DATABIK Privacy Policy

Welcome to DATABIK. For us, transparency is the foundation of innovation. This Privacy Policy describes how DATABIK (hereinafter "the Company," "we," "us," or "our") collects, uses, and protects information on our website databik.com and across our suite of AI-driven SaaS products, including CONFILIST and other automation solutions.

1. Scope of This Policy

This policy applies to all services, Software as a Service (SaaS), applications, and websites offered by DATABIK. By using any of our products, you agree to the practices described here.

2. Information We Collect

Depending on the SaaS product you use, we may collect:

• Account Data: Professional contact information (name, corporate email, phone) and access credentials.
• Operation Data (User Input): Information that you or your company upload to our tools to be processed by AI (e.g., databases for screening, documents for analysis, workflow records).
• Compliance Data (Specific to CONFILIST): Information necessary for AML Compliance automation, including background checks, links, and identification data of third parties subject to verification.
• Integration Data: Technical information from third-party tools (CRM, ERP, Slack) that you connect with our AI ecosystem.

3. Purposes of Data Processing

We process your data for the following strategic purposes:

• Execution of the SaaS Service: Processing information to generate expected results (e.g., risk alerts in CONFILIST or automation of routine decisions).
• Optimization and Improvement of Algorithms: Using usage data (preferably anonymized) to train and refine our Artificial Intelligence models, ensuring greater precision and reduction of operational errors for SMEs.
• Support and Personalization: Adapting our AI solutions to the specific structure and needs of your business.
• Security and Auditing: Ensuring the traceability of decisions made by AI and protecting the integrity of the platform.

4. Responsible and Ethical Artificial Intelligence

At DATABIK, AI works for the human, not the other way around. We commit to:

• No Black Boxes: Providing explainability whenever possible about how our AI models reach certain conclusions (especially in critical processes like AML Compliance).
• Privacy by Design: Integrating data protection measures from the development phase of each new SaaS product.
• Client Control: The client maintains intellectual property over their input data; DATABIK only acts as a processor of that information.

5. Data Transfer and Sharing

DATABIK does not sell personal data. We only share information under these assumptions:

• Infrastructure Providers: High-security servers (cloud) where our SaaS are hosted.
• Interoperability: With tools in your own technology stack that you decide to integrate.
• Legal Requirements: Compliance with anti-money laundering and counter-terrorism financing regulations when requested by competent authorities.

6. Security and Resilience

We use bank-level encryption standards (in transit and at rest) and security protocols designed to absorb high volumes of data without compromising confidentiality, allowing your company to scale without risks.

7. Data Subject Rights

You have the right to know, update, and rectify your personal data, as well as to revoke the authorization for processing under the terms of applicable law. For any request, you can contact our Privacy Officer at: [email protected]

8. Section for Users in the European Union (GDPR)

If you are in the European Economic Area (EEA), DATABIK ensures compliance with the General Data Protection Regulation (GDPR):

• Legal Bases for Processing: We process your data under consent (when requested), for the execution of a contract with you, to comply with legal obligations, or for legitimate interests in improving our services.
• Your GDPR Rights: These include the right of access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection to processing.
• International Transfers and Data Residency: For users in the European Union, all data is processed and stored on high-security servers located within the EU. European operations are managed through our legal entity in Europe, and there is no transfer of data of European subjects to Colombia.
• Supervisory Authority: You have the right to lodge a complaint with a data protection authority in the EU if you consider that the processing of your data violates the GDPR.