MySep AI Assistant Privacy and Security Statement

The MySep AI Assistant is an optional support feature integrated into MySep Studio. It provides guidance related to MySep software, engineering practices, and technical documentation.

The AI Assistant is operated by MySep on secured virtual private servers and is designed with layered technical and organizational safeguards.

For data submitted to the MySep AI Assistant:

• The Customer (user organization) acts as the Data Controller
• MySep Pte Ltd acts as a Data Processor, processing data only on documented instructions from the Customer
• Certain infrastructure and AI service providers act as Sub-Processors (see Section 8)

MySep does not determine the purposes for which customer data is originally collected inside the Customer’s organization.

When a user submits a question to the MySep AI Assistant, the following information may be transmitted to MySep’s AI infrastructure:

• The user’s chat message or question
• Conversation history within the same session
• Optional user-specific context that the user has chosen to transmit for AI assistance
• Numerical vessel input and results data if needed to answer user’s question. The sending of vessel data (“telemetry”) can be allowed or disallowed by user under Preferences > General

The AI Assistant does not have direct access to local files, project databases, or system environments unless the user explicitly includes such information in the chat.

User data is processed solely for the following purposes:

• Receiving user-submitted prompts and conversation history
• Retrieving relevant documentation from MySep knowledge sources
• Generating AI responses to user prompts
• Logging system activity for troubleshooting, quality monitoring, and service improvement

Processing is limited to delivering and maintaining the AI Assistant service. MySep does not use customer prompts or conversation data to train public or shared AI models.

5.1 No Collection of Directly Identifiable Personal Data

The MySep AI Assistant is not designed to collect or process personally identifiable information (PII). Specifically:

• Users are not required to provide names, email addresses, usernames, or other direct identifiers
• MySep does not associate prompts or conversations with identifiable individuals
• No user profiles containing personal identity information are created

5.2 Anonymous Identifiers

All prompts, conversations, and system logs are associated only with:

• Anonymous technical identifiers (e.g. randomly generated conversation or system identifiers)

These identifiers cannot be used by MySep to identify a natural person.

5.3 User Responsibility for Submitted Content

Users remain responsible for the content they submit. MySep instructs users not to include personal data or sensitive information in AI prompts.

If personal data is voluntarily included by the user, such data is processed strictly as user-provided content and solely for generating the requested response.

Depending on what users choose to enter, the AI Assistant may process:

• User-written questions or messages
• Technical descriptions of engineering scenarios
• User-provided contextual notes

MySep does not intentionally collect special categories of personal data (GDPR Article 9) and the AI Assistant is not designed for processing sensitive personal information. Users are instructed not to submit such data.

Conversation data and system processing logs are stored in MySep-controlled infrastructure to support:

• Technical troubleshooting
• Service quality monitoring
• Ongoing improvement of the MySep AI Assistant

Logs and conversation records are retained indefinitely unless otherwise agreed in writing or required by law. Customers remain responsible for determining whether this retention period aligns with their internal data retention policies. Access to stored data is restricted to authorized MySep personnel with a legitimate operational need.

As of the date of this statement, to operate the AI Assistant MySep uses the following carefully selected third-party service providers:

Provider                           Role

OpenAI or Mistral           Provides the language model used to generate AI responses

Pinecone                          Hosts the vector database used for semantic document retrieval

TransIP                             Provides secure VPS hosting infrastructure

Only the minimum necessary data (such as user prompts and retrieved documentation excerpts) is transmitted to these services to produce responses. Each provider operates under its own privacy, confidentiality, and security commitments.

MySep implements multiple security controls, including:

• End-to-end encryption in transit (HTTPS/TLS) between MySep Studio and backend services
• Firewall restrictions limiting server exposure to required ports and services only
• Containerized service isolation to limit lateral access
• Authentication and access controls for administrative interfaces
• Operational monitoring and logging for incident detection and response

Internal service communications occur within a restricted network environment not accessible from the public internet.

MySep personnel with potential access to stored logs or system data are bound by confidentiality obligations. Access is limited to authorized staff with a legitimate operational need.

Customers are responsible for:

• Ensuring they have a lawful basis for any personal data submitted to the AI Assistant
• Avoiding submission of sensitive personal data or export-controlled technical information unless authorized
• Determining whether use of the AI Assistant complies with their internal policies and regulatory obligations

MySep processes data only to the extent necessary to provide the AI Assistant service.

The MySep AI Assistant:

• Does not access user devices, local files, or networks
• Does not execute actions inside MySep Studio
• Does not share customer data with other users
• Is not intended for processing highly sensitive personal data or regulated/export-controlled technical data unless explicitly authorized by the customer

Users remain responsible for the information they submit and for ensuring they are permitted to share any information submitted to the AI Assistant.

Questions regarding privacy, data handling, or security related to the MySep AI Assistant may be directed to: support@mysep.com