7ii Logo
7ii Seven Infinite Intelligence

Privacy Policy

Privacy Policy

Seven Infinite Intelligence (7ii)

Seven Infinite Intelligence (“7ii”) is a legally registered trading name owned and operated by One Terrene International Group (OTI Group), with its principal place of business in Nicosia, Cyprus.

This Privacy Policy explains how 7ii collects, uses, stores, and protects personal and organisational data in connection with the use of the 7ii Digital Workforce Platform.

7ii processes data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Cyprus and EU data protection laws.

 

1. Data Collected

7ii collects and processes only the data necessary to provide, operate, secure, and govern the Digital Workforce Platform and the Digital Professionals hired by users (“Clients”).

Data collection is limited, purpose-driven, and aligned with the principles of data minimisation and proportionality.

1.1 Account Data

Account Data refers to information required to create, manage, and secure a Client account on the 7ii platform.

This may include:

  • Name, surname, and contact details of the account holder;
  • Email address and authentication credentials;
  • Organisation or company name;
  • Billing and payment-related information (processed via secure third-party payment providers);
  • Account preferences and settings;
  • User role and access permissions within the Platform.

Account Data is used solely for:

  • Account creation and authentication;
  • Service provision and billing;
  • Platform security and access control;
  • Customer support and service communications;
  • Legal, compliance, and audit purposes where required.

7ii does not sell or monetise Account Data.

 

1.2 Configuration Data

Configuration Data consists of information provided by the Client to configure and manage Digital Professionals.

This may include:

  • Role definitions, duties, and task instructions;
  • Uploaded documents, knowledge sources, URLs, or websites;
  • Skill selections, permissions, and workflow settings;
  • Connector credentials and integration parameters;
  • Public and private interaction rules;
  • Disclaimers, escalation instructions, and compliance-related settings.

Configuration Data is processed exclusively to:

  • Enable Digital Professionals to perform their assigned roles;
  • Enforce role boundaries, permissions, and escalation logic;
  • Ensure safe, accurate, and controlled operation.

7ii does not independently verify the accuracy or legality of Client-provided Configuration Data and processes such data strictly in accordance with Client instructions and these policies.

 

1.3 Interaction Metadata

Interaction Metadata refers to data generated through the operation of Digital Professionals, excluding the substantive content of conversations unless retention is explicitly enabled.

This may include:

  • Timestamps of interactions;
  • Interaction counts and volumes;
  • Language usage statistics;
  • Escalation events and status indicators;
  • Performance and usage metrics;
  • Lead and form submission metadata;
  • System logs related to availability, errors, or security events.

Interaction Metadata is used to:

  • Provide analytics and reporting to Clients;
  • Monitor system performance and reliability;
  • Detect abuse, misuse, or security threats;
  • Support audits, dispute resolution, and compliance obligations.

Access to Interaction Metadata is restricted to authorised users and systems, and is retained only for defined periods as described later in this Privacy Policy.

 

2. Data Protection Principles

Across all data categories, 7ii adheres to the following principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality

No personal or organisational data is used for global AI training, cross-client learning, or external commercial purposes.

2.1 Business Context of Data Processing

The 7ii Platform is designed primarily for business and organisational use.

Most data processed through the Platform relates to individuals acting in a professional or representative capacity on behalf of an organisation (e.g. employees, agents, or contacts of a Client).

Where personal data is processed in a business context, such processing is limited to what is necessary for service delivery, operational continuity, and compliance with applicable laws.

7ii does not engage in personal profiling, behavioural advertising, or consumer data monetisation.

 

3. What Is Stored

7ii stores only the data that is explicitly required to provide, operate, secure, and govern the Digital Workforce Platform and the Digital Professionals hired by Clients.

All stored data is subject to strict access controls, defined retention periods, and secure handling procedures.

3.1 Approved Knowledge

“Approved Knowledge” refers to information deliberately provided or authorised by the Client for use by a Digital Professional.

This may include:

  • Documents uploaded by the Client (e.g. PDFs, DOCX, CSV files);
  • Webpages, websites, or sitemaps explicitly submitted for ingestion;
  • Structured data used for task execution, lead collection, or document workflows;
  • Instructions, guidelines, and role-specific knowledge assigned by the Client.

Approved Knowledge is:

  • Stored only within the scope of the relevant Digital Professional;
  • Used exclusively to perform the duties configured by the Client;
  • Not shared between Clients;
  • Not exposed in public interactions unless explicitly permitted by configuration.

7ii does not independently add, infer, or source knowledge beyond what the Client has approved. Clients may remove or update Approved Knowledge at any time through the Platform, subject to applicable retention rules.

 

3.2 Interaction Records (Time-Bound)

Interaction Records refer to data generated through interactions involving Digital Professionals, including but not limited to:

  • Conversation transcripts;
  • Lead or form data collected through conversation;
  • Interaction summaries and analytics;
  • Escalation logs and related system records.

By default, Interaction Records are stored for a limited, time-bound period to enable review, reporting, and export by the Client.

Unless extended by the Client through optional retention features:

  • Interaction Records are retained until 30 days after the end of the calendar month in which they were generated;
  • After this period, such records are no longer accessible to the Client.

Where extended retention has been activated, Interaction Records may be stored for longer periods in accordance with the selected service, subject to maximum limits defined by the Platform.

Interaction Records retained for legal, compliance, or security purposes may be stored beyond Client-accessible periods, but are:

  • Restricted from Client access;
  • Not used for global training or cross-client purposes;
  • Processed solely for lawful and legitimate reasons.

 

3.3 Data Governance Assurance

All stored data under this section is:

  • Segregated per Client and per Digital Professional;
  • Protected by technical and organisational security measures;
  • Accessible only to authorised systems and users;
  • Subject to deletion, anonymisation, or archival at the end of its lifecycle.

 

 

4. What Is Not Stored

7ii is designed around the principle of data isolation, consent, and purpose limitation. Accordingly, certain categories of data are never stored, retained, or processed by the Platform.

4.1 Cross-Client Data

7ii does not store, merge, share, or transfer data between different Clients or their Digital Professionals.

Specifically:

  • Knowledge, configurations, and interaction records associated with one Client are never accessible to another Client;
  • No Digital Professional can access data belonging to a different Client;
  • There is no shared memory or pooled data environment across Clients.

Each Client’s data is logically and securely isolated within the Platform.

 

4.2 Global Training Data

7ii does not use Client data for global system training, model improvement, or cross-client learning.

In particular:

  • Client conversations are not used to train or fine-tune global AI models;
  • Client documents, websites, or configurations are not incorporated into shared datasets;
  • No Client data is used to improve services for other Clients.

All Digital Professionals operate solely on:

  • Client-approved knowledge;
  • Client-specific configuration;
  • Platform-level logic that does not incorporate Client content.

This separation ensures that Client data remains confidential and purpose-bound.

 

4.3 Unauthorised Sources

7ii does not store or ingest data from unauthorised or implicit sources.

Digital Professionals do not:

  • Crawl the internet without explicit instruction;
  • Ingest data from external systems without Client approval;
  • Access private, restricted, or protected content unless credentials are explicitly provided by the Client;
  • Independently source or accumulate data beyond approved knowledge inputs.

Any data ingestion occurs only through deliberate Client actions, such as uploading documents, submitting URLs, or configuring integrations.

 

4.4 Data Protection Commitment

By explicitly excluding these categories of data, 7ii ensures:

  • Strong confidentiality guarantees;
  • Compliance with data protection laws;
  • Predictable and transparent data handling;
  • Reduced risk of data leakage or misuse.

 

5. AI Training Clarification

7ii is designed to provide Digital Professionals that operate on Client-approved knowledge and configuration, not on uncontrolled or implicit learning from Client data.

5.1 No Global Model Training on Client Data

7ii does not use Client data to train, fine-tune, or improve global artificial intelligence models.

Specifically:

  • Client conversations are not used to train or modify shared models;
  • Client documents, websites, and uploaded materials are not incorporated into global datasets;
  • Client configurations, instructions, or behavioural preferences are not used to influence or improve services for other Clients.

All learning, adaptation, or personalisation applied to a Digital Professional occurs within the boundaries of that specific Client’s configuration and engagement, and does not persist beyond the lifecycle of that engagement.

 

5.2 No Data Sharing Between Clients

7ii enforces strict data isolation between Clients.

Accordingly:

  • No Client data is shared, reused, or exposed to other Clients;
  • No Digital Professional can access information belonging to another Client;
  • There is no cross-client memory, inference, or data propagation.

Each Digital Professional operates in a segregated environment, governed by the instructions, permissions, and knowledge explicitly provided by the hiring Client.

 

5.3 Transparency and Trust

These restrictions are fundamental to the 7ii platform and are enforced by design rather than policy alone. They exist to ensure:

  • Confidentiality of Client data;
  • Predictable and explainable Digital Professional behaviour;
  • Compliance with applicable data protection and confidentiality obligations;
  • Trust in the use of Digital Professionals for operational and business-critical tasks.

 

 

6. Retention & Deletion

7ii retains personal and organisational data only for as long as it is necessary to fulfil the purposes for which it was collected, to provide the Platform services, and to comply with applicable legal, regulatory, and contractual obligations.

Retention is governed by clear timelines, Client-controlled options, and secure end-of-lifecycle handling.

 

6.1 Clear Retention Timelines

Unless otherwise extended by the Client, the following default retention rules apply:

  • Interaction records (including conversation transcripts, leads, form data, summaries, and escalation logs) are retained until 30 days after the end of the calendar month in which they were generated;
  • During this period, Clients may review, export, and manage their data through the Platform;
  • After the default retention period expires, such data is no longer accessible to the Client.

Configuration data and approved knowledge remain available only for the duration of the active engagement of the relevant Digital Professional, subject to the Client’s actions and applicable retention rules.

 

6.2 User-Controlled Retention Extensions

Clients may elect to extend data retention periods by activating optional, paid retention-related features, where available.

Where such extensions are enabled:

  • Retention periods may be extended for defined durations, up to a maximum of two (2) years, depending on the selected service;
  • Extensions apply only to the specific data categories and Digital Professionals covered by the activated feature;
  • Extended retention remains subject to all access controls, confidentiality requirements, and usage limitations described in this Privacy Policy.

Retention extensions do not alter data ownership, grant additional rights of use, or permit data sharing beyond the original scope of engagement.

 

6.3 Retention After Termination or Unhiring

Upon termination, suspension, or unhiring of a Digital Professional:

  • Client access to all associated data ceases immediately;
  • Interaction data may be retained by 7ii for up to twelve (12) months where required for:
    • Legal or regulatory compliance;
    • Dispute resolution;
    • Enforcement of contractual rights;
    • Fraud prevention or security investigations.

Data retained for these purposes is:

  • Not accessible to the Client;
  • Not used for training or analytics beyond lawful requirements;
  • Subject to strict internal access controls.

 

6.4 Secure Deletion After Lifecycle Completion

Once the applicable retention period has expired, data associated with a Client or Digital Professional is subject to secure deletion, anonymisation, or irreversible archival, in accordance with 7ii’s internal data lifecycle management procedures.

Secure deletion measures are designed to:

  • Prevent unauthorised access, recovery, or reconstruction;
  • Ensure data can no longer be attributed to an identifiable individual or organisation;
  • Comply with applicable data protection and information security standards.

Following secure deletion:

  • Data cannot be recovered or restored;
  • 7ii has no obligation to retain or reconstitute deleted data;
  • Responsibility for exporting or preserving required records prior to deletion rests with the Client.

 

7. Data Protection Commitment

Through defined retention timelines, user-controlled extensions, and secure deletion practices, 7ii ensures that data handling remains predictable, transparent, and proportionate throughout the entire service lifecycle.

 

7.1 Data Storage & Security Measures

7ii implements appropriate technical, organisational, and procedural safeguards to protect all data processed through the Platform against unauthorised access, loss, misuse, alteration, or disclosure.

Security measures are designed in accordance with industry best practices and are proportionate to the nature, sensitivity, and scope of the data processed.

7.2 Secure Storage Infrastructure

All data processed by 7ii is stored within controlled environments that employ:

  • Segregated storage per Client and per Digital Professional;
  • Logical isolation between datasets to prevent cross-access;
  • Secure hosting environments with restricted administrative access;
  • Continuous monitoring for availability, integrity, and security events.

Data is stored only for the duration required by service operation, retention settings, or legal obligations, as described in this Privacy Policy.

 

7.3 Access Control & Authentication

Access to data is governed by strict access control mechanisms, including:

  • Role-based access controls limiting data visibility to authorised users only;
  • Authentication requirements for all administrative and Client access;
  • Separation between public-facing interactions and authenticated internal access;
  • Logging and auditing of access to sensitive systems and data.

Only authorised personnel with a legitimate operational need may access stored data, and such access is subject to internal policies and confidentiality obligations.

 

7.4 Data Transmission Security

All data transmitted between Client systems, end users, and the 7ii Platform is protected using:

  • Encrypted communication channels (e.g. HTTPS/TLS);
  • Secure APIs and interfaces for integrations and connectors;
  • Protection against interception, tampering, or unauthorised modification during transmission.

Credentials for third-party integrations are stored and processed using secure credential-handling practices and are never exposed to unauthorised parties.

 

7.5 Operational Security & Monitoring

7ii maintains operational security measures that include:

  • Continuous monitoring for suspicious activity or abuse;
  • Automated and manual detection of security incidents;
  • Regular system updates and security patches;
  • Controlled deployment of platform updates and changes.

Where a security incident affecting personal data is identified, 7ii will assess the impact and take appropriate remedial action in accordance with applicable data protection laws.

 

7.6. Internal Policies & Staff Obligations

7ii personnel with access to systems or data are subject to:

  • Confidentiality obligations;
  • Access limitations based on role and necessity;
  • Security awareness and operational procedures designed to reduce risk.

Access rights are reviewed and adjusted as roles change or terminate.

 

7.7 Limitation of Absolute Security

While 7ii implements robust security measures, no system can be guaranteed to be completely secure.

Accordingly, 7ii does not warrant absolute protection against all potential security threats but commits to maintaining reasonable and appropriate safeguards consistent with the nature of the services provided.

 

8. Data Subject Rights (GDPR)

7ii processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and recognises the rights of individuals (“Data Subjects”) whose personal data is processed through the Platform.

Where 7ii acts as a data controller or data processor, Data Subjects are entitled to the rights described below, subject to applicable legal limitations and obligations.

 

8.1 Right of Access

Data Subjects have the right to request confirmation as to whether personal data concerning them is being processed and, where applicable, to request access to that data.

Upon request, 7ii will provide:

  • Confirmation of processing;
  • A description of the categories of data processed;
  • The purposes of processing;
  • Information on data retention periods, where applicable.

 

8.2 Right to Rectification

Data Subjects have the right to request correction of inaccurate or incomplete personal data.

Where personal data is inaccurate, outdated, or incomplete, 7ii will take reasonable steps to correct or update such data upon verification of the request.

 

8.3 Right to Erasure (“Right to Be Forgotten”)

Data Subjects may request the deletion of personal data where:

  • The data is no longer necessary for the purposes for which it was collected;
  • Consent has been withdrawn and no other legal basis applies;
  • The data has been processed unlawfully;
  • Deletion is required to comply with a legal obligation.

This right is subject to lawful exceptions, including where data must be retained for legal, regulatory, or contractual reasons, as described in this Privacy Policy.

 

8.4 Right to Restriction of Processing

Data Subjects may request restriction of processing where:

  • The accuracy of the data is contested;
  • Processing is unlawful but erasure is not requested;
  • The data is no longer required by 7ii but is required by the Data Subject for legal claims.

During restriction, data may be stored but not otherwise processed, except as permitted by law.

 

8.5 Right to Data Portability

Where applicable, Data Subjects have the right to receive personal data they have provided to 7ii in a structured, commonly used, and machine-readable format, and to request transmission of that data to another controller, where technically feasible.

This right applies only to data processed on the basis of consent or contractual necessity and by automated means.

 

8.6 Right to Object

Data Subjects have the right to object to processing of their personal data where processing is based on legitimate interests, unless 7ii demonstrates compelling legitimate grounds that override the interests, rights, and freedoms of the Data Subject.

Where processing is based on legal obligation or contractual necessity, this right may not apply.

 

8.7 Exercising Your Rights

Requests to exercise data subject rights may be submitted through the contact details provided in this Privacy Policy.

To protect security and confidentiality, 7ii may:

  • Require verification of identity before fulfilling a request;
  • Request clarification where a request is unclear or excessively broad.

7ii will respond to valid requests within the timeframes required by applicable law, typically within one (1) month, subject to lawful extensions where permitted.

 

8.8 Limitations and Context

Data Subject rights apply to personal data and do not extend to:

  • Aggregated or anonymised data;
  • Business, organisational, or configuration data not linked to an identifiable individual;
  • Data retained solely for legal or compliance purposes where deletion is not permitted.

Where 7ii acts as a processor on behalf of a Client, certain requests may need to be directed to the relevant Client acting as the data controller.

 

9. Third-Party Processors

7ii may engage carefully selected third-party service providers (“Third-Party Processors”) to support the operation, security, and delivery of the Digital Workforce Platform.

Third-Party Processors are used only where necessary and solely for purposes that are compatible with this Privacy Policy.

 

9.1 Role of Third-Party Processors

Third-Party Processors may process data on behalf of 7ii for limited and specific purposes, such as:

  • Secure hosting and infrastructure services;
  • Payment processing and billing management;
  • Email delivery and system notifications;
  • Analytics related to platform performance and reliability;
  • Security monitoring, abuse prevention, and incident response;
  • Backup, disaster recovery, and system redundancy.

Third-Party Processors act strictly under 7ii’s instructions and are not permitted to use data for their own purposes.

 

9.2 Data Protection and Contractual Safeguards

All Third-Party Processors engaged by 7ii are subject to:

  • Contractual data processing agreements that comply with GDPR requirements;
  • Confidentiality obligations;
  • Security and data protection standards appropriate to the nature of the data processed;
  • Limitations on sub-processing without authorisation.

Where required, 7ii ensures that appropriate safeguards are in place for any data transferred outside the European Economic Area (EEA), such as standard contractual clauses or equivalent legal mechanisms.

 

9.3 Scope and Limitations

Third-Party Processors are granted access only to the minimum data necessary to perform their specific function.

They do not have:

  • General access to Client accounts or Digital Professionals;
  • Rights to reuse, share, or monetise data;
  • Authority to make independent decisions regarding data processing.

7ii remains responsible for the actions of its Third-Party Processors in accordance with applicable data protection laws.

 

9.4 Transparency

7ii does not publicly disclose an exhaustive list of Third-Party Processors but will provide relevant information upon reasonable request where required by law.

Clients and Data Subjects may contact 7ii to request additional information regarding Third-Party Processing activities, subject to confidentiality and security considerations.

 

10. Contact Information & Data Protection Requests

Seven Infinite Intelligence (“7ii”) is a legally registered trading name owned and operated by One Terrene International Group (OTI Group), with its principal place of business in Nicosia, Cyprus.

7ii is committed to transparency and to respecting the rights of individuals whose personal data is processed through the Platform.

 

10.1 Contact Details

For all privacy-related enquiries, data protection questions, or requests under this Privacy Policy, you may contact us at:

One Terrene International Group (OTI Group)
Trading Name: Seven Infinite Intelligence (7ii)
Location: Nicosia, Cyprus
Email: privacy@7ii.eu 

 

10.2 Submitting Data Protection Requests

Data Subjects may submit requests to exercise their rights under GDPR, including requests for:

  • Access to personal data;
  • Rectification of inaccurate data;
  • Erasure of personal data;
  • Restriction of processing;
  • Data portability;
  • Objection to processing.

Requests should be submitted in writing using the contact details above and must include sufficient information to allow verification of the requester’s identity.

To protect confidentiality and security, 7ii may request additional information to confirm identity before processing a request.

 

10.3 Response Timeframes

7ii will respond to valid data protection requests within the timeframes required by applicable law, generally within one (1) month of receipt.

Where a request is complex or numerous, this period may be extended as permitted by law, and the requester will be informed accordingly.

11. Automated Processing & Controller/Processor Context

11.1 Automated Processing & Decision-Making

Digital Professionals perform automated processing of data strictly within the scope of their configured role and instructions.

7ii does not engage in fully automated decision-making that produces legal or similarly significant effects on individuals without human involvement, as defined under Article 22 of the GDPR.

All Digital Professional outputs are assistive in nature and operate under human oversight. Where decisions, approvals, or actions with legal, financial, or material impact are involved, responsibility remains with the Client.

Data Subjects may contact 7ii using the details provided in this Privacy Policy to obtain further information regarding the nature and scope of automated processing.

 

11.2 Acting as Processor

In cases where 7ii processes personal data on behalf of a Client acting as the data controller, certain requests may need to be directed to that Client.

7ii will cooperate with Clients to facilitate lawful data subject requests where applicable.

 

12. Right to Lodge a Complaint

If a Data Subject believes that their data protection rights have been infringed, they have the right to lodge a complaint with the relevant supervisory authority.

For Cyprus, this is:

12.1. Office of the Commissioner for Personal Data Protection
Republic of Cyprus

 

13. Updates to This Privacy Policy

7ii may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or service offerings.

Where changes are material, 7ii will take reasonable steps to notify users through the Platform or other appropriate means.

Continued use of the Platform after an updated Privacy Policy takes effect constitutes acknowledgement of the revised terms.