Privacy Policy

How we collect, use, and protect your personal data.

Updated April 2026

1. Data Controller

VIETNAM DMS COMPANY LIMITED ("DMS Lab") is the data controller for personal data processed through DMS Labs AI and dmslab.ai. Contact: legal@dmslab.ai.

2. Data We Collect

Account data: name, email, organization, authentication identifiers (including Google OAuth subject IDs).
Billing data: top-up amounts, currency, VAT identifiers, SePay transaction references. We do not store full card numbers.
Usage data: API requests, token counts, model selection, latency, error codes, IP address, user agent.
Inference content: Prompts and Completions transmitted to models, stored transiently for abuse detection and audit.
Support data: messages and attachments you send to support.

3. Purposes and Legal Bases

Provide the service and authenticate users (contract).
Bill, issue VAT invoices, and prevent fraud (contract, legal obligation).
Monitor abuse and protect infrastructure (legitimate interest).
Communicate product updates; marketing only with consent (consent).

4. Model Training

We do not use Customer Prompts or Completions to train foundation models without explicit opt-in. Aggregated, de-identified telemetry (latency, error rates, token distribution) may be used to improve routing and reliability.

5. Retention

Inference logs: up to 30 days, then deleted or anonymized.
Billing records: 10 years per Vietnamese tax law.
Account data: for the life of the account plus 90 days.
Audit logs: up to 12 months.

6. Sharing

We share data with sub-processors only to deliver the service: GPU infrastructure providers, SePay (payments), Google (OAuth), email providers, and cloud infrastructure. A current sub-processor list is available on request. We do not sell personal data.

7. International Transfers

Processing primarily occurs in regional data centers. Where data is transferred across borders, we rely on contractual safeguards with sub-processors.

8. Your Rights

Under Decree 13/2023/ND-CP on Personal Data Protection, you may request access, correction, deletion, restriction, objection, and portability of your personal data. Submit requests to legal@dmslab.ai; we respond within 30 days.

9. Security

TLS 1.3 in transit, encryption at rest, least-privilege access, and audit logging. See the Security Policy for details.

10. Cookies

See the Cookie Policy.

11. Children

The service is not directed to children under 16. We do not knowingly collect their data.

12. Changes

Material changes will be announced at least 14 days before taking effect. The current version date appears at the top of this page.

2. Data We Collect

Account data: name, email, organization, authentication identifiers (including Google OAuth subject IDs).

Billing data: top-up amounts, currency, VAT identifiers, SePay transaction references. We do not store full card numbers.

Usage data: API requests, token counts, model selection, latency, error codes, IP address, user agent.

Inference content: Prompts and Completions transmitted to models, stored transiently for abuse detection and audit.

Support data: messages and attachments you send to support.