DEIK legal

This section contains the public legal documents suitable for the website footer and standard SaaS legal access.

TERMS OF SERVICE

Last updated: 17 March 2026

These Terms of Service ("Terms") govern access to and use of the DEIK Strategic Negotiation Simulator (the "Platform") operated by Ideus d.o.o. ("Ideus",).

By accessing or using the Platform, you agree to these Terms.

1. Description of Service

The Platform provides an AI-powered negotiation training environment designed to simulate strategic negotiation scenarios and provide performance feedback.

The Platform may include:

AI-generated negotiation scenarios

performance analytics

voice and response analysis

training simulations

The Platform is intended for training and educational purposes only.

2. Eligibility

Users must:

be at least 18 years of age

use the Platform on behalf of a legitimate organization or for professional development

comply with applicable laws and regulations

3. Account Registration

To use certain features of the Platform, users must create an account.

Users agree to:

provide accurate information

maintain confidentiality of login credentials

notify Ideus d.o.o of any unauthorized use of their account

Users are responsible for activities performed under their account.

4. Acceptable Use

Users agree not to use the Platform to:

violate laws or regulations

upload unlawful, abusive, or harmful content

attempt to reverse engineer the Platform

interfere with system security

use the Platform to train competing AI systems

extract training data from the Platform

X.X. AI-Specific Use Restrictions In addition to the general use restrictions, User expressly agrees not to use the DEIK Strategic Negotiation Simulator to:

Simulate Illegal Acts: Create, simulate, or engage in any negotiation scenario that involves, encourages, or provides instructions for illegal activities, fraud, or violations of any applicable local, state, national, or international law.

Generate Hate Speech: Use the platform to generate, promote, or amplify hate speech, discrimination, or content that incites violence or hostility against individuals or groups based on race, religion, gender, sexual orientation, disability, or any other protected characteristic.

Deceptive Content: Attempt to bypass the AI’s safety filters or use the platform to generate deceptive, defamatory, or harmful content intended to harass or mislead third parties.

Malicious Reverse Engineering: Use AI-generated outputs to reverse engineer the platform’s underlying negotiation logic, prompts, or proprietary behavioral models.

Ideus d.o.o. reserves the right to immediately suspend or terminate access to any account found to be in violation of these AI-specific restrictions.

5. Intellectual Property

All intellectual property related to the Platform, including:

software

AI models

simulation frameworks

system design

training algorithms

remains the property of Ideus or its licensors.

Users retain ownership of their own input data submitted to the Platform.

6. AI-Generated Content

The Platform generates simulated negotiation responses using artificial intelligence.

AI-generated content:

may contain inaccuracies

should not be relied upon as professional advice

is intended solely for training and educational purposes

Users are responsible for evaluating the relevance and accuracy of generated outputs.

7. Data Use

Use of personal data is governed by the Privacy Policy.

Simulation data may be processed to provide feedback and improve system functionality.

Enterprise customer data is not used to train global AI models unless explicitly agreed.

8. Service Availability

Ideus strives to maintain reliable service but does not guarantee uninterrupted availability.

The Platform may occasionally be unavailable due to:

maintenance

system updates

security incidents

infrastructure failures

9. Limitation of Liability

To the maximum extent permitted by law, Ideus do.o.o. shall not be liable for:

indirect damages

lost profits

business interruption

reliance on AI-generated outputs

Limitation of Liability TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL IDEUS D.O.O. BE LIABLE FOR ANY INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF PROFITS, GOODWILL, OR DATA, ARISING OUT OF OR RELATING TO THE USE OF THE STRATEGIC NEGOTIATION SIMULATOR.

Liability Cap IDEUS D.O.O.’S TOTAL AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT, WHETHER IN CONTRACT, TORT, OR OTHERWISE, SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY THE CUSTOMER TO IDEUS D.O.O. FOR THE SERVICES IN THE TWELVE (12) MONTHS PRECEDING THE EVENT GIVING RISE TO THE CLAIM. THE SIMULATOR IS PROVIDED FOR TRAINING PURPOSES ONLY; IDEUS D.O.O. IS NOT RESPONSIBLE FOR THE OUTCOME OF REAL-WORLD NEGOTIATIONS CONDUCTED BY THE USER.

The Platform is provided "as is" and "as available."

10. Termination

Ideus may suspend or terminate accounts that:

violate these Terms

misuse the Platform

pose security risks

• Users may terminate their account at any time.

11. Governing Law

These Terms shall be governed by the laws of Slovenia, without regard to conflict of law principles.

12. Changes to Terms

Ideus may update these Terms periodically.

Users will be notified of material changes through the Platform or via email.

13.Biometric Information Privacy

To the extent that voice features may be considered biometric identifiers under certain jurisdictions (e.g., Illinois BIPA), User provides express written consent for the limited processing of such data for training purposes, subject to the immediate deletion protocols described in our Privacy Policy.

ETHICAL AI STATEMENT

Last updated: 17 March 2026

At Ideus, we believe artificial intelligence should enhance human capability while respecting privacy, autonomy, and trust.

The DEIK Strategic Negotiation Simulator is designed as a training system, not a decision-making authority.

1. Human-Centered Design

Our AI systems are designed to support human learning and professional development.

The Platform provides insights and feedback, but users remain responsible for interpreting and applying results.

2. Transparency

Users interacting with the Platform are clearly informed when they are interacting with AI-generated systems.

AI-generated responses and simulation outputs are presented as training feedback, not factual authority.

3. Privacy by Design

We follow the principle of data minimization.

Where possible:

raw audio is processed in real time

only derived performance metrics are stored

sensitive negotiation content remains isolated within customer environments

4. Responsible Use of Data

Customer simulation data is treated as confidential training material.

Ideus d.o.o does not use customer negotiation data to train global AI models unless explicit permission is provided.

We believe that strategic negotiation data belongs to the organization that generates it.

5. Security and Integrity

AI systems are deployed within secure infrastructure and monitored for:

abnormal behavior

misuse

security threats

Access to sensitive systems is strictly controlled.

6. Fairness and Bias Awareness

Negotiation simulations are designed to focus on:

strategy

communication patterns

timing

We continuously evaluate our systems to reduce unintended bias and improve fairness in simulation outputs.

7. Continuous Improvement

Responsible AI development requires ongoing review.

We regularly update our models, safeguards, and internal processes to align with:

emerging AI governance standards

evolving regulatory requirements

user feedback

8. Commitment

Our goal is to build AI systems that are:

transparent

privacy-respecting

secure

aligned with human judgment

We believe AI should strengthen strategic thinking—not replace it.

This section is structured for enterprise buyers, security reviews, AI governance discussions, and trust-center style navigation.

2️⃣ DEIK GLOBAL TRUST CENTER MAP

Enterprise kupci skoraj vedno preverijo Trust Center.

Idealna struktura:

trust.deik.ai

TRUST CENTER STRUCTURE

TRUST CENTER

│

├ Privacy

├ Security

├ Responsible AI

├ Data Sovereignty

├ Compliance

├ Subprocessors

└ Documents

1. Privacy

/trust/privacy

Vsebuje:

Privacy Policy

GDPR explanation

user rights

DEIK GLOBAL PRIVACY POLICY

(EU + US + Asia ready)

Last updated: 17 March 2026

This Global Privacy Policy explains how Ideus d.o.o. processes personal data when users access and use the DEIK Strategic Negotiation Simulator.

This policy is designed to comply with major global privacy regulations including:

GDPR (EU / EEA)

CCPA / CPRA (California, USA)

PDPA (Singapore)

APPI (Japan)

PIPA (South Korea)

DPDP Act (India)

Data Privacy Act (Philippines)

1. Data Controller

Ideus d.o.o. Teslova 30 Slovenia

Email: privacy@deik.ai

2. Categories of Personal Data

The platform may process the following data:

Account Information

name

email address

organization

login credentials

Simulation Data

text responses

negotiation inputs

scenario interactions

Voice Data (Optional)

voice tone analysis

speech timing indicators

Voice analysis is optional and activated only when enabled by the user.

Behavioral Metrics

The platform may analyze:

response timing

negotiation patterns

interaction dynamics

These metrics are used solely to generate training feedback.

Technical Data

IP address

device information

browser type

session logs

Voice Data & Biometric Processing: If the User chooses to enable voice-based interaction, the Platform processes voice audio solely to derive communication metrics (e.g., tone, timing, stability). DEIK operates on a "Zero-Storage" principle for raw audio: all voice recordings are processed in real-time and are immediately and permanently deleted following the extraction of non-identifiable metrics. No raw voice recordings are stored on our servers or used for model training.

3. Purpose of Processing

Personal data is processed for the following purposes:

providing the negotiation simulation platform

generating performance feedback

maintaining system security

improving platform stability

preventing misuse or security threats

Important Notice on Employee Use: The Platform is provided strictly for professional training and developmental purposes. The metrics and insights generated by the AI are intended to support the user's cognitive growth and are not designed, intended, or authorized to be used as the sole basis for high-stakes HR decisions, such as performance reviews, promotions, or termination of employment.

4. Legal Basis (GDPR)

Processing is based on:

Contractual necessity

providing the platform services.

Legitimate interest

ensuring platform security and reliability.

Consent

for optional features such as voice analysis.

• Users may withdraw consent at any time.

5. Artificial Intelligence Processing

The platform uses artificial intelligence to:

simulate negotiation dialogue

analyze interaction patterns

generate training feedback

The system:

does not make automated legal or financial decisions

does not evaluate employment outcomes

does not replace human judgment

AI-generated outputs are informational and intended for training purposes.

6. Data Retention

Data is retained only 12 months for analytics of trainings.

Typical retention periods:

Enterprise customers may configure custom retention policies.

7. Data Sharing

We may share data with trusted service providers for:

infrastructure hosting

security monitoring

analytics services

All subprocessors operate under contractual data protection obligations.

We do not sell personal data.

8. International Data Transfers

Data may be transferred outside the European Economic Area when necessary to operate the platform.

Safeguards include:

Standard Contractual Clauses

equivalent security protections

contractual obligations for processors

9. Security Measures

The platform uses industry-standard security controls including:

TLS 1.3 encryption in transit

AES-256 encryption at rest

role-based access control

tenant isolation

infrastructure monitoring

10. Data Subject Rights

Users may request:

access to personal data

correction of inaccurate data

deletion of personal data

restriction of processing

objection to processing

data portability

Requests may be sent to:

privacy@deik.ai

11. Regional Privacy Rights

European Union (GDPR)

Users in the EU have rights under the General Data Protection Regulation including:

right to access

right to erasure

right to data portability

United States (CCPA / CPRA)

California residents may have rights to:

request disclosure of collected data

request deletion of personal information

opt out of sale of personal data

Ideus d.o.o does not sell personal data.

• Requests may be submitted via privacy@deik.ai.

Asia-Pacific

Users in Asia-Pacific jurisdictions may have rights under local privacy regulations including:

PDPA (Singapore)

APPI (Japan)

PIPA (South Korea)

DPDP Act (India)

• Users may request access, correction, or deletion of personal data.

12. China Safe Clause (PIPL)

The platform is not currently designed to host or process personal data subject to Chinese data localization requirements.

Organizations located in China should contact Ideus d.o.o. before deploying the platform to ensure compliance with applicable Chinese regulations.

13. Children's Data

The platform is not intended for users under 18 years of age.

14. Updates to this Policy

We may update this policy periodically.

Material changes will be communicated via the platform or email notification.

GDPR Explanation

Legal Basis (GDPR)

Processing is based on:

Contractual necessity

providing the platform services.

Legitimate interest

ensuring platform security and reliability.

Consent

for optional features such as voice analysis.

• Users may withdraw consent at any time.

Regional Privacy Rights

European Union (GDPR)

Users in the EU have rights under the General Data Protection Regulation including:

right to access

right to erasure

right to data portability

United States (CCPA / CPRA)

California residents may have rights to:

request disclosure of collected data

request deletion of personal information

opt out of sale of personal data

Ideus d.o.o. does not sell personal data.

• Requests may be submitted via privacy@deik.ai.

Asia-Pacific

Users in Asia-Pacific jurisdictions may have rights under local privacy regulations including:

PDPA (Singapore)

APPI (Japan)

PIPA (South Korea)

DPDP Act (India)

• Users may request access, correction, or deletion of personal data.

TECHNICAL AND ORGANIZATIONAL MEASURES (TOMs)

1. Confidentiality: Data is hosted in AWS/Google Cloud (EU Region) with strict physical and system access controls (MFA, RBAC). All data is encrypted using TLS 1.3 (transfer) and AES-256 (at rest).

2. Integrity: Use of encrypted connections and audit logs to prevent and detect unauthorized data modification.

3. Availability & Resilience: Daily backups with Point-in-Time Recovery (PITR) and high-availability architecture to prevent service interruptions.

4. Testing & Assessment: Automated vulnerability scanning (CI/CD) and annual external penetration testing.

5. AI Safeguards: "Zero Retention" API policy with LLM providers (No Training clause) and data anonymization where feasible.

6. Ephemeral Audio Processing: Implementation of a volatile memory processing pipeline for voice data. Raw audio files are held only in temporary cache during inference and are automatically purged upon completion of the metric extraction, ensuring no biometric raw data persists at rest.

User Rights

Data Subject Rights

Users may request:

access to personal data

correction of inaccurate data

deletion of personal data

restriction of processing

objection to processing

data portability

Requests may be sent to:

privacy@deik.ai

2. Security

/trust/security

Prikaže:

encryption architecture

infrastructure overview

monitoring and logging

Key highlights:

AES-256 encryption

TLS 1.3

RBAC

tenant isolation

Encryption ArchitectureAll sensitive data handled by the platform is protected through modern cryptographic standards.

Encryption in Transit

All network communications between users and the platform are encrypted using:

TLS 1.3

This ensures that data transmitted across public networks cannot be intercepted or modified.

Encryption at Rest

Stored data is protected using:

AES-256 encryption

This applies to:

• databases
• storage systems
• backups

Encryption keys are managed using secure key management systems with strict access controls.

infrastructure overviewDEIK ENTERPRISE SECURITY & DATA SOVEREIGNTY WHITEPAPER

Version: 1.0

Last Updated: 17th of March, 2026

1. Introduction

This document describes the security architecture, data protection practices, and data sovereignty principles implemented within the DEIK Strategic Negotiation Simulator (the “Platform”).

The platform is designed for organizations that require a secure environment for training strategic negotiation capabilities using artificial intelligence.

Given the sensitive nature of negotiation simulations—which may include pricing strategies, commercial positioning, and negotiation tactics—Ideus d.o.o. has implemented security practices aligned with modern enterprise SaaS standards.

The security framework of the platform is based on the following principles:

• Security by Design
• Privacy by Design
• Data Minimization
• Tenant Isolation
• Confidentiality of Strategic Data

This whitepaper provides transparency into the technical and operational safeguards that protect customer data.

2. Platform Overview

The DEIK Strategic Negotiation Simulator is an AI-assisted training environment that allows users to practice negotiation scenarios through interactive simulations.

The platform includes the following core components:

• Scenario simulation engine
• AI response generation systems
• Voice interaction analysis
• Behavioral performance analytics
• User management and enterprise administration

The system may process various forms of data during simulations including:

• textual responses
• voice input streams
• behavioral timing data
• performance metrics

The platform is intended solely for training and performance analysis purposes.

3. Security Architecture

The platform is built using a layered security architecture designed to protect data at every stage of processing.

The architecture consists of the following layers:

Infrastructure Layer

Secure cloud infrastructure provides:

• network segmentation
• firewall protection
• distributed availability
• automated scaling
• DDoS mitigation

Application Layer

Application-level protections include:

• authentication controls
• access control enforcement
• API protection
• request validation

Data Protection Layer

Data security mechanisms include:

• encryption of data in transit and at rest
• secure storage services
• controlled database access
• internal audit logging

Monitoring Layer

Continuous monitoring systems detect:

• anomalous traffic patterns
• potential intrusion attempts
• unauthorized access attempts
• infrastructure instability

This layered architecture ensures that multiple independent safeguards protect the platform.

4. Encryption and Data Protection

All sensitive data handled by the platform is protected through modern cryptographic standards.

Encryption in Transit

All network communications between users and the platform are encrypted using:

TLS 1.3

This ensures that data transmitted across public networks cannot be intercepted or modified.

Encryption at Rest

Stored data is protected using:

AES-256 encryption

This applies to:

• databases
• storage systems
• backups

Encryption keys are managed using secure key management systems with strict access controls.

5. Tenant Isolation

Enterprise customers operate within logically isolated environments.

Tenant isolation ensures that:

• customer data is separated at the application layer
• database access is restricted per tenant
• user permissions are scoped to their organization

This architecture prevents data from one organization from being visible to another organization.

Isolation mechanisms include:

• tenant-scoped database queries
• tenant access identifiers
• permission-based data access

This approach ensures strong separation between enterprise customers.

6. AI Model Data Policy

The DEIK platform includes artificial intelligence systems that generate simulation responses and analyze negotiation behavior.

To protect customer confidentiality, the following policy applies:

Customer simulation data is not used to train global AI models.

Customer data remains confined to:

• the customer tenant environment
• simulation session analysis systems

Simulation content—including negotiation strategies, pricing information, and business scenarios—remains private to the customer organization.

This policy ensures that strategic negotiation insights are not incorporated into shared models.

7. Voice Data Processing

The platform may analyze voice input during negotiation simulations in order to provide feedback on communication patterns and stress indicators.

Voice processing is designed according to data minimization principles.

Where possible:

• voice input is processed in real time
• raw audio is not permanently stored
• only derived behavioral indicators are retained

Examples of derived indicators include:

• speech stability metrics
• response timing patterns
• vocal intensity indicators

Enterprise customers may configure retention policies for simulation data.

8. Access Control

Access to the platform and internal systems is restricted through multiple control mechanisms.

Authentication

User access requires authenticated accounts.

Security controls include:

• strong password policies
• optional multi-factor authentication
• session management controls

Role-Based Access Control (RBAC)

Users are assigned roles that determine the level of access to platform features.

Roles may include:

• standard users
• training administrators
• enterprise administrators

Access privileges are granted according to the principle of least privilege.

Internal Access Controls

Access to production infrastructure is limited to authorized personnel and is monitored through audit logging.

9. Monitoring and Logging

Security monitoring systems continuously analyze system activity in order to detect anomalies or potential threats.

Monitoring capabilities include:

• infrastructure health monitoring
• authentication event tracking
• suspicious activity detection
• log aggregation and analysis

Audit logs may include:

• login activity
• administrative actions
• system access events

Logs are retained for a limited period for security analysis and incident investigation.

10. Incident Response

Ideus d.o.o.maintains internal procedures for responding to security incidents.

The incident response process includes the following stages:

Detection

Investigation

Containment

Remediation

Notification (when required)

In the event of a confirmed data breach involving personal data, Ideus d.o.o. will follow applicable legal requirements regarding notification.

11. Infrastructure Security Standards

The platform is hosted on secure cloud infrastructure providers that maintain industry-recognized security certifications such as:

• ISO 27001
• SOC 2 Type II (or equivalent)

These standards require strict operational controls including:

• physical data center security
• access monitoring
• redundancy and disaster recovery procedures

Using certified infrastructure helps ensure strong baseline security practices.

12. Data Retention

Ideus d.o.o. follows the principle of retaining data only for as long as necessary.

Typical retention guidelines include:

Account dataRetained while the account is active.

Simulation metricsRetained for performance analytics and training history.

System logsRetained for security monitoring purposes for a limited period.

Audio streamsProcessed transiently unless explicit storage is enabled.

Enterprise customers may configure custom retention policies depending on their organizational requirements.

13. Data Sovereignty

Organizations using the DEIK platform retain control over their negotiation simulation data.

Ideus d.o.o. does not claim ownership over customer simulation inputs or outputs.

Customer data remains:

• isolated within the platform environment
• protected through encryption
• accessible only to authorized users

The platform is designed so that strategic negotiation knowledge remains under the control of the organization that generated it.

14. Continuous Security Improvement

Security is an ongoing process.

Ideus d.o.o. regularly reviews and improves its security practices through:

• infrastructure updates
• vulnerability monitoring
• internal security reviews
• updates to platform architecture

Our objective is to maintain a secure environment that organizations can trust when training sensitive strategic capabilities.

15. Contact

Security questions or vulnerability reports may be directed to:

security@[domain].com

Ideus d.o.o. encourages responsible disclosure of security issues so they can be addressed promptly.

Monitoring and Logging

Security Measures

The platform uses industry-standard security controls including:

TLS 1.3 encryption in transit

AES-256 encryption at rest

role-based access control

tenant isolation

infrastructure monitoring

TECHNICAL AND ORGANIZATIONAL MEASURES (TOMs)

1. Confidentiality: Data is hosted in AWS/Google Cloud (EU Region) with strict physical and system access controls (MFA, RBAC). All data is encrypted using TLS 1.3 (transfer) and AES-256 (at rest).

2. Integrity: Use of encrypted connections and audit logs to prevent and detect unauthorized data modification.

3. Availability & Resilience: Daily backups with Point-in-Time Recovery (PITR) and high-availability architecture to prevent service interruptions.

4. Testing & Assessment: Automated vulnerability scanning (CI/CD) and annual external penetration testing.

5. AI Safeguards: "Zero Retention" API policy with LLM providers (No Training clause) and data anonymization where feasible.

6. Ephemeral Audio Processing: Implementation of a volatile memory processing pipeline for voice data. Raw audio files are held only in temporary cache during inference and are automatically purged upon completion of the metric extraction, ensuring no biometric raw data persists at rest.

Tukaj je prevod v angleščino, ki je prilagojen specifično za IT revizorje in tvoj Trust Center. Besedilo je profesionalno in uporablja standardno terminologijo, ki jo iščejo varnostni oddelki v Enterprise podjetjih.

Key Highlights (Summary for IT Auditors)

RBAC (Role-Based Access Control): Data access within the DEIK platform is strictly governed by a role-based framework (Admin, Manager, User). This ensures the principle of "least privilege"—no user has access to data or functions beyond what is strictly necessary for their specific role.

SOC2/ISO Alignment: Our internal controls, data management practices, and security protocols are fully aligned with SOC2 Type II and ISO 27001 standards. We maintain a continuous compliance posture to ensure the highest level of operational security and data integrity.

3. Responsible AI

/trust/ai

Dokumenti:

Ethical AI Statement

AI Processing Disclosure

AI Model Transparency Sheet

Ethical AI Statement

Last updated: 17 March 2026

At Ideus, we believe artificial intelligence should enhance human capability while respecting privacy, autonomy, and trust.

The DEIK Strategic Negotiation Simulator is designed as a training system, not a decision-making authority.

1. Human-Centered Design

Our AI systems are designed to support human learning and professional development.

The Platform provides insights and feedback, but users remain responsible for interpreting and applying results.

2. Transparency

Users interacting with the Platform are clearly informed when they are interacting with AI-generated systems.

AI-generated responses and simulation outputs are presented as training feedback, not factual authority.

3. Privacy by Design

We follow the principle of data minimization.

Where possible:

raw audio is processed in real time

only derived performance metrics are stored

sensitive negotiation content remains isolated within customer environments

4. Responsible Use of Data

Customer simulation data is treated as confidential training material.

Ideus d.o.o. does not use customer negotiation data to train global AI models unless explicit permission is provided.

We believe that strategic negotiation data belongs to the organization that generates it.

5. Security and Integrity

AI systems are deployed within secure infrastructure and monitored for:

abnormal behavior

misuse

security threats

Access to sensitive systems is strictly controlled.

6. Fairness and Bias Awareness

Negotiation simulations are designed to focus on:

strategy

communication patterns

timing

We continuously evaluate our systems to reduce unintended bias and improve fairness in simulation outputs.

7. Continuous Improvement

Responsible AI development requires ongoing review.

We regularly update our models, safeguards, and internal processes to align with:

emerging AI governance standards

evolving regulatory requirements

user feedback

8. Commitment

Our goal is to build AI systems that are:

transparent

privacy-respecting

secure

aligned with human judgment

We believe AI should strengthen strategic thinking—not replace it.

AI Processing Disclosure

Last updated: 17 March 2026

This document describes how artificial intelligence systems are used within the DEIK Strategic Negotiation Simulator.

1. Purpose of AI Systems

The Platform uses artificial intelligence models to:

analyze negotiation responses

evaluate response timing

detect speech stability indicators

generate performance feedback

The goal of these systems is to provide training insights for negotiation improvement.

2. Nature of AI Analysis

AI systems may analyze:

textual responses

voice tone characteristics

timing of decisions

behavioral interaction patterns

These analyses are used to produce performance feedback for training purposes.

Human-in-the-Loop & Decision-Making Disclosure

The DEIK Strategic Negotiation Simulator is designed as a training and educational tool. Users expressly acknowledge and agree to the following:

• No Automated Decision-Making: The AI components of the Platform do not perform any automated business, legal, or employment-related decision-making. The system does not have the authority to bind the User or Ideus d.o.o. to any legal or financial obligations.

Advisory Feedback Only: All AI-generated outputs, including opponent responses, tactical evaluations, and post-simulation reports, are provided solely as feedback and training suggestions.

User Responsibility: The final interpretation and application of any AI-generated insight remain at the sole discretion and responsibility of the User. DEIK is a "human-in-the-loop" system, meaning that any strategic action taken in the real world following a simulation is a result of the User's independent judgment.

3. No Automated Decision-Making with Legal Effects

The Platform does not make decisions that produce legal or similarly significant effects on users.

All feedback generated by the system is informational and intended for training purposes only.

4. Model Training Policy

Customer data and simulation content are not used to train global AI models.

Simulation data remains isolated within the customer environment or platform tenant.

5. Data Minimization

The Platform is designed according to the principle of Privacy by Design.

Where possible:

audio is processed in real time

raw audio is not permanently stored

only derived training metrics are retained

6. Transparency

Users interacting with the Platform are informed that they are interacting with AI-driven simulation systems.

AI-generated feedback is clearly labeled.

7. Human Oversight

The Platform is intended as a training and simulation tool.

Interpretation of results remains the responsibility of the user or organization using the system.

Training-Only Limitation: DEIK is a specialized simulation environment. All behavioral feedback and communication indicators are provided for training purposes only. We explicitly disclaim any liability if the Platform is used by the Customer for unauthorized employee monitoring or automated labor-related adjudication.

8. Security and Model Integrity

AI infrastructure is protected through:

encrypted data pipelines

secure inference environments

restricted access controls

monitoring for abnormal system behavior

Voice Data & Biometric Processing: If the User enables voice-based interaction, the Platform processes audio solely to derive communication metrics (e.g., tone, timing, stability). DEIK operates on a "Zero-Storage" principle: all voice recordings are processed in real-time and are immediately and permanently deleted after metric extraction. No raw voice recordings are stored on our servers or used for model training.

9. Responsible AI Commitment

Ideus d.o.o. is committed to developing AI systems that are:

transparent

secure

privacy-preserving

compliant with applicable AI and data protection regulations

AI Model Transparency Sheet

(DEIK Strategic Negotiation Simulator)

Version: 1.0

Last Updated: [DATE]

1. Overview

This document describes the artificial intelligence systems used within the DEIK Strategic Negotiation Simulator.

The purpose of this transparency sheet is to provide clear information regarding:

• how AI models are used in the platform
• what types of data they process
• what decisions they do and do not make
• the safeguards implemented to protect users and organizations

The AI systems used by the platform are designed to support training and skill development in negotiation scenarios.

They are not designed to make autonomous business decisions.

2. Intended Purpose of the AI System

The AI systems in the platform are used to simulate negotiation interactions and provide feedback to users during training sessions.

Typical capabilities include:

• generating simulated negotiation responses
• adapting scenario difficulty
• analyzing response timing and negotiation behavior
• providing performance feedback after simulation sessions

The system is intended exclusively for training, coaching, and professional development.

3. AI System Components

The platform may use several AI components including:

Language Models

Used to generate simulated negotiation dialogue and responses within training scenarios.

These models produce responses based on scenario context and user inputs.

Behavioral Analysis Models

Used to analyze:

• response timing
• negotiation concession patterns
• interaction dynamics

These models produce training feedback metrics.

Voice Pattern Analysis (Optional)

When voice interaction is enabled, the system may analyze:

• speech stability
• vocal intensity patterns
• speaking pace

These indicators help generate feedback on communication behavior during negotiations.

4. Data Used by the AI System

The AI system may process the following categories of data during simulations:

• user text inputs
• voice input streams (when enabled)
• response timing data
• negotiation scenario parameters
• derived behavioral metrics

Data is processed only for the purpose of providing simulation functionality and training insights.

5. Data That Is NOT Used

The platform follows strict data protection principles.

The following data is not used to train global AI models:

• customer negotiation strategies
• simulation transcripts
• voice recordings from users
• company-specific pricing information

Customer simulation data remains isolated within the platform environment.

6. Training Data Sources for AI Models

The AI models used in the platform are trained using a combination of:

• publicly available language data
• licensed datasets
• general negotiation theory content
• synthetic training scenarios

The models are not trained on proprietary negotiation data belonging to customers.

7. Human Oversight

The AI system does not operate autonomously.

Users maintain full control over:

• interpreting simulation results
• applying training insights
• evaluating negotiation strategies

The system provides training feedback, not authoritative decisions.

8. System Limitations

AI-generated simulation responses may contain limitations including:

• incomplete context awareness
• imperfect representation of real-world negotiation dynamics
• potential inaccuracies in generated responses

Simulation results should therefore be interpreted as training guidance rather than predictive outcomes.

9. Bias and Fairness Considerations

Negotiation simulations are designed to focus on:

• strategic communication
• timing and interaction patterns
• scenario-based learning

Ideus d.o.o. continuously reviews system behavior to reduce unintended bias in generated responses.

Feedback mechanisms allow ongoing improvements to simulation quality.

10. Privacy Safeguards

The platform is designed according to Privacy by Design principles.

Safeguards include:

• minimization of stored data
• real-time processing where possible
• encryption of sensitive data
• tenant isolation between organizations

Voice inputs, where used, are processed transiently unless storage is explicitly enabled.

11. Security Safeguards

AI systems operate within secure infrastructure protected by:

• encrypted data transmission
• access-controlled inference environments
• monitoring systems for abnormal activity
• tenant-based data isolation

These controls ensure that AI processing occurs in a secure environment.

12. Risk Classification

Under emerging AI regulatory frameworks such as the EU AI Act, the platform is expected to fall under:

Limited Risk AI Systems

because the system provides training simulations and does not make decisions with legal or significant real-world consequences.

13. Responsible Use Guidelines

Organizations using the platform should ensure that:

• simulations are used for training purposes
• outputs are interpreted as guidance rather than directives
• sensitive business data is entered only in controlled environments

14. Updates to AI Systems

AI systems may be updated periodically to improve:

• simulation quality
• training realism
• system reliability

Major updates that materially affect AI behavior may be communicated to enterprise customers.

15. Contact

Questions related to AI governance or model transparency may be directed to:

ai-governance@[domain].com

4. Data Sovereignty

/trust/data-sovereignty

Customer negotiation data:

is not used to train global AI models

remains isolated per tenant

remains owned by the organization

5. Compliance

/trust/compliance

6. Subprocessors

/trust/subprocessors

Primer:

7. Documents

/trust/documents

Download Library:

Privacy Policy PDF

Terms of Service PDF

Data Processing Agreement (DPA) PDF

Enterprise Security Whitepaper PDF

AI Risk Assessment PDF

3️⃣ ENTERPRISE LEGAL (pošlješ enterprise kupcu)

To so dokumenti, ki jih ne daš javno na web, ampak jih pošlješ:

po demo callu

v procurement procesu

📂 Enterprise Legal

Dokumenti

Data Processing Agreement (DPA)(obvezno za GDPR)

DATA PROCESSING AGREEMENT (DPA)

This Data Processing Agreement ("Agreement") forms part of the Service Agreement between:

Customer ("Controller")

and

Ideus d.o.o. ("Processor")

regarding the processing of personal data within the DEIK Strategic Negotiation Simulator.

1. Subject Matter

This Agreement governs the processing of personal data by Ideus on behalf of the Customer when providing the Platform.

2. Roles of the Parties

Customer acts as the Data Controller.

Ideus acts as the Data Processor.

Ideus processes personal data only according to documented instructions from the Customer.

3. Categories of Data Processed

The Platform may process the following categories of data:

user account information

simulation input data

voice input streams

behavioral performance metrics

system usage logs

4. Categories of Data Subjects

Data subjects may include:

employees

consultants

trainees

authorized users of the Platform

5. Purpose of Processing

Data is processed solely for the purpose of:

providing the negotiation simulator

generating performance feedback

maintaining system security and reliability

6. Processor Obligations

Ideus agrees to:

process personal data only on documented instructions

ensure confidentiality of personnel

implement appropriate technical and organizational security measures

assist the Controller in fulfilling GDPR obligations

notify the Controller of data breaches without undue delay

7. Security Measures

Ideus maintains security measures including:

encryption of data in transit and at rest

logical tenant isolation

role-based access control

regular security audits

vulnerability management processes

8. Subprocessors

Ideus may engage subprocessors to support service delivery, including:

cloud infrastructure providers

security monitoring services

All subprocessors are bound by equivalent data protection obligations.

Customers will be informed of material changes to subprocessors.

9. International Transfers

Where subprocessors process data outside the EEA, Ideus ensures:

Standard Contractual Clauses

appropriate security safeguards

10. Data Breach Notification

Ideus shall notify the Controller without undue delay after becoming aware of a personal data breach.

11. Data Subject Rights

Ideus will assist the Controller in responding to requests from data subjects exercising their GDPR rights.

12. Data Deletion

Upon termination of services, Ideus shall:

delete personal data, or

return personal data to the Controller

unless retention is required by law.

13. Audits

Upon reasonable request, the Controller may request documentation demonstrating Ideus’s compliance with this Agreement.

Independent certifications and security reports may satisfy this requirement.

ANNEX I: DETAILS OF PROCESSING

1. Subject Matter and Duration: Provision of the DEIK Strategic Negotiation Simulator services for the duration of the Service Agreement.

2. Nature and Purpose: Processing personal data to provide simulated negotiation scenarios and generate training feedback.

3. Categories of Data Subjects: Employees, contractors, and authorized users of the Controller.

4. Categories of Personal Data: Name, email, job title, chat transcripts, negotiation inputs, and (optional) communication metrics.

ANNEX II: TECHNICAL AND ORGANIZATIONAL MEASURES (TOMs)

1. Confidentiality: Data is hosted in AWS/Google Cloud (EU Region) with strict physical and system access controls (MFA, RBAC). All data is encrypted using TLS 1.3 (transfer) and AES-256 (at rest).

2. Integrity: Use of encrypted connections and audit logs to prevent and detect unauthorized data modification.

3. Availability & Resilience: Daily backups with Point-in-Time Recovery (PITR) and high-availability architecture to prevent service interruptions.

4. Testing & Assessment: Automated vulnerability scanning (CI/CD) and annual external penetration testing.

5. AI Safeguards: "Zero Retention" API policy with LLM providers (No Training clause) and data anonymization where feasible.

6. Ephemeral Audio Processing: Implementation of a volatile memory processing pipeline for voice data. Raw audio files are held only in temporary cache during inference and are automatically purged upon completion of the metric extraction, ensuring no biometric raw data persists at rest.

ANNEX III: LIST OF SUBPROCESSORS

AI Model Transparency Sheet

AI PROCESSING DISCLOSURE

Last updated: 17 March 2026

This document describes how artificial intelligence systems are used within the DEIK Strategic Negotiation Simulator.

1. Purpose of AI Systems

The Platform uses artificial intelligence models to:

analyze negotiation responses

evaluate response timing

detect speech stability indicators

generate performance feedback

The goal of these systems is to provide training insights for negotiation improvement.

2. Nature of AI Analysis

AI systems may analyze:

textual responses

voice tone characteristics

timing of decisions

behavioral interaction patterns

These analyses are used to produce performance feedback for training purposes.

Human-in-the-Loop & Decision-Making Disclosure

The DEIK Strategic Negotiation Simulator is designed as a training and educational tool. Users expressly acknowledge and agree to the following:

• No Automated Decision-Making: The AI components of the Platform do not perform any automated business, legal, or employment-related decision-making. The system does not have the authority to bind the User or Ideus d.o.o. to any legal or financial obligations.

Advisory Feedback Only: All AI-generated outputs, including opponent responses, tactical evaluations, and post-simulation reports, are provided solely as feedback and training suggestions.

User Responsibility: The final interpretation and application of any AI-generated insight remain at the sole discretion and responsibility of the User. DEIK is a "human-in-the-loop" system, meaning that any strategic action taken in the real world following a simulation is a result of the User's independent judgment.

3. No Automated Decision-Making with Legal Effects

The Platform does not make decisions that produce legal or similarly significant effects on users.

All feedback generated by the system is informational and intended for training purposes only.

4. Model Training Policy

Customer data and simulation content are not used to train global AI models.

Simulation data remains isolated within the customer environment or platform tenant.

5. Data Minimization

The Platform is designed according to the principle of Privacy by Design.

Where possible:

audio is processed in real time

raw audio is not permanently stored

only derived training metrics are retained

6. Transparency

Users interacting with the Platform are informed that they are interacting with AI-driven simulation systems.

AI-generated feedback is clearly labeled.

7. Human Oversight

The Platform is intended as a training and simulation tool.

Interpretation of results remains the responsibility of the user or organization using the system.

Training-Only Limitation: DEIK is a specialized simulation environment. All behavioral feedback and communication indicators are provided for training purposes only. We explicitly disclaim any liability if the Platform is used by the Customer for unauthorized employee monitoring or automated labor-related adjudication.

8. Security and Model Integrity

AI infrastructure is protected through:

encrypted data pipelines

secure inference environments

restricted access controls

monitoring for abnormal system behavior

Voice Data & Biometric Processing: If the User enables voice-based interaction, the Platform processes audio solely to derive communication metrics (e.g., tone, timing, stability). DEIK operates on a "Zero-Storage" principle: all voice recordings are processed in real-time and are immediately and permanently deleted after metric extraction. No raw voice recordings are stored on our servers or used for model training.

9. Responsible AI Commitment

Ideus d.o.o is committed to developing AI systems that are:

transparent

secure

privacy-preserving

compliant with applicable AI and data protection regulations

DEIK ENTERPRISE SECURITY & DATA SOVEREIGNTY WHITEPAPER

Version: 1.0

Last Updated: 17th of March, 2026

1. Introduction

This document describes the security architecture, data protection practices, and data sovereignty principles implemented within the DEIK Strategic Negotiation Simulator (the “Platform”).

The platform is designed for organizations that require a secure environment for training strategic negotiation capabilities using artificial intelligence.

Given the sensitive nature of negotiation simulations—which may include pricing strategies, commercial positioning, and negotiation tactics—Ideus d.o.o has implemented security practices aligned with modern enterprise SaaS standards.

The security framework of the platform is based on the following principles:

• Security by Design
• Privacy by Design
• Data Minimization
• Tenant Isolation
• Confidentiality of Strategic Data

This whitepaper provides transparency into the technical and operational safeguards that protect customer data.

2. Platform Overview

The DEIK Strategic Negotiation Simulator is an AI-assisted training environment that allows users to practice negotiation scenarios through interactive simulations.

The platform includes the following core components:

• Scenario simulation engine
• AI response generation systems
• Voice interaction analysis
• Behavioral performance analytics
• User management and enterprise administration

The system may process various forms of data during simulations including:

• textual responses
• voice input streams
• behavioral timing data
• performance metrics

The platform is intended solely for training and performance analysis purposes.

3. Security Architecture

The platform is built using a layered security architecture designed to protect data at every stage of processing.

The architecture consists of the following layers:

Infrastructure Layer

Secure cloud infrastructure provides:

• network segmentation
• firewall protection
• distributed availability
• automated scaling
• DDoS mitigation

Application Layer

Application-level protections include:

• authentication controls
• access control enforcement
• API protection
• request validation

Data Protection Layer

Data security mechanisms include:

• encryption of data in transit and at rest
• secure storage services
• controlled database access
• internal audit logging

Monitoring Layer

Continuous monitoring systems detect:

• anomalous traffic patterns
• potential intrusion attempts
• unauthorized access attempts
• infrastructure instability

This layered architecture ensures that multiple independent safeguards protect the platform.

4. Encryption and Data Protection

All sensitive data handled by the platform is protected through modern cryptographic standards.

Encryption in Transit

All network communications between users and the platform are encrypted using:

TLS 1.3

This ensures that data transmitted across public networks cannot be intercepted or modified.

Encryption at Rest

Stored data is protected using:

AES-256 encryption

This applies to:

• databases
• storage systems
• backups

Encryption keys are managed using secure key management systems with strict access controls.

5. Tenant Isolation

Enterprise customers operate within logically isolated environments.

Tenant isolation ensures that:

• customer data is separated at the application layer
• database access is restricted per tenant
• user permissions are scoped to their organization

This architecture prevents data from one organization from being visible to another organization.

Isolation mechanisms include:

• tenant-scoped database queries
• tenant access identifiers
• permission-based data access

This approach ensures strong separation between enterprise customers.

6. AI Model Data Policy

The DEIK platform includes artificial intelligence systems that generate simulation responses and analyze negotiation behavior.

To protect customer confidentiality, the following policy applies:

Customer simulation data is not used to train global AI models.

Customer data remains confined to:

• the customer tenant environment
• simulation session analysis systems

Simulation content—including negotiation strategies, pricing information, and business scenarios—remains private to the customer organization.

This policy ensures that strategic negotiation insights are not incorporated into shared models.

7. Voice Data Processing

The platform may analyze voice input during negotiation simulations in order to provide feedback on communication patterns and stress indicators.

Voice processing is designed according to data minimization principles.

Where possible:

• voice input is processed in real time
• raw audio is not permanently stored
• only derived behavioral indicators are retained

Examples of derived indicators include:

• speech stability metrics
• response timing patterns
• vocal intensity indicators

Enterprise customers may configure retention policies for simulation data.

8. Access Control

Access to the platform and internal systems is restricted through multiple control mechanisms.

Authentication

User access requires authenticated accounts.

Security controls include:

• strong password policies
• optional multi-factor authentication
• session management controls

Role-Based Access Control (RBAC)

Users are assigned roles that determine the level of access to platform features.

Roles may include:

• standard users
• training administrators
• enterprise administrators

Access privileges are granted according to the principle of least privilege.

Internal Access Controls

Access to production infrastructure is limited to authorized personnel and is monitored through audit logging.

9. Monitoring and Logging

Security monitoring systems continuously analyze system activity in order to detect anomalies or potential threats.

Monitoring capabilities include:

• infrastructure health monitoring
• authentication event tracking
• suspicious activity detection
• log aggregation and analysis

Audit logs may include:

• login activity
• administrative actions
• system access events

Logs are retained for a limited period for security analysis and incident investigation.

10. Incident Response

Ideus do.o.o. maintains internal procedures for responding to security incidents.

The incident response process includes the following stages:

Detection

Investigation

Containment

Remediation

Notification (when required)

In the event of a confirmed data breach involving personal data, Ideus d.o.o. will follow applicable legal requirements regarding notification.

11. Infrastructure Security Standards

The platform is hosted on secure cloud infrastructure providers that maintain industry-recognized security certifications such as:

• ISO 27001
• SOC 2 Type II (or equivalent)

These standards require strict operational controls including:

• physical data center security
• access monitoring
• redundancy and disaster recovery procedures

Using certified infrastructure helps ensure strong baseline security practices.

12. Data Retention

Ideus d.o.o. follows the principle of retaining data only for as long as necessary.

Typical retention guidelines include:

Account dataRetained while the account is active.

Simulation metricsRetained for performance analytics and training history.

System logsRetained for security monitoring purposes for a limited period.

Audio streamsProcessed transiently unless explicit storage is enabled.

Enterprise customers may configure custom retention policies depending on their organizational requirements.

13. Data Sovereignty

Organizations using the DEIK platform retain control over their negotiation simulation data.

Ideus do.o.o. does not claim ownership over customer simulation inputs or outputs.

Customer data remains:

• isolated within the platform environment
• protected through encryption
• accessible only to authorized users

The platform is designed so that strategic negotiation knowledge remains under the control of the organization that generated it.

14. Continuous Security Improvement

Security is an ongoing process.

Ideus d.o.o. regularly reviews and improves its security practices through:

• infrastructure updates
• vulnerability monitoring
• internal security reviews
• updates to platform architecture

Our objective is to maintain a secure environment that organizations can trust when training sensitive strategic capabilities.

15. Contact

Security questions or vulnerability reports may be directed to:

security@[domain].com

Ideus d.o.o. encourages responsible disclosure of security issues so they can be addressed promptly.

AI MODEL TRANSPARENCY SHEET

(DEIK Strategic Negotiation Simulator)

Version: 1.0

Last Updated: [DATE]

1. Overview

This document describes the artificial intelligence systems used within the DEIK Strategic Negotiation Simulator.

The purpose of this transparency sheet is to provide clear information regarding:

• how AI models are used in the platform
• what types of data they process
• what decisions they do and do not make
• the safeguards implemented to protect users and organizations

The AI systems used by the platform are designed to support training and skill development in negotiation scenarios.

They are not designed to make autonomous business decisions.

2. Intended Purpose of the AI System

The AI systems in the platform are used to simulate negotiation interactions and provide feedback to users during training sessions.

Typical capabilities include:

• generating simulated negotiation responses
• adapting scenario difficulty
• analyzing response timing and negotiation behavior
• providing performance feedback after simulation sessions

The system is intended exclusively for training, coaching, and professional development.

3. AI System Components

The platform may use several AI components including:

Language Models

Used to generate simulated negotiation dialogue and responses within training scenarios.

These models produce responses based on scenario context and user inputs.

Behavioral Analysis Models

Used to analyze:

• response timing
• negotiation concession patterns
• interaction dynamics

These models produce training feedback metrics.

Voice Pattern Analysis (Optional)

When voice interaction is enabled, the system may analyze:

• speech stability
• vocal intensity patterns
• speaking pace

These indicators help generate feedback on communication behavior during negotiations.

4. Data Used by the AI System

The AI system may process the following categories of data during simulations:

• user text inputs
• voice input streams (when enabled)
• response timing data
• negotiation scenario parameters
• derived behavioral metrics

Data is processed only for the purpose of providing simulation functionality and training insights.

5. Data That Is NOT Used

The platform follows strict data protection principles.

The following data is not used to train global AI models:

• customer negotiation strategies
• simulation transcripts
• voice recordings from users
• company-specific pricing information

Customer simulation data remains isolated within the platform environment.

6. Training Data Sources for AI Models

The AI models used in the platform are trained using a combination of:

• publicly available language data
• licensed datasets
• general negotiation theory content
• synthetic training scenarios

The models are not trained on proprietary negotiation data belonging to customers.

7. Human Oversight

The AI system does not operate autonomously.

Users maintain full control over:

• interpreting simulation results
• applying training insights
• evaluating negotiation strategies

The system provides training feedback, not authoritative decisions.

8. System Limitations

AI-generated simulation responses may contain limitations including:

• incomplete context awareness
• imperfect representation of real-world negotiation dynamics
• potential inaccuracies in generated responses

Simulation results should therefore be interpreted as training guidance rather than predictive outcomes.

9. Bias and Fairness Considerations

Negotiation simulations are designed to focus on:

• strategic communication
• timing and interaction patterns
• scenario-based learning

Ideus d.o.o. continuously reviews system behavior to reduce unintended bias in generated responses.

Feedback mechanisms allow ongoing improvements to simulation quality.

10. Privacy Safeguards

The platform is designed according to Privacy by Design principles.

Safeguards include:

• minimization of stored data
• real-time processing where possible
• encryption of sensitive data
• tenant isolation between organizations

Voice inputs, where used, are processed transiently unless storage is explicitly enabled.

11. Security Safeguards

AI systems operate within secure infrastructure protected by:

• encrypted data transmission
• access-controlled inference environments
• monitoring systems for abnormal activity
• tenant-based data isolation

These controls ensure that AI processing occurs in a secure environment.

12. Risk Classification

Under emerging AI regulatory frameworks such as the EU AI Act, the platform is expected to fall under:

Limited Risk AI Systems

because the system provides training simulations and does not make decisions with legal or significant real-world consequences.

13. Responsible Use Guidelines

Organizations using the platform should ensure that:

• simulations are used for training purposes
• outputs are interpreted as guidance rather than directives
• sensitive business data is entered only in controlled environments

14. Updates to AI Systems

AI systems may be updated periodically to improve:

• simulation quality
• training realism
• system reliability

Major updates that materially affect AI behavior may be communicated to enterprise customers.

15. Contact

Questions related to AI governance or model transparency may be directed to:

ai-governance@[domain].com

AI Risk Assessment

This section contains the deeper legal and security documentation typically shared after a demo, during procurement, or during enterprise due diligence.

DATA PROCESSING AGREEMENT (DPA)

This Data Processing Agreement ("Agreement") forms part of the Service Agreement between:

Customer ("Controller")

and

Ideus d.o.o. ("Processor")

regarding the processing of personal data within the DEIK Strategic Negotiation Simulator.

1. Subject Matter

This Agreement governs the processing of personal data by Ideus on behalf of the Customer when providing the Platform.

2. Roles of the Parties

Customer acts as the Data Controller.

Ideus acts as the Data Processor.

Ideus processes personal data only according to documented instructions from the Customer.

3. Categories of Data Processed

The Platform may process the following categories of data:

user account information

simulation input data

voice input streams

behavioral performance metrics

system usage logs

4. Categories of Data Subjects

Data subjects may include:

employees

consultants

trainees

authorized users of the Platform

5. Purpose of Processing

Data is processed solely for the purpose of:

providing the negotiation simulator

generating performance feedback

maintaining system security and reliability

6. Processor Obligations

Ideus agrees to:

process personal data only on documented instructions

ensure confidentiality of personnel

implement appropriate technical and organizational security measures

assist the Controller in fulfilling GDPR obligations

notify the Controller of data breaches without undue delay

7. Security Measures

Ideus maintains security measures including:

encryption of data in transit and at rest

logical tenant isolation

role-based access control

regular security audits

vulnerability management processes

8. Subprocessors

Ideus may engage subprocessors to support service delivery, including:

cloud infrastructure providers

security monitoring services

All subprocessors are bound by equivalent data protection obligations.

Customers will be informed of material changes to subprocessors.

9. International Transfers

Where subprocessors process data outside the EEA, Ideus ensures:

Standard Contractual Clauses

appropriate security safeguards

10. Data Breach Notification

Ideus shall notify the Controller without undue delay after becoming aware of a personal data breach.

11. Data Subject Rights

Ideus will assist the Controller in responding to requests from data subjects exercising their GDPR rights.

12. Data Deletion

Upon termination of services, Ideus shall:

delete personal data, or

return personal data to the Controller

unless retention is required by law.

13. Audits

Upon reasonable request, the Controller may request documentation demonstrating Ideus’s compliance with this Agreement.

Independent certifications and security reports may satisfy this requirement.

ANNEX I: DETAILS OF PROCESSING

1. Subject Matter and Duration: Provision of the DEIK Strategic Negotiation Simulator services for the duration of the Service Agreement.

2. Nature and Purpose: Processing personal data to provide simulated negotiation scenarios and generate training feedback.

3. Categories of Data Subjects: Employees, contractors, and authorized users of the Controller.

4. Categories of Personal Data: Name, email, job title, chat transcripts, negotiation inputs, and (optional) communication metrics.

ANNEX II: TECHNICAL AND ORGANIZATIONAL MEASURES (TOMs)

1. Confidentiality: Data is hosted in AWS/Google Cloud (EU Region) with strict physical and system access controls (MFA, RBAC). All data is encrypted using TLS 1.3 (transfer) and AES-256 (at rest).

2. Integrity: Use of encrypted connections and audit logs to prevent and detect unauthorized data modification.

3. Availability & Resilience: Daily backups with Point-in-Time Recovery (PITR) and high-availability architecture to prevent service interruptions.

4. Testing & Assessment: Automated vulnerability scanning (CI/CD) and annual external penetration testing.

5. AI Safeguards: "Zero Retention" API policy with LLM providers (No Training clause) and data anonymization where feasible.

6. Ephemeral Audio Processing: Implementation of a volatile memory processing pipeline for voice data. Raw audio files are held only in temporary cache during inference and are automatically purged upon completion of the metric extraction, ensuring no biometric raw data persists at rest.

ANNEX III: LIST OF SUBPROCESSORS

AI RISK ASSESSMENT

(DEIK Strategic Negotiation Simulator)

Version: 1.0

Last Updated: [DATE]

1. Purpose of This Assessment

This document evaluates potential risks associated with the artificial intelligence systems used within the DEIK Strategic Negotiation Simulator.

The purpose of this assessment is to:

• identify potential risks arising from AI usage
• evaluate the likelihood and impact of those risks
• describe safeguards implemented to mitigate them
• align internal governance with the EU Artificial Intelligence Act

This assessment supports Ideus d.o.o. commitment to responsible AI deployment.

2. Description of the AI System

The DEIK Strategic Negotiation Simulator is an AI-assisted training platform designed to simulate negotiation scenarios and provide performance feedback.

The AI system performs the following functions:

• generation of simulated negotiation dialogue
• analysis of negotiation interaction patterns
• generation of training feedback
• optional analysis of voice interaction patterns

The system operates as an interactive training environment and does not autonomously execute real-world actions.

3. Intended Use

The platform is intended for:

• negotiation training
• professional development
• coaching environments
• internal corporate training programs

The system is not designed for:

• automated decision-making in business transactions
• legal advice
• financial decision automation
• personnel evaluation or hiring decisions

4. AI Risk Classification

Based on the current framework of the EU Artificial Intelligence Act, the DEIK Strategic Negotiation Simulator is expected to fall within the category of:

Limited Risk AI Systems

Reasons include:

• the system provides simulated training scenarios
• it does not determine access to employment, credit, or public services
• it does not perform biometric identification
• it does not autonomously execute decisions with legal consequences

Users are informed when interacting with AI-generated content, which satisfies transparency requirements.

5. Risk Identification

The following categories of risk were evaluated.

5.1 Data Privacy Risk

AI systems process user inputs which may include business information or communication patterns.

Potential risks include:

• unintended exposure of sensitive negotiation information
• improper handling of voice interaction data
• unauthorized access to simulation transcripts

5.2 Confidential Business Information Risk

Negotiation simulations may contain sensitive commercial strategies such as:

• pricing structures
• negotiation tactics
• business positioning

Exposure of this information could harm organizations.

5.3 AI Output Reliability Risk

AI-generated responses may:

• contain inaccuracies
• simplify complex negotiation dynamics
• fail to fully represent real-world negotiation behavior
• Users may misinterpret simulation results if used outside their intended context.

5.4 Bias Risk

AI-generated responses could potentially reflect unintended patterns or biases originating from training data.

While negotiation simulations are not designed to evaluate individuals, bias in responses could affect the perceived realism of training scenarios.

5.5 Security Risk

AI systems processing user interaction data could become a target for unauthorized access attempts.

Risks include:

• unauthorized system access
• data exfiltration attempts
• infrastructure vulnerabilities

6. Risk Mitigation Measures

Ideus d.o.o. implements several safeguards to mitigate identified risks.

6.1 Privacy Safeguards

Privacy protections include:

• data minimization
• encryption of data in transit and at rest
• controlled access to production systems
• tenant isolation between organizations

Where possible, audio inputs are processed in real time and not permanently stored.

6.2 Data Isolation

Customer data remains isolated within tenant environments.

The platform enforces logical separation between organizations to ensure that:

• customer simulation data cannot be accessed by other organizations
• training interactions remain confidential

6.3 AI Model Data Policy

Customer simulation data is not used to train global AI models.

Negotiation strategies, transcripts, and voice interactions remain confined to the customer environment.

This safeguard prevents sensitive business knowledge from influencing shared AI systems.

6.4 Human Oversight

AI outputs are designed to support training rather than replace human decision-making.

Users maintain full responsibility for interpreting training results.

The system does not make automated decisions with legal or business consequences.

6.5 Security Controls

Technical safeguards include:

• encryption standards (TLS 1.3, AES-256)
• access control policies
• security monitoring and logging
• incident response procedures

These controls reduce the likelihood of unauthorized access.

7. Transparency Measures

To ensure transparency, Ideus d.o.o. provides the following documentation:

• Privacy Policy
• AI Processing Disclosure
• AI Model Transparency Sheet
• Security & Data Sovereignty documentation

Users interacting with the platform are informed that they are interacting with AI-generated simulations.

8. Residual Risk Assessment

After applying the safeguards described above, residual risk is assessed as:

Low to Moderate Risk

Primary residual risks relate to:

• user misinterpretation of simulation outputs
• potential exposure of confidential business content if users voluntarily input such data

These risks are mitigated through transparency, access controls, and data isolation mechanisms.

9. Monitoring and Review

Ideus d.o.o. periodically reviews AI system risks through:

• internal governance reviews
• updates to system architecture
• monitoring of emerging regulatory guidance

This risk assessment may be updated as regulatory frameworks evolve.

10. Governance

AI governance within Ideus d.o.o. is guided by the following principles:

• responsible AI deployment
• privacy protection
• transparency of AI behavior
• security of customer data

These principles support safe and trustworthy use of AI technology.

11. Contact

Questions regarding AI risk governance may be directed to:

ai-governance@[domain].com

4️⃣ ENTERPRISE SECURITY (sales proces)

To je security pack, ki ga pošlješ IT oddelku.

📂 Enterprise Security

Dokumenti

1️⃣ Enterprise Security Overview (1 page)→ po demo callu

DEIK ENTERPRISE SECURITY OVERVIEW

Strategic Negotiation Simulator

Version: 1.0

Last Updated: [DATE]

Platform Summary

The DEIK Strategic Negotiation Simulator is an AI-assisted training platform that enables professionals to practice negotiation scenarios in a controlled simulation environment.

The platform generates simulated negotiation interactions and provides behavioral feedback to improve communication and negotiation performance.

The system is designed strictly as a training environment and does not execute automated decisions affecting business, legal, or financial outcomes.

Security Architecture

The platform is built using a layered security architecture designed to protect sensitive enterprise data.

Core protections include:

• secure cloud infrastructure
• network isolation and traffic filtering
• encrypted communications (TLS 1.3)
• encrypted storage (AES-256)
• role-based access control (RBAC)
• continuous monitoring and logging

Access to production systems is restricted to authorized personnel.

Data Protection

Customer data is protected according to privacy-by-design principles.

Key safeguards include:

• encryption of data in transit and at rest
• strict access control policies
• tenant-level data isolation
• monitoring and incident response procedures

Organizations retain ownership and control of their simulation data.

AI Data Policy

The platform enforces strict policies regarding AI model usage.

Customer data is not used to train global AI models.

This includes:

• negotiation transcripts
• company strategies
• pricing information
• voice interaction data

Customer simulation content remains confined to the organization’s platform environment.

Data Sovereignty

Organizations maintain full ownership of their negotiation training data.

The platform ensures:

• logical isolation between organizations
• restricted internal access to production systems
• encrypted storage and transmission of sensitive data

Strategic business knowledge generated during simulations remains the property of the organization that created it.

AI Transparency

Artificial intelligence within the platform is used to generate simulated negotiation dialogue and provide training feedback.

The system does not perform automated business decision-making.

Users are informed when interacting with AI-generated simulations.

Supporting documentation includes:

• AI Model Transparency Sheet
• AI Risk Assessment
• Ethical AI Statement

Compliance and Governance

The platform is designed to support enterprise compliance requirements including:

• GDPR data protection principles
• Privacy by Design architecture
• responsible AI governance

Available documentation includes:

• Privacy Policy
• Data Processing Agreement
• Security & Data Sovereignty documentation
• Enterprise Security Whitepaper

Enterprise Security Documentation

Additional materials available upon request:

• Enterprise Security Whitepaper
• Security Questionnaire Response Pack
• AI Risk Assessment
• AI Model Transparency Sheet

Contact

Security and compliance inquiries:

security@[domain].com

Kako se ta dokument uporablja v prodaji (pomembno)

Enterprise SaaS običajno uporablja 3 nivoje dokumentov:

1️⃣ One-Page Security Overview

pošlješ takoj po demo callu

→ cilj: odpre vrata security reviewu

2️⃣ Enterprise Security Pack

če rečejo: “send security documentation”

→ 10 strani

3️⃣ Security Questionnaire

če procurement začne proces

→ 100–300 vprašanj

2️⃣ Enterprise Security Pack (10 pages)→ ko rečejo send security documentation

DEIK ENTERPRISE SECURITY PACK

Strategic Negotiation Simulator

Version: 1.0

Last Updated: [DATE]

1. Introduction

Organizations using the DEIK Strategic Negotiation Simulator often train high-stakes commercial scenarios that may include sensitive strategic information such as pricing strategies, negotiation tactics, and commercial positioning.

Protecting this information is a core design principle of the platform.

This document provides an overview of the security, privacy, and AI governance practices implemented within the DEIK platform to protect customer data and ensure responsible AI deployment.

The platform has been designed around four core principles:

• Security by Design
• Privacy by Design
• Responsible AI Governance
• Data Sovereignty

2. Platform Overview

The DEIK Strategic Negotiation Simulator is an AI-assisted training platform designed to help professionals practice negotiation scenarios in a controlled simulation environment.

Core platform capabilities include:

• AI-generated negotiation simulations
• interactive dialogue-based training
• behavioral performance feedback
• optional voice interaction analysis
• enterprise user management

The platform is intended solely for training and skill development purposes.

It is not designed to autonomously execute real-world decisions.

3. Security Architecture

The platform is built using a layered security architecture designed to protect customer data throughout the system lifecycle.

Security controls include:

Infrastructure LayerSecure cloud infrastructure with network isolation, traffic filtering, and infrastructure monitoring.

Application LayerApplication-level protections including authentication controls, API protection, and access enforcement.

Data Protection LayerEncryption, secure storage, and restricted database access.

Monitoring LayerContinuous monitoring systems that detect anomalous system behavior or security threats.

This layered approach ensures that multiple independent safeguards protect sensitive data.

4. Encryption

The platform protects data using modern encryption standards.

Data in TransitAll communications between users and the platform are encrypted using TLS 1.3.

Data at RestSensitive stored data is protected using AES-256 encryption.

Encryption keys are managed using secure key management systems with restricted access controls.

5. Data Isolation and Tenant Architecture

The platform supports enterprise multi-tenant architecture with strong isolation controls.

Key safeguards include:

• tenant-scoped application logic
• tenant-specific access permissions
• logical data separation
• restricted database access paths

These mechanisms ensure that one organization cannot access another organization’s data.

6. Data Sovereignty

Organizations retain ownership and control of their simulation data.

Ideus d.o.o. does not claim ownership of customer inputs or outputs generated within simulations.

Customer data remains:

• isolated within platform tenant environments
• encrypted during storage and transmission
• accessible only to authorized users

Strategic negotiation knowledge remains the property of the organization that generated it.

7. AI Model Governance

Artificial intelligence is used within the platform to generate simulated negotiation responses and provide training feedback.

AI capabilities include:

• scenario dialogue generation
• negotiation behavior analysis
• response timing evaluation
• communication feedback

The system operates as a training simulation tool, not an automated decision system.

AI-generated outputs are informational and intended to support learning.

8. AI Data Policy

The DEIK platform enforces strict policies regarding training data.

Customer negotiation data is not used to train global AI models.

This includes:

• simulation transcripts
• negotiation strategies
• company pricing information
• voice interaction data

Customer simulation content remains confined to the platform environment.

This policy ensures that sensitive strategic information cannot influence shared AI systems.

9. Voice Interaction Processing

When enabled, the platform may analyze voice input to provide communication feedback.

Examples of analyzed indicators include:

• speech stability
• speaking pace
• vocal intensity patterns

Voice data is processed according to data minimization principles.

Where possible:

• audio is processed in real time
• raw audio is not permanently stored
• only derived behavioral metrics are retained

Enterprise administrators may configure data retention policies.

10. Access Control

Access to the platform is governed through identity and permission controls.

User Authentication

Users access the system through authenticated accounts secured by password protection and optional multi-factor authentication.

Role-Based Access Control (RBAC)

User permissions are controlled through role assignments such as:

• user
• training administrator
• enterprise administrator

Internal System Access

Access to production systems is restricted to authorized personnel and monitored through audit logging.

11. Monitoring and Incident Response

The platform continuously monitors system activity for operational stability and security threats.

Monitoring capabilities include:

• authentication activity tracking
• infrastructure monitoring
• anomaly detection
• log analysis

Ideus d.o.o. maintains internal incident response procedures covering:

Detection

Investigation

Containment

Remediation

Customer notification when required

12. Data Retention

The platform follows a data minimization approach.

Typical retention patterns include:

Account dataRetained while accounts remain active.

Simulation metricsRetained for training history and analytics.

System logsRetained temporarily for monitoring and investigation.

Voice inputProcessed transiently unless explicit storage is enabled.

Enterprise customers may configure retention policies based on internal compliance requirements.

13. Privacy and Regulatory Compliance

The platform is designed to support compliance with major data protection frameworks including:

• GDPR (General Data Protection Regulation)
• Privacy by Design principles
• enterprise data protection standards

Supporting documentation includes:

• Privacy Policy
• Data Processing Agreement
• AI Model Transparency Sheet
• AI Risk Assessment
• Security Whitepaper

14. Responsible AI Principles

Ideus d.o.o. is committed to responsible AI development.

Key principles include:

Human OversightAI systems support training but do not replace human decision-making.

TransparencyUsers are informed when interacting with AI-generated simulations.

Privacy ProtectionCustomer data is not used to train shared AI models.

SecurityAI processing occurs within secure infrastructure environments.

15. Security Documentation

Additional documentation available for enterprise customers includes:

• Enterprise Security Whitepaper
• Security Questionnaire Response Pack
• AI Model Transparency Sheet
• AI Risk Assessment
• Data Processing Agreement

These materials provide deeper technical and regulatory information regarding platform operations.

16. Contact

Security and compliance inquiries may be directed to:

security@[domain].com

Responsible disclosure of potential vulnerabilities is encouraged and appreciated.

Kako se ta dokument uporablja v praksi

Ta Enterprise Security Pack pošlješ:

po demo callu

ko enterprise reče “send us your security documentation”

pred security reviewom

Tipično ga pošljejo podjetja kot:

Stripe

Notion

OpenAI

3️⃣ Security Questionnaire Response Pack→ ko procurement začne proces

Enterprise Security Questionnaire Response Pack

Company: Ideus d.o.o.Product: DEIK Strategic Negotiation SimulatorVersion: 1.0

Last Updated: [DATE]

This document provides standardized responses to common enterprise security and privacy questionnaires regarding the DEIK Strategic Negotiation Simulator.

The platform is designed to provide secure AI-powered negotiation training environments while protecting sensitive strategic business data.

1. Company Security Governance

Q: Does your organization maintain formal security policies?

Yes. Ideus maintains internal security policies covering:

• information security
• access control
• incident response
• data protection
• vulnerability management

These policies are reviewed periodically and updated as required.

Q: Who is responsible for security oversight?

Security oversight is managed by designated internal leadership responsible for infrastructure security, data protection, and platform integrity.

Q: Do employees receive security training?

• Yes. Personnel with access to production systems receive training related to:
• security awareness
• confidentiality obligations
• secure system access practices

2. Infrastructure Security

Q: Where is your infrastructure hosted?

The platform is hosted on secure cloud infrastructure providers that maintain recognized security certifications such as ISO 27001 and SOC 2 Type II (or equivalent).

Q: Is network traffic encrypted?

• Yes. All network traffic between users and the platform is encrypted using TLS 1.3.

Q: Is stored data encrypted?

• Yes. Sensitive data is protected using AES-256 encryption at rest.

Q: Is your infrastructure protected from DDoS attacks?

• Yes. The platform leverages infrastructure-level protection mechanisms provided by cloud providers including traffic filtering and distributed mitigation capabilities.

3. Access Control

Q: How do users authenticate to the platform?

Users authenticate through secure account credentials.

Optional security features may include:

• multi-factor authentication
• session management controls

Q: Do you support role-based access control?

• Yes. The platform implements Role-Based Access Control (RBAC) allowing organizations to assign different permission levels to users.

Typical roles include:

• standard user
• training administrator
• enterprise administrator

Q: How is internal access to production systems controlled?

Access to production infrastructure is restricted to authorized personnel and governed by strict access control policies.

Administrative actions are logged.

4. Data Protection

Q: What types of data does the platform process?

The platform may process:

• account information
• simulation inputs
• voice input streams
• negotiation performance metrics
• platform usage logs

Q: Is customer data used to train AI models?

• No. Customer negotiation data is not used to train global AI models.

Simulation content remains confined to the customer environment or platform tenant.

Q: How is sensitive negotiation data protected?

Strategic simulation data is protected through:

• tenant isolation
• encryption
• access controls
• secure infrastructure hosting

5. AI System Governance

Q: Does your platform use artificial intelligence?

Yes. AI systems are used to:

• generate negotiation simulation responses
• analyze negotiation timing patterns
• produce performance feedback

Q: Does the system make automated decisions about users?

• No. AI-generated outputs are informational and intended for training purposes only.

The system does not make legally binding decisions.

Q: Is user data used to train AI models?

• No. Customer data is not incorporated into global AI model training datasets.

6. Voice Data Processing

Q: Does the system process voice data?

• Yes. Voice input may be analyzed during negotiation simulations to detect communication patterns and stress indicators.

Q: Is voice data stored?

Where possible, voice data is processed transiently in memory and not permanently stored.

Derived metrics such as speech stability indicators may be retained for training feedback.

7. Logging and Monitoring

Q: Do you maintain audit logs?

• Yes. The platform maintains logs for security monitoring and operational stability.

Logs may include:

• authentication events
• system activity
• administrative actions

Q: How are logs used?

Logs support:

• security monitoring
• anomaly detection
• incident investigation

Logs are retained only for a limited period.

8. Incident Response

Q: Do you maintain an incident response process?

• Yes. Ideus d.o.o. maintains internal procedures for identifying and responding to security incidents.

The process includes:

Detection

Investigation

Containment

Remediation

Notification when legally required

Q: Are customers notified of data breaches?

• Yes. If a breach involving customer personal data occurs, customers will be notified in accordance with applicable legal requirements.

9. Data Retention

Q: How long is data retained?

Retention periods vary by data category.

Typical retention includes:

Account dataRetained while the account remains active.

Simulation metricsRetained for training history and performance analytics.

System logsRetained for security monitoring purposes.

Audio streamsProcessed transiently unless explicitly stored.

Enterprise customers may configure retention policies.

10. Data Ownership

Q: Who owns simulation data?

Customers retain ownership of their simulation inputs and outputs.

Ideus d.o.o. does not claim ownership of customer negotiation content.

11. Subprocessors

Q: Do you use subprocessors?

Yes. Subprocessors may be used for:

• cloud infrastructure hosting
• monitoring services
• communication services

Subprocessors are contractually required to maintain appropriate security safeguards.

12. Compliance

Q: Is your platform designed for GDPR compliance?

• Yes. The platform follows principles aligned with the General Data Protection Regulation including:
• data minimization
• privacy by design
• transparency
• data subject rights support

Q: Do you provide a Data Processing Agreement (DPA)?

• Yes. A DPA is available for enterprise customers and defines roles, responsibilities, and safeguards for personal data processing.

13. Contact

Security and privacy inquiries may be directed to:

security@[domain].com

5️⃣ INTERNAL ONLY (ne deliš javno)

To je folder za sales / legal / compliance.

📂 Internal Compliance

Tukaj ostane:

AI Risk Assessment (interni governance)

Security Questionnaire (master verzija)

Subprocessor list

Incident response procedure

To se uporablja samo:

pri enterprise due diligence

pri auditih

AI Risk Assessment (interni governance)

AI RISK ASSESSMENT

(DEIK Strategic Negotiation Simulator)

Version: 1.0

Last Updated: [DATE]

1. Purpose of This Assessment

This document evaluates potential risks associated with the artificial intelligence systems used within the DEIK Strategic Negotiation Simulator.

The purpose of this assessment is to:

• identify potential risks arising from AI usage
• evaluate the likelihood and impact of those risks
• describe safeguards implemented to mitigate them
• align internal governance with the EU Artificial Intelligence Act

This assessment supports Ideus d.o.o. commitment to responsible AI deployment.

2. Description of the AI System

The DEIK Strategic Negotiation Simulator is an AI-assisted training platform designed to simulate negotiation scenarios and provide performance feedback.

The AI system performs the following functions:

• generation of simulated negotiation dialogue
• analysis of negotiation interaction patterns
• generation of training feedback
• optional analysis of voice interaction patterns

The system operates as an interactive training environment and does not autonomously execute real-world actions.

3. Intended Use

The platform is intended for:

• negotiation training
• professional development
• coaching environments
• internal corporate training programs

The system is not designed for:

• automated decision-making in business transactions
• legal advice
• financial decision automation
• personnel evaluation or hiring decisions

4. AI Risk Classification

Based on the current framework of the EU Artificial Intelligence Act, the DEIK Strategic Negotiation Simulator is expected to fall within the category of:

Limited Risk AI Systems

Reasons include:

• the system provides simulated training scenarios
• it does not determine access to employment, credit, or public services
• it does not perform biometric identification
• it does not autonomously execute decisions with legal consequences

Users are informed when interacting with AI-generated content, which satisfies transparency requirements.

5. Risk Identification

The following categories of risk were evaluated.

5.1 Data Privacy Risk

AI systems process user inputs which may include business information or communication patterns.

Potential risks include:

• unintended exposure of sensitive negotiation information
• improper handling of voice interaction data
• unauthorized access to simulation transcripts

5.2 Confidential Business Information Risk

Negotiation simulations may contain sensitive commercial strategies such as:

• pricing structures
• negotiation tactics
• business positioning

Exposure of this information could harm organizations.

5.3 AI Output Reliability Risk

AI-generated responses may:

• contain inaccuracies
• simplify complex negotiation dynamics
• fail to fully represent real-world negotiation behavior
• Users may misinterpret simulation results if used outside their intended context.

5.4 Bias Risk

AI-generated responses could potentially reflect unintended patterns or biases originating from training data.

While negotiation simulations are not designed to evaluate individuals, bias in responses could affect the perceived realism of training scenarios.

5.5 Security Risk

AI systems processing user interaction data could become a target for unauthorized access attempts.

Risks include:

• unauthorized system access
• data exfiltration attempts
• infrastructure vulnerabilities

6. Risk Mitigation Measures

Ideus d.o.o. implements several safeguards to mitigate identified risks.

6.1 Privacy Safeguards

Privacy protections include:

• data minimization
• encryption of data in transit and at rest
• controlled access to production systems
• tenant isolation between organizations

Where possible, audio inputs are processed in real time and not permanently stored.

6.2 Data Isolation

Customer data remains isolated within tenant environments.

The platform enforces logical separation between organizations to ensure that:

• customer simulation data cannot be accessed by other organizations
• training interactions remain confidential

6.3 AI Model Data Policy

Customer simulation data is not used to train global AI models.

Negotiation strategies, transcripts, and voice interactions remain confined to the customer environment.

This safeguard prevents sensitive business knowledge from influencing shared AI systems.

6.4 Human Oversight

AI outputs are designed to support training rather than replace human decision-making.

Users maintain full responsibility for interpreting training results.

The system does not make automated decisions with legal or business consequences.

6.5 Security Controls

Technical safeguards include:

• encryption standards (TLS 1.3, AES-256)
• access control policies
• security monitoring and logging
• incident response procedures

These controls reduce the likelihood of unauthorized access.

7. Transparency Measures

To ensure transparency, Ideus d.o.o. provides the following documentation:

• Privacy Policy
• AI Processing Disclosure
• AI Model Transparency Sheet
• Security & Data Sovereignty documentation

Users interacting with the platform are informed that they are interacting with AI-generated simulations.

8. Residual Risk Assessment

After applying the safeguards described above, residual risk is assessed as:

Low to Moderate Risk

Primary residual risks relate to:

• user misinterpretation of simulation outputs
• potential exposure of confidential business content if users voluntarily input such data

These risks are mitigated through transparency, access controls, and data isolation mechanisms.

9. Monitoring and Review

Ideus d.o.o. periodically reviews AI system risks through:

• internal governance reviews
• updates to system architecture
• monitoring of emerging regulatory guidance

This risk assessment may be updated as regulatory frameworks evolve.

10. Governance

AI governance within Ideus d.o.o. is guided by the following principles:

• responsible AI deployment
• privacy protection
• transparency of AI behavior
• security of customer data

These principles support safe and trustworthy use of AI technology.

11. Contact

Questions regarding AI risk governance may be directed to:

ai-governance@[domain].com

Security Questionnaire (master verzija)

Enterprise Security Questionnaire Response Pack

Company: Ideus d.o.o.Product: DEIK Strategic Negotiation SimulatorVersion: 1.0

Last Updated: [DATE]

This document provides standardized responses to common enterprise security and privacy questionnaires regarding the DEIK Strategic Negotiation Simulator.

The platform is designed to provide secure AI-powered negotiation training environments while protecting sensitive strategic business data.

1. Company Security Governance

Q: Does your organization maintain formal security policies?

Yes. Ideus maintains internal security policies covering:

• information security
• access control
• incident response
• data protection
• vulnerability management

These policies are reviewed periodically and updated as required.

Q: Who is responsible for security oversight?

Security oversight is managed by designated internal leadership responsible for infrastructure security, data protection, and platform integrity.

Q: Do employees receive security training?

• Yes. Personnel with access to production systems receive training related to:
• security awareness
• confidentiality obligations
• secure system access practices

2. Infrastructure Security

Q: Where is your infrastructure hosted?

The platform is hosted on secure cloud infrastructure providers that maintain recognized security certifications such as ISO 27001 and SOC 2 Type II (or equivalent).

Q: Is network traffic encrypted?

• Yes. All network traffic between users and the platform is encrypted using TLS 1.3.

Q: Is stored data encrypted?

• Yes. Sensitive data is protected using AES-256 encryption at rest.

Q: Is your infrastructure protected from DDoS attacks?

• Yes. The platform leverages infrastructure-level protection mechanisms provided by cloud providers including traffic filtering and distributed mitigation capabilities.

3. Access Control

Q: How do users authenticate to the platform?

Users authenticate through secure account credentials.

Optional security features may include:

• multi-factor authentication
• session management controls

Q: Do you support role-based access control?

• Yes. The platform implements Role-Based Access Control (RBAC) allowing organizations to assign different permission levels to users.

Typical roles include:

• standard user
• training administrator
• enterprise administrator

Q: How is internal access to production systems controlled?

Access to production infrastructure is restricted to authorized personnel and governed by strict access control policies.

Administrative actions are logged.

4. Data Protection

Q: What types of data does the platform process?

The platform may process:

• account information
• simulation inputs
• voice input streams
• negotiation performance metrics
• platform usage logs

Q: Is customer data used to train AI models?

• No. Customer negotiation data is not used to train global AI models.

Simulation content remains confined to the customer environment or platform tenant.

Q: How is sensitive negotiation data protected?

Strategic simulation data is protected through:

• tenant isolation
• encryption
• access controls
• secure infrastructure hosting

5. AI System Governance

Q: Does your platform use artificial intelligence?

Yes. AI systems are used to:

• generate negotiation simulation responses
• analyze negotiation timing patterns
• produce performance feedback

Q: Does the system make automated decisions about users?

• No. AI-generated outputs are informational and intended for training purposes only.

The system does not make legally binding decisions.

Q: Is user data used to train AI models?

• No. Customer data is not incorporated into global AI model training datasets.

6. Voice Data Processing

Q: Does the system process voice data?

• Yes. Voice input may be analyzed during negotiation simulations to detect communication patterns and stress indicators.

Q: Is voice data stored?

Where possible, voice data is processed transiently in memory and not permanently stored.

Derived metrics such as speech stability indicators may be retained for training feedback.

7. Logging and Monitoring

Q: Do you maintain audit logs?

• Yes. The platform maintains logs for security monitoring and operational stability.

Logs may include:

• authentication events
• system activity
• administrative actions

Q: How are logs used?

Logs support:

• security monitoring
• anomaly detection
• incident investigation

Logs are retained only for a limited period.

8. Incident Response

Q: Do you maintain an incident response process?

• Yes. Ideus d.o.o. maintains internal procedures for identifying and responding to security incidents.

The process includes:

Detection

Investigation

Containment

Remediation

Notification when legally required

Q: Are customers notified of data breaches?

• Yes. If a breach involving customer personal data occurs, customers will be notified in accordance with applicable legal requirements.

9. Data Retention

Q: How long is data retained?

Retention periods vary by data category.

Typical retention includes:

Account dataRetained while the account remains active.

Simulation metricsRetained for training history and performance analytics.

System logsRetained for security monitoring purposes.

Audio streamsProcessed transiently unless explicitly stored.

Enterprise customers may configure retention policies.

10. Data Ownership

Q: Who owns simulation data?

Customers retain ownership of their simulation inputs and outputs.

Ideus d.o.o. does not claim ownership of customer negotiation content.

11. Subprocessors

Q: Do you use subprocessors?

Yes. Subprocessors may be used for:

• cloud infrastructure hosting
• monitoring services
• communication services

Subprocessors are contractually required to maintain appropriate security safeguards.

12. Compliance

Q: Is your platform designed for GDPR compliance?

• Yes. The platform follows principles aligned with the General Data Protection Regulation including:
• data minimization
• privacy by design
• transparency
• data subject rights support

Q: Do you provide a Data Processing Agreement (DPA)?

• Yes. A DPA is available for enterprise customers and defines roles, responsibilities, and safeguards for personal data processing.

13. Contact

Security and privacy inquiries may be directed to:

security@[domain].com

Subprocessor list

Subprocessors

/trust/subprocessors

Primer:

Incident response procedure

Incident Response Framework

Ideus d.o.o. operates a rigorous Incident Response Plan (IRP) aligned with NIST SP 800-61 standards to ensure rapid containment and transparent communication.

1. Detection & Identification

24/7 Automated Monitoring: Continuous surveillance of infrastructure logs, traffic anomalies, and unauthorized access attempts.

Centralized Alerting: Real-time integration with security orchestration tools to identify potential breaches within minutes.

2. Investigation & Triage

Dedicated SIRT (Security Incident Response Team): Immediate activation of internal experts to assess the scope, impact, and root cause of the incident.

Evidence Preservation: Strict forensic protocols to ensure all system logs and data snapshots are preserved for post-incident analysis.

3. Containment & Remediation

Immediate Isolation: Automated and manual protocols to isolate affected sub-systems or network segments (Tenant Isolation) to prevent lateral movement.

Patching & Hardening: Rapid deployment of security patches and configuration audits to eliminate the vulnerability.

4. Data Breach Notification (The Enterprise Guarantee)

Transparency First: In the event of a verified data breach involving personal data, Ideus d.o.o. commits to notifying the affected Customer's designated Security Point of Contact without undue delay.

SLA Commitment: Notification will occur within 48 to 72 hours (or as mandated by applicable law/DPA) after the breach has been confirmed.

Detailed Reporting: Notifications include the nature of the breach, estimated impact, and immediate steps taken for mitigation.

5. Post-Mortem & Prevention

Root Cause Analysis (RCA): Comprehensive report delivered to affected stakeholders following the resolution.

Continuous Improvement: Integration of lessons learned into the security architecture to prevent recurrence.