymized data indefinitely --- # 9. CONTROLLER OBLIGATIONS ## 9.1. Lawful Basis for Processing You are responsible for: - Determining and documenting lawful basis - Obtaining consents where required - Complying with GDPR, CCPA, and other laws ## 9.2. Instructions You agree to: - Provide clear instructions - Not instruct us to process unlawfully ## 9.3. Security You are responsible for: - Securing your own systems - Protecting API keys and license keys - Implementing appropriate access controls - Maintaining your own backups --- # 10. LIABILITY AND INDEMNIFICATION ## 10.1. Liability - Our liability is limited by the Terms of Service - We are not responsible for your unlawful data practices - We are not liable for processing carried out under your instructions ## 10.2. Indemnification You agree to indemnify AsterMind for claims arising from: - Your violation of data protection laws - Your instructions leading to unlawful processing - Failure to obtain valid consents --- # 11. TERMINATION ## 11.1. Effect of Termination Upon termination: - Processing stops - Personal data is deleted or returned - Sections relating to confidentiality, liability, and audits survive termination --- # 12. GOVERNING LAW ## 12.1. Applicable Law This DPA is governed by: - GDPR for EEA data subjects - Applicable local laws for non-EEA processing - The Terms of Service for all other matters ## 12.2. Supervisory Authorities Data subjects may lodge complaints with applicable authorities. We will cooperate with such authorities as required. --- # 13. CONTACT INFORMATION **AsterMind AI Corporation** 706 Scottingham Terrace North Chesterfield, VA 23236 United States Data Protection Officer: **privacy@astermind.ai** Legal: **legal@astermind.ai** Website: **https://astermind.ai** --- # ACKNOWLEDGMENT By using the Services, you acknowledge that you have read, understood, and agree to this Data Processing Agreement. **This DPA supplements the Terms of Service, Privacy Policy, and EULA.** --- *This Data Processing Agreement is effective as of the date above and applies to all processing of personal data performed by AsterMind in connection with the Services.*