AI-SOC 1 Policy
Privacy Policy
1. About This Privacy Policy
1.1 Agreement Scope: These Privacy Policy ("Terms") govern your access to and use of the Silence AI platform and services provided by Silence AI LLC ("Silence AI," "we," "us," or "our"). These Terms apply to you, the individual or entity accessing our services ("you" or "your"), and your employer or principal if you are acting on their behalf.
1.2 Introduction: This Privacy Policy describes how Silence AI collects, uses, processes, and protects your personal information when you use our cybersecurity platform and services. This policy applies to all components of our platform: Global Shield, Email Protector, and Security Tester.
1.3 Controller Information: Silence AI LLC serves as the data controller for personal data processed through our services. Our business registration location is Media City Free Zone, Al Messaned, Sharjah, UAE.
1.4 Service Domain and Scope: The AI-SOC 1 system and services covered by this Privacy Policy are operated exclusively on the domain aisoc1.silence.codes and its associated subdomains, including but not limited to email.aisoc1.silence.codes (Email Security & Visualization subsystem) and web.aisoc1.silence.codes (Web Security & Traffic Management subsystem). All references to "Services" or "Platform" in this Privacy Policy refer specifically to the systems and applications accessible through these domains and subdomains.
1.5 Component-Specific Processing: Each service component processes different types of data. You will only be subject to data processing activities for components you choose to activate and use.
2. Information We Collect
2.1 Account and Registration Information: Email address and account credentials, Company or organization information (if applicable), Billing and payment information, User profile and configuration settings.
2.2 Service Usage Data: Global Shield: Web server logs, IP addresses, request URIs, timestamps, HTTP headers, user-agent strings, country codes, traffic patterns. Email Protector: Email metadata (sender, recipient, subject, timestamps), email content and attachments (only when authorized via third-party APIs such as Gmail API or Outlook API). Security Tester: Target website information, vulnerability scan results, penetration testing reports, code analysis data.
2.3 Analytics and Performance Data: Platform usage statistics, User activity patterns (for demonstrating service traction to customers), System performance metrics, Error logs and diagnostic information.
3. How We Use Your Information
3.1 Service Delivery: Global Shield: Monitor and protect web applications, detect and prevent attacks, provide real-time traffic analysis. Email Protector: Scan emails for threats, provide secure webmail access, detect phishing and malware. Security Tester: Perform vulnerability assessments, generate security reports, analyze application code.
3.2 AI-Based Processing: Analyze vulnerabilities using artificial intelligence, Process email content for threat detection, Generate comprehensive security reports, Store vulnerability information in our database for your exclusive access.
3.3 Platform Operations: Maintain and improve our services, Provide customer support, Process billing and payments, Monitor service performance and availability.
3.4 Analytics and Business Intelligence: Track user growth and platform adoption, Generate anonymized usage statistics, Improve service functionality and user experience.
4. Third-Party Services and Data Sharing
4.1 Email API Integration: With your explicit authorization, we access email data through: Google/Gmail API for Gmail-based accounts, Microsoft/Outlook API for Outlook-based accounts.
4.2 Security Scanning Services: Microsoft Defender: We use Microsoft Defender antivirus to scan email attachments for malware. URLScan.io: We submit email links to URLScan.io for security analysis.
4.3 URLScan.io Data Storage: When we submit links to URLScan.io: Scan results are stored in URLScan.io's database, No email account information, sender details, recipient information, email content, or attachments are shared, Only the URL itself is submitted for analysis.
4.4 Payment Processing: Partial payment details and transaction identifiers are handled by our payment gateway Stripe, see more in their Services Agreement and Privacy Policy. We reserve the right to change our payment gateway provider in new versions of our system. Users will be notified at least 6 months prior to any such change.
4.5 Cloud Infrastructure: We may use cloud service providers for data storage and processing. All third-party processors are contractually bound to protect your data in accordance with this Privacy Policy.
5. Data Storage and Retention
5.1 Vulnerability Reports: AI-based vulnerability scanner stores comprehensive test results, Users can store up to 200 vulnerability reports, Reports can be deleted immediately through our web interface, Upon deletion, vulnerability data is permanently removed from our database.
5.2 Default Retention Periods: Web server logs: 90 days (modifiable by user), Email data: Retained until you delete the mailbox from our service or as required by law, User activity logs: Stored for analytics and service improvement purposes, Account information: Retained while your account is active.
5.3 Data Deletion: You can request deletion of your data at any time, Upon account termination, we will delete your personal data within a commercially reasonable period, Legal retention requirements may apply in certain circumstances.
6. User Rights and Control
6.1 Your Data Rights: You have the right to: Access your personal data, Rectify inaccurate information, Request deletion of your data, Restrict processing activities, Data portability where applicable, Object to certain processing activities.
6.2 User Responsibilities: You are solely responsible for: Ensuring you have authorization for all vulnerability testing activities, Any unauthorized penetration testing conducted through our tools, Maintaining the security of your account credentials, Compliance with applicable laws when using our services.
7. Security Measures
7.1 Technical Safeguards: TLS encryption for data in transit, Encryption of stored data where feasible, Role-based access control (RBAC), Multi-factor authentication (MFA) for administrative access, Centralized secrets management, Comprehensive logging for security purposes.
7.2 Organizational Measures: Regular security assessments, Employee training and access controls, Incident response procedures, Backup and recovery systems, Vulnerability management processes.
8. International Data Transfers
8.1 Global Operations: We operate data centers worldwide. When personal data is transferred across borders, we: Rely on legally permitted transfer mechanisms, Implement appropriate safeguards as required by law, Use TLS encryption for all data transfers, Ensure compliance with applicable data protection regulations.
8.2 User Responsibilities: You remain responsible for any local authorizations or restrictions required for data transfers you initiate through our services.
10. Legal Basis for Processing
We process your personal data based on: Contract performance: To provide the services you have requested, Legitimate interests: For service improvement, security, and analytics, Consent: Where explicitly provided for specific processing activities, Legal obligations: To comply with applicable laws and regulations.
11. Data Breach Notification
In the event of a confirmed personal data breach affecting your information, we will: Notify you without undue delay, Provide available technical details, Offer reasonable assistance to help you assess and comply with your obligations, Report to relevant authorities as required by law.
12. Webmail Client / Email Protector Additional Notice
The Email Protector service includes a secure webmail client that classifies messages by security risk category. Emails are scanned and analyzed solely for security purposes, including anti-phishing, malware and threat detection.
12.1 Five-Layer Email Security Validation Process: Each incoming email is subjected to a sequential five-layer security validation process designed to identify and classify potential security threats. The validation sequence operates as follows:
Layer 1 — Sender Authentication Verification: The system verifies the authenticity of the email sender by analyzing email headers, SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) records to detect potential email spoofing.
Layer 2 — Spam Detection: The system evaluates incoming messages for spam characteristics, including but not limited to repetitive or unsolicited content from a single sender, improper or misconfigured DNS settings of the sending domain, and patterns consistent with bulk email distribution. Messages meeting spam criteria are flagged accordingly.
Layer 3 — Dangerous Link Analysis: All hyperlinks embedded within the email body and attachments are extracted and analyzed for malicious intent, including links to known malware distribution sites, exploit kits, or domains with malicious reputation scores.
Layer 4 — Domain-Based Phishing Detection: The system performs domain validation to identify phishing attempts through analysis of sender domain characteristics, including detection of typosquatting domains (e.g., "rncrosoft.com" impersonating "microsoft.com"), lookalike domains, and domains recently registered for malicious purposes.
Layer 5 — AI-Powered Content Analysis: Utilizing artificial intelligence and natural language processing, the system analyzes the email body content to detect phishing context, social engineering patterns, urgency-based manipulation tactics, and other indicators of fraudulent communication.
12.2 Automated Folder Classification: Based on the results of the five-layer validation process, each email is automatically classified and directed to one of the following designated folders:
- Possibly Spoofed: Emails that fail sender authentication verification (Layer 1).
- Spam: Emails identified as spam or originating from improperly configured mail servers (Layer 2).
- Dangerous Link: Emails containing one or more hyperlinks identified as malicious or suspicious (Layer 3).
- Possibly Phishing: Emails identified through domain analysis or AI-powered content analysis as potentially fraudulent (Layers 4 and 5).
- Secure: Emails that successfully pass all five layers of security validation without triggering any security classifications.
The classification process is automated and sequential. If an email matches the criteria for any security risk category during the validation sequence, it is immediately routed to the corresponding folder. Only emails that successfully pass all five validation layers are classified as "Secure."
12.3 Administrator Access and Data Privacy: Email content may be accessible to the organization administrator that created or manages the user account within the Centralized Management Console (CMC). Silence AI does not access or view email content except as required to provide the security-scanning functionality or where legally required.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through: Email notification to registered users, Platform notifications, Updates posted on our website. Continued use of our services after changes become effective constitutes acceptance of the updated Privacy Policy.
14. Contact Information
14.1 Data Protection Inquiries: For questions about this Privacy Policy, data processing, or to exercise your rights, contact us at: Silence AI LLC, Email: info@silenceai.net, Website: https://silenceai.net, Address: Media City Free Zone, Al Messaned, Sharjah, UAE.
14.2 Data Subject Requests: To make a data subject request (access, rectification, deletion, etc.), please contact us using the information above. We will respond to your request within the timeframes required by applicable law.
15. Governing Law
This Privacy Policy is governed by the laws of the United Arab Emirates. Any disputes relating to privacy matters will be subject to the jurisdiction of the courts located in Sharjah, United Arab Emirates.
Last Updated: 22.09.2025