Dragon Logo

dragon

Legal Documents

Privacy Policy

Last Updated: March 2026

Welcome to the Dragon AI RAG Platform. Trust and security are the foundational pillars of our system. This Privacy Policy explains how we collect, use, process, and protect your information.

1. Information We Collect

Account Information

When you register for an account, we collect your name, email address, and authentication credentials necessary to secure your access.

Uploaded Documents & Data

We securely store the documents (PDFs, text files, URLs) you upload into your projects to provide you with our Retrieval-Augmented Generation (RAG) services.

2. Security, Isolation & Encryption

We built this platform with security at its core:

Multi-Tenant Data Isolation

Your data is strictly segregated. Each project you create operates within its own mathematically isolated "Collection" (combining your UserID and ProjectID). We implement strict isolation mechanisms designed to prevent unauthorized access between users and projects.

Secret Key & Token Encryption

If you provide third-party LLM API keys (such as OpenAI or DeepSeek) or GitHub Personal Access Tokens, they are encrypted using industry-standard encryption before being stored. These keys are never stored in plain text and are only decrypted when necessary for authorized operations. We apply strict access controls and security best practices to minimize the risk of unauthorized access. However, no system can be guaranteed to be completely secure.

Security Practices

We employ modern security practices, including encryption in transit (HTTPS) for all communications, rigorous server-side access controls, and comprehensive internal logging to monitor for unauthorized activity (Audit Logs).

3. Data Retention & Deletion

We retain your data only for as long as your account or project remains active. When you delete a project or your account, associated data is permanently deleted from our systems within a reasonable timeframe (typically within 30 days), except where retention is required for legal or operational purposes.

4. Third-Party Services

To provide our services, we may interact with third-party providers such as AI model providers (e.g., OpenAI, DeepSeek, Google) and infrastructure services. Your data may be processed by these services strictly for the purpose of fulfilling your requests. These providers process data in accordance with their own privacy policies. We do not share your data for advertising or unrelated purposes.

5. AI Training Policy

We respect your intellectual property. We do not use your data to train our public AI models. Any changes to this policy will be clearly communicated to users in advance. Your knowledge remains your own.

6. Compliance & Legal

Jurisdiction

This policy and your use of the platform are governed by the laws of our operating jurisdiction. Any disputes arising from these terms will be resolved in the appropriate local courts.

Limitation of Liability

While we strive for maximum security and uptime, the platform is provided "as is". We are not liable for any indirect or consequential losses resulting from the use of our services or potential security incidents.

Compliance

We aim to align with international industry best practices, such as GDPR principles, wherever applicable based on user location and service usage, to ensure the highest standards of data protection for all users.

7. Contact Us

For any questions, concerns, or data-related requests (including access or deletion requests), please contact us at privacy@dragonai.systems.