AI Processing Notice

Effective Date: March 25, 2026

Last Updated: March 25, 2026

Version: Public v1.0

This AI Processing Notice explains how FireGroup JSC (”Company,” “we,” “us,” or “our”) uses artificial intelligence, machine translation, automated processing, large language models, recommendation systems, and related technologies in connection with Transcy, OneMobile, OneLoyalty, and related services (collectively, the “Services”).

This Notice is intended to supplement our Terms and Conditions, Privacy Policy, Data Processing Addendum, and Subprocessor List. In the event of a conflict, the Terms and Conditions and Data Processing Addendum control to the extent applicable.

We use this Notice to explain, in a transparent and practical way:

  • which Services may include AI or automated features;
  • what types of data may be processed through those features;
  • how provider configurations may differ depending on customer setup;
  • how we approach data use, validation, and risk management; and
  • what customers should understand before enabling or relying on AI-enabled features.

This Notice is designed for business customers, merchants, partners, agencies, and other users of the Services, including users located in the EEA, UK, the United States, and other jurisdictions.

This Notice applies to AI-enabled or automation-enabled features made available through the Services, including, where applicable:

  • machine translation;
  • AI-assisted content generation or editing;
  • localization assistance;
  • search and recommendation functionality;
  • automated classification, summarization, or transformation;
  • language detection;
  • content routing or orchestration; and
  • other AI or semi-automated features released by the Company from time to time.

Not all Services, plans, or customer configurations use the same AI providers, models, or processing paths.

Depending on the product, plan, and feature configuration, the Services may use one or more of the following:

3.1 Machine Translation and Language Processing

For example, translation of storefront content, product information, app content, localization text, interface text, metadata, and other business content.

3.2 Generative AI and Language Model Features

For example, drafting, rewriting, summarizing, transforming, or optimizing text, descriptions, content blocks, app copy, loyalty content, or support-related content.

3.3 Search, Recommendations, and Ranking

For example, search assistance, content suggestions, language recommendations, product discovery support, or prioritization of relevant content.

3.4 Classification and Automation

For example, categorization, tagging, intent detection, workflow routing, automated triggering, or other rule-assisted or model-assisted automation.

3.5 Quality or Operational Enhancements

For example, validation, fallback routing, caching, moderation, scoring, monitoring, analytics, or other supporting automation associated with AI-enabled workflows.

Depending on the relevant feature and product configuration, AI-enabled processing may involve one or more of the following categories of data:

  • source text and translated text;
  • prompts and instructions;
  • generated outputs and transformed content;
  • product titles, descriptions, collections, menus, and metadata;
  • app content, app assets, or mobile-related text;
  • loyalty content or campaign text;
  • search inputs and query terms;
    language, locale, and configuration settings;
  • technical metadata necessary to deliver the feature;
  • usage logs, diagnostics, and feature interaction data; and
  • other content affirmatively submitted by the customer for AI-enabled processing.

Unless explicitly approved in writing and supported by the relevant product configuration, customers should not submit payment card data, protected health information, biometric data, government-issued identification numbers, or special-category or similarly sensitive personal data to AI-enabled features.

AI-enabled features may be delivered through different processing paths depending on the Service, the customer’s plan, and the customer’s selected configuration.

5.1 Customer-Selected Provider or Customer-Supplied API Key

In some cases, a customer may connect its own third-party provider account, model, or API key (for example, a customer-owned account with OpenAI, Google Translate, DeepL, or another provider).

In those cases:

  • the customer controls the direct relationship with that provider;
  • the provider’s own terms, privacy notice, and usage policies apply;
  • the customer is responsible for its own account, charges, permissions, compliance obligations, and provider settings; and
  • the Company does not control that provider’s independent practices, uptime, pricing, or policy changes.

5.2 Company-Managed Provider Access

In some cases, the Company may provide access to AI-enabled functionality using Company-managed credentials, pooled infrastructure, Company-selected providers, or Company-managed routing.

In those cases:

  • customer-submitted content may be transmitted through Company-managed systems to the relevant provider;
  • the Company may apply service controls such as usage limits, routing logic, validation, moderation, queueing, caching, fallback logic, or logging;
  • the Company may change the provider, model, technical route, or configuration from time to time for operational, legal, commercial, security, quality, or risk-management reasons; and
  • availability may depend on external provider uptime, limits, or service changes.

5.3 Hybrid Processing

AI-enabled features may be delivered through different processing paths depending on the Service, the customer’s plan, and the customer’s selected configuration.

5.1 Customer-Selected Provider or Customer-Supplied API Key

In some cases, a customer may connect its own third-party provider account, model, or API key (for example, a customer-owned account with OpenAI, Google Translate, DeepL, or another provider).

In those cases:

  • the customer controls the direct relationship with that provider;
  • the provider’s own terms, privacy notice, and usage policies apply;
  • the customer is responsible for its own account, charges, permissions, compliance obligations, and provider settings; and
  • the Company does not control that provider’s independent practices, uptime, pricing, or policy changes.

5.2 Company-Managed Provider Access

In some cases, the Company may provide access to AI-enabled functionality using Company-managed credentials, pooled infrastructure, Company-selected providers, or Company-managed routing.

In those cases:

  • customer-submitted content may be transmitted through Company-managed systems to the relevant provider;
  • the Company may apply service controls such as usage limits, routing logic, validation, moderation, queueing, caching, fallback logic, or logging;
  • the Company may change the provider, model, technical route, or configuration from time to time for operational, legal, commercial, security, quality, or risk-management reasons; and
  • availability may depend on external provider uptime, limits, or service changes.

5.3 Hybrid Processing

AI-enabled features may be delivered through different processing paths depending on the Service, the customer’s plan, and the customer’s selected configuration.

5.1 Customer-Selected Provider or Customer-Supplied API Key

In some cases, a customer may connect its own third-party provider account, model, or API key (for example, a customer-owned account with OpenAI, Google Translate, DeepL, or another provider).

In those cases:

  • the customer controls the direct relationship with that provider;
  • the provider’s own terms, privacy notice, and usage policies apply;
  • the customer is responsible for its own account, charges, permissions, compliance obligations, and provider settings; and
  • the Company does not control that provider’s independent practices, uptime, pricing, or policy changes.

5.2 Company-Managed Provider Access

In some cases, the Company may provide access to AI-enabled functionality using Company-managed credentials, pooled infrastructure, Company-selected providers, or Company-managed routing.

In those cases:

  • customer-submitted content may be transmitted through Company-managed systems to the relevant provider;
  • the Company may apply service controls such as usage limits, routing logic, validation, moderation, queueing, caching, fallback logic, or logging;
  • the Company may change the provider, model, technical route, or configuration from time to time for operational, legal, commercial, security, quality, or risk-management reasons; and
  • availability may depend on external provider uptime, limits, or service changes.

5.3 Hybrid Processing

Some workflows may combine customer-selected configurations with Company-managed orchestration, caching, moderation, validation, analytics, or technical support layers.

Depending on the product and configuration, the Services may use third-party AI or translation providers such as OpenAI, Google Translate, DeepL, Baidu, Yandex, DeepSeek, Grok, or similar providers.

These providers may change over time and may vary by customer selection, product plan, region, or feature availability.

When a Third-Party AI Provider is involved:

  • the provider may process data under its own terms and policies;
  • the provider may update its models, retention practices, service availability, technical controls, or regional infrastructure over time;
  • the Company may rely on provider settings or APIs intended for business use, where available; and
  • the Company is not responsible for the independent acts or omissions of a provider outside the Company’s reasonable control.

Customers should review the relevant provider documentation where appropriate, especially when choosing to connect their own account or API key.

7.1 Company Model Training

We do not use customer-submitted content processed through the Services to train the Company’s proprietary machine learning models unless the relevant customer has explicitly opted in through a separate mechanism.

7.2 Operational and Service Improvement Data

We may use aggregated, de-identified, anonymized, statistical, diagnostic, and operational data to operate, secure, troubleshoot, measure, and improve the Services, to the extent permitted by applicable law and our contractual commitments.

7.3 Third-Party Provider Training Practices

Where a feature relies on a third-party AI or translation provider, data submitted to that feature may be processed under that provider’s own terms, privacy notice, and product configuration.

We use commercially reasonable efforts to select business-appropriate providers and, where available, technical settings or service modes intended to limit use of submitted API data for training public or generalized models. However:

  • provider policies and technical options may vary;
  • provider functionality may change over time;
  • certain features may depend on provider-side controls outside our direct control; and
  • customers using their own API keys remain responsible for reviewing and configuring their provider settings.

Additional information may be provided through our Privacy Policy, Subprocessor List, product documentation, or applicable provider documentation.

AI-generated, machine-translated, and automated outputs may be inaccurate, incomplete, delayed, inconsistent, biased, contextually inappropriate, or commercially or legally unsuitable.

Examples of possible issues include:

  • mistranslations;
  • hallucinations or fabricated content;
  • formatting issues;
  • missing nuance or cultural context;
  • incorrect legal or pricing language;
  • incomplete summaries or recommendations; and
  • model behavior changes over time.

Customers remain solely responsible for reviewing, validating, and approving outputs before using them in any customer-facing, legal, regulatory, pricing, operational, or business-critical context.

The Services do not provide legal, tax, financial, medical, or regulatory advice.

Some features may support personalization, ranking, recommendations, language detection, search results, workflow triggers, or other automated or semi-automated experiences.

Customers are responsible for assessing whether their own use of these features triggers any obligations under applicable law, including obligations relating to:

  • notice or transparency;
  • consent or lawful basis;
  • opt-out rights;
  • profiling or automated decision-making restrictions;
  • consumer protection disclosures; or
  • sector-specific compliance requirements.

Where required, customers are responsible for implementing appropriate review, oversight, escalation, fallback, or human intervention processes.

We maintain administrative, technical, and organizational measures designed to protect data processed through AI-enabled features, taking into account the nature of the Services and the risks involved.

Depending on the feature and configuration, we may log prompts, outputs, technical events, error traces, rate-limit signals, routing choices, or related metadata for purposes such as:

  • service delivery;
  • debugging and troubleshooting;
  • fraud, abuse, and security monitoring;
  • performance measurement;
  • quality assurance; and
  • product support and maintenance.

We do not retain such data longer than reasonably necessary for the purposes described above, subject to our retention practices, legal obligations, contractual commitments, backup cycles, and security needs.

Customers must not use AI-enabled features in a manner that:

  • violates applicable law, regulation, or third-party rights;
  • involves unlawful, deceptive, harmful, abusive, discriminatory, or infringing content;
  • submits restricted sensitive data in violation of our Terms, Privacy Policy, or service documentation;
  • attempts to generate harmful instructions, malware, fraud content, or other abusive outputs;
  • misleads end users into believing outputs are fully human-reviewed when they are not; or
  • creates unacceptable legal, operational, platform, or reputational risk for the Company, third parties, or end users.

We may suspend, restrict, or disable AI-enabled features where reasonably necessary to address legal, security, abuse, or platform risks.

AI-enabled workflows may involve processing by providers or infrastructure located outside the EEA, UK, Switzerland, or the customer’s home jurisdiction.

Where required by applicable law, we use appropriate safeguards for international transfers, which may include Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions, contractual commitments, or other lawful transfer mechanisms.

Additional information is available in our Privacy Policy and DPA where applicable.

We may update AI-enabled features, providers, models, service logic, safety controls, and this Notice from time to time to reflect changes in technology, law, product design, vendor relationships, or operational practices.

Where we make material changes, we may provide notice through the Services, our website, email, or related documentation.

The “Last Updated” date above reflects the most recent revision date for this Notice.

For questions about AI-enabled processing, privacy, subprocessors, or contractual data protection terms, please contact:FireGroup JSC
F21-22, 182 Le Dai Hanh St., Ward 15, District 11, HCMC.
General Support – Transcy: [email protected]
General Support – OneMobile / OneLoyalty: [email protected]

We encourage you to review the following related legal documents so you can better understand your rights, how your data is protected, and what to expect from our services: