What is AsterMind AI?

AsterMind is an AI Platform with Cybernetic AI components that trains instantly, is self-learning and adapts automatically to changes in its environment. It runs in the cloud or locally without internet access and can improve the use of current AI solutions dramatically.

How does AsterMind differ from traditional AI and LLMs?

Unlike static AI models that require retraining, AsterMind uses cybernetic control principles for continuous adaptation. It maintains persistent state, provides 4-5x reduction in LLM API calls, and operates autonomously with bounded, auditable decision-making.

Can AsterMind run without internet access?

Yes. AsterMind's cybernetic architecture maintains local intelligence and bounded autonomy, enabling it to function coherently even when disconnected from cloud resources in your own local infrastructure environment. This makes it ideal for edge, field, and security-constrained environments.

What problems can AsterMind solve that LLMs cannot?

AsterMind excels at problems requiring persistent state, real-time adaptation, schema drift handling, cost-constrained operation, and continuous learning. It addresses operational fragility, latency constraints, and cost ceilings that plague LLM deployments at scale.

Is AsterMind GDPR and HIPAA compliant?

Yes. Because learning can happen on-device with zero data transfer to external servers, AsterMind is inherently privacy-preserving and compliant with GDPR, HIPAA, and other data protection regulations.

What are the main use cases for AsterMind?

AsterMind is ideal for RAG solutions, ETL pipelines, processing live data streams, real-time event detection (i.e. fraud detection and cyber security), predictive maintenance, autonomous systems and any application requiring adaptive, explainable, cost-efficient AI.

DATA PROCESSING AGREEMENT (DPA)

AsterMind-ELM

Last Updated: November 20, 2025

This Data Processing Agreement ("DPA") governs the processing of personal data in connection with AsterMind-ELM services provided by AsterMindAI Corporation ("Processor", "we", "us", or "our") to you ("Controller", "you", or "your").

This DPA supplements and forms part of the Terms of Service, Privacy Policy, and End User License Agreement ("EULA").
It applies whenever you are a Controller of personal data and we act as a Processor on your behalf.

1. DEFINITIONS

1.1. "Controller" means the entity that determines the purposes and means of processing personal data.

1.2. "Processor" means the entity that processes personal data on behalf of the Controller.

1.3. "Personal Data" means any information relating to an identified or identifiable natural person.

1.4. "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

1.5. "Data Subject" means the natural person to whom personal data relates.

1.6. "GDPR" means the General Data Protection Regulation (EU) 2016/679.

1.7. "Sub-processor" means a third party engaged by the Processor to process personal data on behalf of the Controller.

2. SCOPE AND APPLICATION

2.1. When This DPA Applies

This DPA applies when:

You act as a Controller of personal data
We process personal data on your behalf as a Processor
Processing occurs in connection with AsterMind-ELM services

2.2. Limited Processing by AsterMind

AsterMind-ELM is an SDK/library that runs entirely on your systems.
We do not process your application data, user datasets, or model outputs.

We process only minimal personal data for:

License validation (stored only during your subscription)
Account creation and management
Support interactions
Security, fraud detection, and legal compliance

We do not access or process end-user content of your applications.

2.3. Controller Responsibilities

You remain solely responsible for:

Determining lawful basis for processing
Complying with GDPR/CCPA and other laws
Obtaining consents where required
Ensuring your use of the Services is lawful

3. PROCESSING DETAILS

3.1. Categories of Data Subjects

Your employees, contractors, and authorized users
End users of software you build using the Services
Individuals whose data you upload, store, or process

3.2. Categories of Personal Data

We may process:

Account Data

Name, email address, company, role
Authentication information

License Data

License keys
Subscription status
Validation timestamps
Retained only during your active subscription

Technical Data

IP address
Device or system identifiers
Runtime environment metadata
Error logs (anonymized where possible)

Support Data

Information voluntarily provided in support requests

Aggregated / Anonymized Data

Usage statistics
Non-identifying telemetry

3.3. Processing Purposes

We process personal data to:

Provide, operate, and maintain the Services
Validate licenses and enforce licensing restrictions
Provide customer support
Detect fraud and security issues
Comply with legal obligations
Improve the Services using anonymized data

3.4. Processing Duration

License and account personal data is retained only for the duration of your active subscription.
Upon cancellation or non-renewal, retention ends unless longer retention is required by law.
Aggregated/anonymous data may be retained indefinitely.

4. PROCESSOR OBLIGATIONS

4.1. Processing Instructions

We will:

Process personal data only according to your documented instructions
Not use personal data for unrelated purposes
Notify you if instructions appear unlawful
Assist you in responding to data subject requests

4.2. Security Measures

We implement appropriate technical and organizational measures, including:

Encryption in transit (TLS 1.2+)
Encryption at rest
Role-based access controls
Multi-factor authentication for internal systems
Regular vulnerability assessments
Incident response procedures
Secure key management
Staff confidentiality and security training

4.3. Confidentiality

We will:

Ensure personnel are bound by confidentiality obligations
Limit access to personal data to those who need it
Maintain confidentiality even after termination

4.4. Data Subject Assistance

We will assist you with:

Access requests
Rectification
Erasure requests
Data portability
Objections
Restriction of processing

4.5. Personal Data Breach Notification

We will:

Notify you without undue delay, and in any event within 72 hours
Provide details sufficient for you to meet legal obligations
Support your investigation and remediation efforts

5. SUB-PROCESSORS

5.1. Authorization

You authorize us to use Sub-processors, provided that:

Each Sub-processor is bound by data protection obligations equivalent to this DPA
We maintain an up-to-date Sub-processor list
We notify you of changes before new Sub-processors are engaged

5.2. Current Sub-processors

These may include:

Cloud infrastructure providers
Payment processors
License validation services
Customer support platforms
Email service providers

5.3. Objection Rights

You may object to new Sub-processors on reasonable grounds.
If we cannot resolve your objection, you may terminate the affected service.

6. DATA TRANSFERS

6.1. International Transfers

Personal data may be processed outside the EEA.
We will implement appropriate safeguards required by law.

6.2. Transfer Mechanisms

We rely on:

Adequacy decisions
Standard Contractual Clauses (SCCs)
Other legal transfer mechanisms

7. AUDIT AND COMPLIANCE

7.1. Documentation and Cooperation

We will:

Maintain records of processing activities
Cooperate with supervisory authorities
Provide compliance documentation upon request

7.2. Audit Rights

You may request:

SOC2, ISO27001, or similar certifications
Third-party audit summaries
Security documentation

On-site audits may be available for enterprise customers under separate terms.

8. DATA RETENTION AND DELETION

8.1. Retention

License data and account data are retained only during your active subscription.
Data required by law (e.g., tax, invoice records) may be retained longer.

8.2. Deletion

Upon termination:

We will delete or return personal data within 30 days
You may request deletion at any time
We may retain anonymized data indefinitely

9. CONTROLLER OBLIGATIONS

9.1. Lawful Basis for Processing

You are responsible for:

Determining and documenting lawful basis
Obtaining consents where required
Complying with GDPR, CCPA, and other laws

9.2. Instructions

You agree to:

Provide clear instructions
Not instruct us to process unlawfully

9.3. Security

You are responsible for:

Securing your own systems
Protecting API keys and license keys
Implementing appropriate access controls
Maintaining your own backups

10. LIABILITY AND INDEMNIFICATION

10.1. Liability

Our liability is limited by the Terms of Service
We are not responsible for your unlawful data practices
We are not liable for processing carried out under your instructions

10.2. Indemnification

You agree to indemnify AsterMind for claims arising from:

Your violation of data protection laws
Your instructions leading to unlawful processing
Failure to obtain valid consents

11. TERMINATION

11.1. Effect of Termination

Upon termination:

Processing stops
Personal data is deleted or returned
Sections relating to confidentiality, liability, and audits survive termination

12. GOVERNING LAW

12.1. Applicable Law

This DPA is governed by:

GDPR for EEA data subjects
Applicable local laws for non-EEA processing
The Terms of Service for all other matters

12.2. Supervisory Authorities

Data subjects may lodge complaints with applicable authorities.
We will cooperate with such authorities as required.

13. CONTACT INFORMATION

AsterMindAI Corporation
706 Scottingham Terrace
North Chesterfield, VA 23236
United States

Data Protection Officer: privacy@astermind.ai
Legal: legal@astermind.ai
Website: https://astermind.ai

ACKNOWLEDGMENT

By using the Services, you acknowledge that you have read, understood, and agree to this Data Processing Agreement.

This DPA supplements the Terms of Service, Privacy Policy, and EULA.

This Data Processing Agreement is effective as of the date above and applies to all processing of personal data performed by AsterMind in connection with the Services.

Cookie Preferences

DATA PROCESSING AGREEMENT (DPA)

AsterMind-ELM

1. DEFINITIONS

2. SCOPE AND APPLICATION

2.1. When This DPA Applies

2.2. Limited Processing by AsterMind

2.3. Controller Responsibilities

3. PROCESSING DETAILS

3.1. Categories of Data Subjects

3.2. Categories of Personal Data

Account Data

License Data

Technical Data

Support Data

Aggregated / Anonymized Data

3.3. Processing Purposes

3.4. Processing Duration

4. PROCESSOR OBLIGATIONS

4.1. Processing Instructions

4.2. Security Measures

4.3. Confidentiality

4.4. Data Subject Assistance

4.5. Personal Data Breach Notification

5. SUB-PROCESSORS

5.1. Authorization

5.2. Current Sub-processors

5.3. Objection Rights

6. DATA TRANSFERS

6.1. International Transfers

6.2. Transfer Mechanisms

7. AUDIT AND COMPLIANCE

7.1. Documentation and Cooperation

7.2. Audit Rights

8. DATA RETENTION AND DELETION

8.1. Retention

8.2. Deletion

9. CONTROLLER OBLIGATIONS

9.1. Lawful Basis for Processing

9.2. Instructions

9.3. Security

10. LIABILITY AND INDEMNIFICATION

10.1. Liability

10.2. Indemnification

11. TERMINATION

11.1. Effect of Termination

12. GOVERNING LAW

12.1. Applicable Law

12.2. Supervisory Authorities

13. CONTACT INFORMATION

ACKNOWLEDGMENT