Data Processing Addendum

Effective Date: May 12, 2025

1. How We Handle and Process Personal Information

Reveal AI is committed to protecting user data through robust administrative, technical, and organizational measures. We follow industry best practices to ensure the confidentiality, integrity, and availability of personal information.

Reveal AI is operated by JMT SERVIÇOS DE CONSULTORIA EM GESTÃO EMPRESARIAL LTDA, a limited liability company registered under CNPJ No. 51.834.855/0001-59. For purposes of this Addendum, JMT Serviços acts as the data processor when providing services through Reveal AI.

1.1. Account Information & Authentication

• Users can sign up using email/password or third-party providers (Google, Apple).
• Passwords, if used, are hashed and salted; raw credentials are never stored.
• Authentication tokens are securely handled using encrypted protocols.

1.2. Payment Processing

• All payments are handled by PCI-compliant partners.
• Reveal AI does not store full credit card data—only tokenized or truncated billing identifiers for operational purposes.

1.3. Types of Data Collected

• Direct: Name, email, company info, responses provided in studies.
• Automatic: Device metadata, usage logs, browser type, IP address, etc.

This data supports:

• Delivering our AI services
• Personalizing experiences
• Customer support and security operations

1.4. Retention & Deletion

• We retain personal data only as long as needed to fulfill core services.
• Users in supported jurisdictions may request access, export, or deletion of their data by contacting us.

1.5. Security

• Data is encrypted in transit and at rest.
• We use strict access control, audit logs, anomaly detection, and regular security assessments.

2. AI System Logging & Traceability

Reveal AI systems are designed to automatically log and audit all significant system-level operations to ensure transparency, accountability, and regulatory compliance.

2.1. Operations Traceability

Our systems log:

• Inputs: User-provided prompts, responses, or data shared during research sessions.
• Outputs: AI-generated summaries, insights, or classifications.
• Internal Workflows: Key decision logic, pipeline steps, and model configurations used to produce outputs.

2.2. Error Tracking

Reveal AI records:

• Anomalies and malfunctions, including unexpected outputs or system behavior.
• Failures in AI response generation, such as timeouts or missing content.
• Error diagnostics to support debugging and improvement.

2.3. System Changes

We track:

• Model updates: Deployment history, version numbers, changelogs.
• Dataset changes: Modifications to training/test datasets used in development.
• Configuration changes: Adjustments in system parameters or AI processing logic.

2.4. Access and Usage Logging

Our infrastructure logs:

• Who accessed the system (user ID, admin role, internal services).
• What they accessed or modified (e.g., studies created, responses exported).
• When each action occurred (with full timestamps).

2.5. Automated Decisions

If Reveal AI is used to generate or influence automated decisions:

• The rationale, such as the model prompt or internal rules, is logged.
• The data that influenced the decision is also retained, including anonymized user responses where applicable.

2.6. Timestamping

All logged events include precise timestamps, allowing for full chronological reconstruction of:

• User interactions
• AI outputs
• Internal processing
• Admin/system access

3. Subprocessors

Reveal AI engages selected third-party subprocessors to support infrastructure, AI processing, analytics, customer support, and business operations. For a complete and current list, please refer to our official Subprocessor Documentation: Reveal AI Subprocessors

If you require a signed Data Processing Agreement (DPA) or further documentation (e.g., DPIA, SOC2 plans), please contact our team at tostojoao@gmail.com.