1. General Provisions

Shanghai New Core Technology Co., Ltd.

NEW CORE TECH CO., PTE. LTD. (collectively referred to as “Newcore” or “we”)

places great importance on the security and protection of customer data and information.

3Chat.ai, a product operated by Newcore, is an AI Customer Service / AI Agent / SaaS platform designed for enterprise customers (B2B).

To safeguard the data security, privacy rights, and business continuity of our customers and their end users, we have established this Data Security & Management Policy in accordance with applicable laws, regulations, and internationally recognized data protection principles.

This policy is intended to publicly explain 3Chat’s data security principles, management practices, and responsibility boundaries to customers, partners, and other stakeholders.

2.Scope of Application & Responsible Entity

2.1 Legal Entity

• Company Name (Chinese): 上海纽酷信息科技有限公司

• Company Name (English): NEW CORE TECH CO., PTE. LTD.

2.2 Product Information

• Product Name: 3Chat.ai

• Product Type: AI Customer Service / AI Agent / SaaS

• Service Target: Enterprise Customers (B2B)

• Primary Service Regions:

  • Mainland China

  • Overseas English-speaking regions (e.g., North America, Europe)

2.3 Scope of Application

This policy applies to data processing activities involved in:

• Data generated by enterprise customers and their members while using 3Chat

• Multi-channel conversations and service data accessed through 3Chat

• Knowledge base content, configurations, and business rules uploaded by customers

• Necessary system logs and security-related operational data

3. Data Classification & Processing Principles

3.1 Types of Data Processed

In the course of providing services, 3Chat may process the following data in a lawful and compliant manner:

• Enterprise account information (e.g., company name, contact information)

• Enterprise member account and permission management data

• Conversation content between customers and their end users

• Knowledge base documents, configurations, and workflow data uploaded by customers

• System operation data, such as access and operational logs

3Chat does not proactively collect or require the provision of sensitive personal data, including but not limited to government-issued identification numbers, bank card information, or biometric data.

3.2 Data Processing Principles

3Chat adheres to the following widely accepted data protection principles:

• Data Minimization: Only data necessary for providing the service is processed

• Purpose Limitation: Data is used strictly within customer-authorized business purposes

• Security First: Technical and organizational measures are implemented to protect data

• Controlled Access: Data access and usage boundaries are clearly defined

4. Data Storage & Infrastructure Security

• 3Chat operates on mainstream cloud infrastructure and currently uses Alibaba Cloud

• Primary server locations include:

  • Mainland China

  • Singapore

• A multi-tenant SaaS architecture is adopted, ensuring logical isolation of customer data

• Industry-standard security controls and encryption mechanisms are applied during data storage and transmission

• Production and non-production environments are strictly separated to reduce misuse risks

5. Access Control & Permission Management

5.1 Customer-side Access Control

• Role-based access control is supported (e.g., administrators and regular members)

• Customers may configure user permissions and access scopes within their organizations

5.2 Internal Access Control

• Internal access to customer data is strictly restricted

• Employees are not permitted to access customer business data without authorization

• Limited access is allowed only when necessary for customer-authorized support or troubleshooting purposes

6. AI Capabilities & Data Usage

• Business data and conversation content uploaded to 3Chat.ai are used exclusively for the operation of the customer’s own AI Agent by default

• Customer data is not used for general-purpose AI model training

• 3Chat does not use customer data for other customers or external purposes without explicit authorization

7. Data Sharing & Third-Party Integrations

• 3Chat does not sell, trade, or disclose customer data to third parties without authorization

• Customer data is generally not transferred outside the 3Chat system

• Any third-party system integrations configured by customers are managed and authorized by the customers themselves

8. Data Retention & Deletion

• During the service period, data is retained only as necessary for service delivery

• Upon service termination or customer request, data deletion may be requested

• The default data retention period after termination is 30 days, after which data will be deleted or cleared

9. Security Incident Management & Response

3Chat maintains an internal security incident response mechanism:

• Potential data security risks are continuously monitored

• In the event of a confirmed or suspected security incident, internal response procedures will be initiated

• Appropriate remedial actions will be taken based on impact assessment, and customers will be informed as necessary

10. Continuous Improvement & Compliance Commitment

3Chat references and aligns with applicable laws, regulations, and industry standards, including but not limited to:

• China’s Cybersecurity Law, Data Security Law, and Personal Information Protection Law

• Core principles of international data protection frameworks such as GDPR

We continuously improve our data security management practices in response to regulatory and business environment changes.

11. Contact Information

For any questions regarding this policy or 3Chat’s data security practices, please contact:

📧 contact@3chat.ai