OctoAI Logo
Sign up
Log in
Sign up
Log in

OctoML Data Privacy Framework Certification Notice

Last Updated:

Jan 12, 2024

OctoML, Inc. (“OctoML”, “we”, “us”, or “our”) participates in the EU-U.S. Data Privacy Framework (“EU- U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss- U.S. DPF”) as set forth by the U.S. Department of Commerce. OctoML has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the collection, use and retention of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework Principles (“Swiss- U.S. DPF Principles”) with regard to the collection, use and retention of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Data Privacy Framework Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the relevant Principles shall govern. You can learn more about the Data Privacy Framework (DPF) program at www.dataprivacyframework.gov, and view our certification here.

Personal Data Processed by OctoML as a Controller

OctoML is committed to complying with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all personal data received from the European Union, the United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. This OctoML Data Privacy Framework Notice supplements the OctoML Privacy Policy for personal data OctoML collects, uses or discloses as a controller:

  • Personal Data Processed. Please review the section of the OctoML Privacy Policy entitled What Personal Information Do We Collect? for details on the types of personal data we collect for processing as a controller.
  • Purposes of Personal Data Processing. Please review the section of the OctoML Privacy Policy entitled How Do We Use Your Personal Information? for details on the purposes of processing personal data where OctoML is a controller.
  • Third Parties Who May Receive Personal Data. Please review the section of the OctoML Privacy Policy entitled How Do We Disclose Personal Information? for details on the third parties who may receive personal data where OctoML is a controller and the purposes for which we disclose it to them.
  • Rights to Access, Limit Use, and to Limit Disclosure of Personal Data. Please review the section of the OctoML Privacy Policy entitled Your Rights on rights to access, limit use, and limit disclosure of personal data where OctoML is a controller.

Personal Data Processed by OctoML as a Processor

OctoML is committed to complying with the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles for all personal data received from the European Union, the United Kingdom (and Gibraltar) and Switzerland in reliance on the relevant part(s) of the DPF program. OctoML empowers customers to integrate AI models into their applications. In providing our solutions, OctoML processes personal data that our customers submit to our services on their behalf:

  • Personal Data Processed. OctoML customers decide what inputs to submit, how to groom machine learning weights, and what to generate. This may include personal data pertaining to customers’ own customers and customer personnel, such as images, audio and video recordings, and content containing biographical information about a person or their conversations.
  • Purposes of Personal Data Processing. OctoML processes personal data on our customers’ behalf to provide services to our customers and to comply with their processing instructions.
  • Third Parties Who May Receive Personal Data. OctoML uses third party service providers to assist us in providing our services to customers, including to provide customer support to our customers, perform application and infrastructure monitoring and other technical operations, provide data hosting and storage services, and enable certain product features. These third parties may access, process, or store personal data while providing their services. OctoML maintains contracts with these third parties restricting their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and OctoML remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.
  • Rights to Access, Limit Use, and to Limit Disclosure of Personal Data. Individuals in the European Union, United Kingdom (and Gibraltar) and Switzerland have rights to access personal data about them, and to limit use and disclosure of their personal data. With our Data Privacy Framework self-certification, OctoML has committed to respecting those rights. Because OctoML personnel have limited ability to access data our customers submit to our services, if you wish to request access to, limit use of, or to limit disclosure of your personal data, please provide the name of the OctoML customer who submitted your data to our services. We will refer your request to that customer and will support them as needed in responding to your request.

Inquiries and Dispute Resolution

EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact OctoML at: contact@octoml.com. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please contact JAMS, an alternative dispute resolution provider based in the United States, at https://www.jamsadr.com/ for more information or to file a complaint. The services of JAMS are provided at no cost to you. If neither OctoML nor our dispute resolution provider resolves your complaint, you may have the possibility to engage in binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S. Data Privacy Framework Principles.

U.S. Federal Trade Commission Enforcement

OctoML’s commitments under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Compelled Disclosure

OctoML may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.