Privacy Policy

This policy applies to the information processing activities involved when you visit the DeepSData website, use the requirement assistant, submit requirements, upload materials, register an account, view or unlock an availability assessment report, and communicate with us regarding service collaboration.

1. Information we collect

1. Information you provide directly

When you submit a requirement through a website form, the requirement assistant, email, online chat or other means, we may collect your name or preferred title, company or organization name, contact details, requirement description, budget range, project background, delivery requirements, communication records and other content you actively submit.

The above information is primarily used to understand your requirements, assess service feasibility, discuss proposals, advance collaboration support and fulfil the service scope confirmed by both parties.

2. Uploaded files and parsed content

When you upload screenshots, Word, Excel, PDF, images, archives, data tables or other project materials through the website, the requirement assistant or other communication channels, we may store the files you upload and perform format parsing, text extraction, content organization and requirement identification on them.

Uploaded materials and parsed content are used only for requirement understanding, project assessment, service communication, formal collaboration fulfilment, delivery review or after-sales support. They are not used for public display, unrelated training, unrelated marketing or resale.

Please do not upload identity documents, medical records, medical imaging, financial accounts, personal privacy, classified organizational materials, trade secrets, unauthorized data, unlawful content or other sensitive information that is unrelated to your requirement.

If a formal project collaboration genuinely requires the processing of relevant sensitive materials, confidential materials or specific authorized data, both parties should separately confirm the data source, the basis of authorization, the scope of use, confidentiality requirements, security measures and delivery boundaries.

3. Account and login information

When you register an account, log in, or use functions such as unlocking an availability assessment report, we may collect your email, login credentials, account status, login times, and records of accessing or unlocking availability assessment reports.

Passwords are stored as salted hashes. We do not store, and cannot recover, your plaintext password.

4. Information collected automatically

When you visit the website, use the requirement assistant, upload materials, browse pages or log in, we may automatically record technical information such as access times, IP address, the approximate region inferred from the IP, browser type, device information, page visit records, operation logs and abnormal request records.

The above information is used to keep the service running properly, identify abnormal access, prevent abuse, safeguard account and system security, improve the service experience and carry out basic access statistics.

We do not use the above information for advertising tracking or cross-site marketing analysis.

2. Use of cookies

After you log in, we may write a session cookie named ds_sess to maintain your login state, identify your account session and safeguard account security.

This cookie is set as HttpOnly with a validity of about 30 days. We do not use cookies for advertising tracking, cross-site analysis or unrelated marketing.

You can manage or delete cookies through your browser settings. However, if you delete or disable essential cookies, some login, account or availability assessment report unlocking functions may not work properly.

3. Purposes of information use

We use the collected information only within the necessary scope, for the following purposes:

1. To understand, assess and respond to your requirements;
2. To communicate with you regarding services, explain proposals, confirm orders and provide collaboration support;
3. To manage accounts, login states, availability assessment report access, availability assessment report unlocking and service entitlements;
4. To process file uploads, content parsing, requirement identification and the organization of project materials;
5. To use AI models to assist with requirement understanding, text organization, preliminary feasibility judgement and service response;
6. To search public information, public data platforms, academic resources, research data repositories or open dataset metadata;
7. To improve the website, the requirement assistant, data service workflows and the user experience;
8. To safeguard system security and prevent malicious access, abuse, attacks, fraud or other abnormal behaviour;
9. To fulfil obligations under laws and regulations, regulatory requirements, dispute resolution or agreements between the parties.

We do not sell your personal information to unrelated third parties, nor do we use your information for purposes unrelated to those described above.

4. Compliance requirements for submitted content

When you submit requirements, upload files, enter search content or provide project materials, you should ensure that the content has a lawful source and clear rights, and confirm that you are entitled to submit it to us and to authorize us to process it within the scope of the service.

The content you submit must not contain the following information or materials:

1. Unlawful or non-compliant content;
2. Classified information, state secrets, work secrets or other information restricted by law;
3. Data obtained, copied, transmitted or used without authorization;
4. Identity documents, medical records, medical imaging, financial accounts, personal privacy or other sensitive personal information unrelated to your requirement;
5. Content that infringes the intellectual property, trade secrets, personal information rights or other lawful rights and interests of others;
6. Content related to illicit trades, unlawful scraping, regulatory evasion, system attacks, illegal transactions or other improper uses;
7. Other information not suitable for submission through the website or the requirement assistant.

We will not proactively ask you to submit any of the sensitive, classified, unlawful or unauthorized information described above. If you submit such content on your own initiative, it may be used for requirement understanding, system processing, project assessment or necessary function calls. Please confirm for yourself, before submitting, whether the content is appropriate to submit.

If we find that the content you submit may be unlawful, classified, infringing, unauthorized or clearly high-risk, we reserve the right to refuse to process it, suspend our response, require you to provide further explanation, delete the relevant content, or take other necessary measures in accordance with the law.

5. Notes on AI-assisted processing

We may use AI models or intelligent tools to assist with requirement understanding, text organization, material parsing, preliminary feasibility judgement, generation of search keywords, service response and internal review.

AI processing results serve only as supporting reference and are not used as the basis for automated decisions that have a significant impact on you. For matters involving formal collaboration, delivery scope, pricing, acceptance criteria, data security, confidentiality requirements or other important matters, the communication records, orders, contracts, confidentiality agreements or other written arrangements confirmed by both parties shall prevail.

Please do not submit personal sensitive information, classified materials, trade secrets, unauthorized data or unlawful content that is unrelated to your requirement in the requirement assistant or in AI conversations.

6. Third-party services and entrusted processing

To enable functions such as requirement understanding, account security, abnormal-access identification, public information search, public dataset search, file parsing and system operations, we may use third-party services or entrusted processors within the necessary scope.

The types of services that may be involved include:

1. AI model and text processing services: for conversation understanding, text judgement, material organization and requirement support analysis;
2. Domestic IP geolocation or location services: to identify an IP address as an approximate region, used only for security protection, abnormal-access judgement and basic regional statistics, not for precise positioning, advertising tracking or user profiling;
3. Public information search services: to search public web pages, public materials, public data platforms, academic resources and related metadata;
4. Public data platforms, research data repositories or open dataset platforms: to search public datasets, dataset descriptions, licence terms, download methods and related metadata;
5. Basic cloud services, system operations, security protection or file processing services: for website operation, file storage, logging, security detection and service stability.

We aim to choose service providers with reasonable security capabilities, and we limit their processing scope through access controls, minimized transfer, contractual arrangements, internal management or other reasonable measures.

We aim to limit the scope of information transferred to third parties, transferring only the information necessary to deliver the corresponding function. Unless necessary to deliver the service you have requested, required by laws and regulations, or otherwise agreed by both parties, we will not proactively submit your account password, full contact details, the original text of uploaded files, or personal information unrelated to the search to public search services.

7. Public search and possible cross-border data transfer

In scenarios such as public information search, public data platform queries, academic resource search, research data repository queries or open dataset search, overseas public platforms, overseas search services or overseas data resources may be involved.

In such scenarios, we aim to submit only the keywords, subject terms, dataset names, research directions, public material leads or other search information necessary to complete the search, and will not proactively submit your account password, full contact details, the original text of uploaded files, or personal information unrelated to the search.

Please note that if you actively include personal information, sensitive information, trade secrets, classified materials or unauthorized data in your requirement description, uploaded files, search keywords or conversation content, such content may be used for requirement understanding, system processing or necessary search function calls.

If the relevant processing constitutes a cross-border transfer of personal information, we will fulfil the necessary obligations of notification, consent, personal information protection impact assessment or other compliance obligations in accordance with applicable laws and regulations.

If you do not wish to use functions that may involve overseas public platforms or overseas search services, you can stop using the relevant conversation, search or dataset query functions, or contact us at contact@deepsdata.com.

8. Information protection measures

We take reasonable technical and management measures to protect the security of your information, including but not limited to:

1. Salted hash storage of passwords;
2. Signature verification of session credentials;
3. Necessary access permission controls;
4. Sensitive data directories not open to external access;
5. System logs and abnormal-access records;
6. Restrictions on file access, account access and back-end administration permissions;
7. Data backups, security checks and anomaly investigation as required by the business.

Please understand, however, that no internet transmission, electronic storage or system service can guarantee absolute security. We will continue to improve our security measures within reasonable limits to reduce the risk of information leakage, damage, loss, abuse, unauthorized access or unauthorized disclosure.

9. Information retention period

We retain your information only for as long as necessary to achieve the purposes described in this policy.

1. Requirement communication records that do not lead to collaboration will be cleared periodically as the business requires;
2. Project materials, delivery records, communication records, acceptance records and after-sales records from established formal collaborations will be retained in accordance with the agreement between the parties, business record-keeping, dispute resolution and the requirements of laws and regulations;
3. Account information is generally retained until a reasonable period after account cancellation or service termination;
4. Security logs, access logs and anomaly records are retained for a reasonable period necessary to safeguard system security, investigate issues and prevent abuse;
5. Financial, contract, transaction or other legally required information is retained in accordance with laws, regulations or regulatory requirements.

After the necessary retention period has passed, we will delete, anonymize, or cease processing other than storage, security protection and legal compliance.

10. Your rights

You have the right, in accordance with the law, to access, copy, correct, supplement and delete your personal information. You may also withdraw consent previously given, or request to cancel your account.

You can contact us at the following email address: contact@deepsdata.com

To protect information security, we may verify your identity before handling your request. We will process your request within a reasonable period and provide you with the outcome in accordance with applicable laws and regulations.

Please note that withdrawing consent or deleting information does not affect the validity of information processing already carried out on the basis of your consent prior to the withdrawal or deletion. For information that must continue to be retained under the law or by agreement between the parties, we may be unable to delete it immediately, but we will cease processing other than storage, security protection, legal compliance or dispute resolution.

11. Protection of minors' information

Our services are primarily intended for enterprise clients, government bodies, research institutions, researchers and other entities with the corresponding legal capacity.

Without the consent of a guardian, minors should not submit personal information, project materials or other materials to us. If we discover that we have inadvertently collected a minor's personal information, we will promptly delete it or take other necessary measures in accordance with the law.

12. Handling of information security incidents

If a personal information leakage, alteration, loss, damage, unlawful use, unauthorized access or other information security incident occurs or may occur, we will take remedial measures as required by laws and regulations, and where necessary notify affected users by email, in-site notice, announcement or other reasonable means.

The notification may include the basic circumstances of the incident, its possible impact, the measures we have taken or will take, suggestions for how you can protect yourself and reduce risk, and our contact details.

13. Special note on formal project collaboration

If you enter into a formal project collaboration with us, the data sources, scope of authorization, confidentiality obligations, delivery content, acceptance criteria, data security requirements, material retention period, after-sales support and the responsibilities of both parties shall be governed by the orders, contracts, confidentiality agreements, supplementary agreements, delivery specifications or other written arrangements confirmed by both parties.

This policy serves primarily as a description of information processing in the contexts of the website, the requirement assistant, account functions and online services. It does not replace the contracts, confidentiality agreements or data security agreements separately confirmed by both parties in a formal project collaboration.

14. Policy updates

This policy may be updated due to changes in service content, technical solutions, third-party services, business processes or laws and regulations.

The updated policy will be published on this page, with the update date indicated on the page being authoritative. For significant changes, we may remind you to read it through a page notice, pop-up, email, in-site notice or other reasonable means.

15. Contact us

If you have any questions, comments or complaints about this policy, or wish to exercise rights related to your personal information, you can contact us in the following ways: