Data Processing Addendum
This Data Processing Addendum, including all of its Annexes (this “Addendum“), is a legal agreement between you, either an individual or a legal entity (the “Controller”), and Emcie Co Ltd. (“Processor”), amending and forming part of the Terms of Service of the Processor that apply to and also bind the Controller with relation to its purchase of Processor’s services (the “Agreement” and “Services”, respectively).
THIS ADDENDUM TAKES EFFECT WHEN CONTROLLER SIGNS IN OR ACCESSES OR USES THE SERVICES. BY SIGNING IN OR BY ACCESSING OR USING THE SERVICES, CONTROLLER (A) ACKNOWLEDGES THAT CONTROLLER HAS READ AND UNDERSTANDS THIS ADDENDUM; (B) REPRESENTS AND WARRANTS THAT CONTROLLER HAS THE RIGHT, POWER AND AUTHORITY TO ENTER INTO THIS ADDENDUM AND, IF ENTERING INTO THIS ADDENDUM FOR AN ORGANIZATION, THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THAT ORGANIZATION; AND (C) ACCEPTS THIS ADDENDUM AND AGREES THAT CONTROLLER IS LEGALLY BOUND BY ITS TERMS.
In the event that any term or condition contained herein is in conflict with a term or condition set forth in the Terms of Service, the term and condition set forth in this Addendum shall be deemed to be the controlling term and condition, except if otherwise expressly stated. Capitalized terms not otherwise defined herein shall have the meaning given to them in the Terms of Service or in applicable Data Protection Legislation.
IF CONTROLLER DOES NOT AGREE TO ANY TERM OR CONDITION OF THIS ADDENDUM, CONTROLLER MAY NOT ACCESS OR USE THE SERVICES.
1. Compliance with Data Protection Legislation
Processor shall comply with all applicable data protection and privacy laws, their implementing regulations, regulatory guidance, and secondary legislation (“Data Protection Legislation”), each as updated or replaced from time to time, including: (i) of the EU – the General Data Protection Regulation ((EU) 2016/679) (the “GDPR”); (ii) of the UK – the UK General Data Protection Regulation ("UK GDPR") and the UK Data Protection Act 2018; (iii) the Privacy and Electronic Communications Directive (2002/58/EC) and any applicable national implementing laws including, as far as applicable, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426); (iv) of the U.S. – the California Consumer Privacy Act, as amended (“CCPA”); and (v) any other laws that apply.
2. Processing of Personal Data
2.1. Details of Processing. Annex A sets out the scope, nature and purpose of processing by the Processor, the duration of the processing and the types of personal data and categories of data subjects.
2.2. Instructions. With relation to its Agreement with the Controller, processing of personal data (including - as applicable and where provided to the Processor - sensitive personal data), as such term is regarded under Data Protection Legislation, of data subjects, that was collected by the Controller or on its behalf and provided to the Processor (“Personal Data”), shall only be done in accordance with the Controller’s instructions as set out in the Agreement and in this Addendum, as otherwise necessary to provide the Services, or as otherwise agreed in writing by the parties hereto. The Processor will immediately inform the Controller if, in its opinion, an instruction violates or would cause Processor to violate Data Protection Legislation. The Processor shall process Personal Data only to fulfill its obligations under the Agreement and as permitted in this Addendum.
2.3. Controller Responsibilities. The Controller will ensure that it has and has placed all necessary consents and notices, respectively, in place to enable lawful transfer of Personal Data to the Processor for the duration and purposes (including processing and use) of this Addendum.
2.4. Requirements from Processor. The Processor acknowledges and agrees that it shall act in the role of a “Processor” (or equivalent term) as defined under the Data Protection Legislation. The Controller discloses Personal Data to the Processor solely for performing the Services, in consideration of permitted business purposes set forth under the Data Protection Legislation while acknowledging that such performance encompasses the permitted uses specified in this Addendum. The Processor is prohibited from: (i) selling or sharing Personal Data; (ii) retaining, using, or disclosing Personal Data for any purpose other than providing the Services to the Controller and as otherwise permitted by Data Protection Legislation; (iii) retaining, using, or disclosing Personal Data for any commercial purpose other than the Services, unless expressly permitted by Data Protection Legislation; (iv) retaining, using, or disclosing Personal Data outside of the direct business relationship between the Controller and the Processor unless expressly permitted by Data Protection Legislation or pursuant to this Addendum; and (v) combining or updating Personal Data with personal data that the Processor obtains from other sources unless expressly permitted by Data Protection Legislation or pursuant to this Addendum. The Processor certifies that it understands the prohibitions outlined in this Section 2.4 and will comply with them. The Processor shall notify the Controller no later than five (5) business days after it makes a determination that it can no longer meet its obligations under the Data Protection Legislation or this Addendum. The Processor permits the Controller the right, upon notice, to take reasonable and appropriate steps to stop and remediate the Processor’s unauthorized use of Personal Data.
3. Security
3.1. Security Measures. The Processor shall implement appropriate technical and organizational measures for processing Personal Data which shall, at minimum, meet the requirements in Annex B.
3.2. Breach Notification. The Processor shall notify the Controller without undue delay upon discovery of any breaches involving the security of Personal Data processed by the Processor or any of Processor’s subprocessors under the Agreement.
3.3. Personnel. The Processor shall ensure that all Processor and subprocessor personnel who process (including having access to) Personal Data (i) are made aware of their obligation to keep such information confidential, and (ii) complete privacy and information security training on at least an annual basis.
4. Permitted Uses of Personal Data
4.1. As part of the standard Services, and for the purpose of improved results for the Controller exclusively, the Processor performs optimization of the prompts and other data provided by the Controller (including anyone on Controller’s behalf) into the Processor’s software (“Controller Data”). As the Controller Data may contain Personal Data, the Processor shall endeavor - with relation to such optimization - to de-identify and anonymize such Personal Data, using commercially reasonable technological tools, which may be provided by third parties, and shall use reasonable efforts to prevent re-identification of the Personal Data, though it cannot guarantee that the de-identification process will be error-free and/or that all Personal Data will remain unidentified. The Controller acknowledges and agrees to the foregoing, and hereby expressly grants the Processor the right and permission to perform the actions required for said optimization and for said de-identification and anonymization.
4.2. The Processor confirms that Personal Data provided by Controller within the Controller Data shall be used by Processor solely in connection with said optimization and shall not be used by Processor for any other purpose not expressly permitted in this Addendum.
4.3. Where Controller Data (which, as aforesaid, includes Personal Data) is used for training, retraining, fine-tuning and/or using for output enhancement purposes of AI models and particularly (but not only) small language models (SLMs) – the provisions of Annex C shall apply.
4.4. In the event that the Controller does not have relevant valid legal basis and/or did not obtain a consent necessary to grant the Processor any of the rights or permissions concerning a permitted use – the Controller will refrain from providing the Processor the data for which it does not have necessary valid legal basis and/or the required consent.
5. Assistance
5.1. Cooperation with the Controller. The Processor shall promptly provide all information and assistance reasonably requested by the Controller, at the Controller’s expense, to respond to any request from a data subject and to comply with its obligations under the Data Protection Legislation with respect to security, breach notifications, privacy impact assessments, litigation, inquiries or consultations with supervisory authorities or regulators. The Processor’s assistance shall not be unreasonably withheld.
5.2. Third-Party Requests. The Processor shall promptly inform the Controller of any data subject’s request or any communications from a regulator, government body, supervisory authority, or litigant relating to Personal Data provided to the Processor by the Controller that the Processor or its subprocessors receive, unless applicable law prohibits providing such information. The Processor shall not respond to such requests except as instructed by the Controller, unless required by Data Protection Legislation, in which case the Processor shall, to the extent permitted by the applicable legislation, inform the Controller of such legal requirement prior to responding to such request, in order to provide the Controller with the opportunity to fully pursue available legal remedies, including the right to contest or object to such requests.
6. Return and Deletion of Personal Data
At the choice of the Controller, the Processor shall delete or return Personal Data and copies thereof to the Controller on termination of the Agreement unless required by applicable law to store the Personal Data, in which case the Processor shall inform the Controller of that obligation and comply with the requirements of the Data Protection Legislation until the Personal Data is securely deleted or returned to the Controller.
7. Recordkeeping and Verification
7.1. Recordkeeping. The Processor shall maintain records and information in accordance with applicable Data Protection Legislation to demonstrate its compliance with this Addendum (the “Records”).
7.2. Verification. The Processor shall make available to Controller, following written request, all Records and information necessary to demonstrate compliance with this Addendum and the Data Protection Legislation, and shall cooperate with verifications, including inspections, by the Controller or its third-party auditors in relation to the processing of Personal Data.
8. Subprocessors
8.1. Appointment of Subprocessors. The Controller authorizes the Processor to have and appoint subprocessors in accordance with this section 8 and any restrictions in this Addendum, to process Personal Data on behalf of the Processor in connection with the Services. The Processor is required to have a written agreement with each subprocessor containing data protection obligations not less protective than those in this Addendum.
8.2. Existing Subprocessors. The Processor may continue to use those subprocessors already engaged by the Processor as of the date of this Addendum (as listed in the Subprocessor List), for processing Personal Data on behalf of the Processor in connection with the Services.
8.3. Objection Right for New Subprocessors. The Processor shall give the Controller thirty (30) days’ prior written notice of the appointment of any new subprocessor, including full details of the processing to be undertaken by that subprocessor. If, within such notice period, the Controller notifies the Processor in writing of any objections (on reasonable documented grounds) to the proposed appointment, the Processor shall not appoint (or disclose any Personal Data to) that proposed subprocessor until reasonable steps have been taken to address the objections raised by the Controller and the Controller has been provided with a reasonable written explanation of the steps taken. If the Processor is unable to take such steps to avoid the processing of Personal Data by the objected-to subprocessor within a reasonable period of time, which shall not exceed thirty (30) calendar days, or the Controller does not approve the changes proposed by the Processor, the Controller may at the option of the Controller, by providing written notice to the Processor, terminate the Agreement or the Service(s) which cannot be provided by the Processor without the use of the objected-to subprocessor.
8.4. Liability regarding subprocessors. The Processor shall be liable for the acts and omissions of its subprocessors to the same extent the Processor would be liable if performing the services of such subprocessor directly under the terms of this Addendum, except as otherwise set forth in the Agreement.
9. International Transfers of Personal Data
9.1. General Obligation. The Processor shall comply with all applicable requirements for cross-border transfers of Personal Data under Data Protection Legislation. The Processor shall be deemed the “data importer” and the Controller the “data exporter” under the appropriate transfer mechanism(s) identified in this clause 9.
9.2. Transfer from Processor to subprocessors. The Controller grants the Processor a mandate to execute the Standard Contractual Clauses with any relevant subprocessor it appoints on its behalf.
10. Miscellaneous
10.1. Interpretation. Any words following the terms “including” and similar expressions shall not limit the sense of the words preceding those terms.
10.2. Entire Agreement. This Addendum shall replace and supersede any existing data processing addendum (including any privacy addendums), attachment or exhibit (including any standard contractual clauses) between the parties, except as provided for in section 9.2, if applicable. Any addenda, attachments, or exhibits related to security shall remain in place and supplement any security measures set out in Annex B. In the event of a conflict between Annex B and any other agreement that the Processor has entered into with the Controller governing information security, including administrative, physical, or technical safeguards regarding the protection of data, the provisions more protective of the data shall prevail.
10.3. Liability. The liability of each party under this Addendum shall be subject to the exclusions and limitations of liability set out in the Agreement.
10.4. Governing Law and Jurisdiction. This Addendum will be governed by and construed in accordance with the governing law and jurisdiction provisions in the Agreement, unless required otherwise by applicable Data Protection Legislation.
10.5. Termination of Addendum. This Addendum will terminate on the later of the termination or expiry of the Agreement or the end of the processing of all Personal Data.
Last Updated: January 05, 2026
ANNEX A
PERSONAL DATA PROCESSING PURPOSES AND DETAILS
DESCRIPTION OF PROCESSING
Categories of data subjects whose Personal Data is processed
The Controller may submit Personal Data to the Processor with relation to the provision of the Services, the extent of which is determined and controlled by the Controller in its sole discretion, and which may include, but is not limited to personal data of data subjects relating to the following categories:
- Customers, business partners and vendors of the Controller (who are natural persons)
- Employees and contact persons (both of whom are natural persons) of the Controller’s customers, business partners and vendors
- Employees, agents, advisors, contractors, and any users authorized by the Controller to use the Services (who are natural persons)
Categories of Personal Data processed
The Controller may submit Personal Data to the Processor with relation to the provision of the Services, the extent of which is determined and controlled by the Controller in its sole discretion, and which may include, but is not limited to the following categories of personal data:
- First and last name
- Title
- Position
- Employer
- Contact information (company, email, phone, physical business address)
- ID data
- Professional life data
- Personal life data
- Connection data
- Localization data
Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
Sensitive data (such as medical information) may be transferred by the Controller where the Processor provides services necessitating access to such data as described under the Agreement.
The safeguards applying to the processing of such data are as described under Annex B.
The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).
Continuous.
Nature of the processing
The Processor will process Personal Data as necessary to perform the Services pursuant to the Agreement, as further instructed by the Controller (as expressly set forth in the Addendum to which this Annex is attached) in its use of the Services.
Purpose(s) of the processing
The Processor will process Personal Data for the purposes necessary to perform the Services pursuant to the Agreement, as further instructed by the Controller (as expressly set forth in the Addendum to which this Annex is attached) in its use of the Services.
The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period
The period which is required in order to provide the Services to the Controller.
For transfers to (sub-)processors, also specify subject matter, nature and duration of the processing
Matter and nature of the processing, as set out in the Agreement, for the duration required for the data importer to provide the Services to the data exporter.
ANNEX B
TECHNICAL AND ORGANISATIONAL MEASURES
In the event of a conflict between this Annex and any other agreement that the Processor has entered into with the Controller governing information security, technical and organizational measures, the protection of data and/or privacy, or similar, the provisions more protective of the data, shall prevail.
| Measure | Description |
|---|---|
| 1. Measures of pseudonymisation and encryption of Personal Data | The Processor shall maintain encryption in transit and at rest in accordance with sections 5 and 6 below. |
| 2. Measures for ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident | Business Continuity Management. The Processor will establish and maintain (i) business continuity and disaster recovery plans ("Contingency Plans") for critical functions, technology and systems in support of the Services herein to enable recovery of said Services within the agreed upon Recovery Time and Recovery Point objectives in the event of a disaster or other unexpected disruption in Services. (ii) The Processor will review, update and exercise the operability of applicable Contingency Plans in support of the Services herein by conducting recovery exercises of Contingency Plans at least annually. |
| 3. Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing | The Processor shall maintain processes for testing, assessing and evaluating the effectiveness of technical and organizational controls at a minimum on an annual basis. The results of such assessments shall be documented and remediation actions monitored by the Processor management responsible for the information security governance. This may include accreditations to provide independent assurance that the Processor programs, products and services meet industry standards for security. |
| 4. Measures for user identification and authorization | Access Control: • Identification and Authentication. All access to any Personal Data shall be Identified and Authenticated. "Identification" refers to processes which establish the identity of the person or entity requesting access to Personal Data. "Authentication" refers to processes which validate the purported identity of the requestor. • For access to Personal Data, the Processor shall require Authentication by the use of an individual, unique user ID and an individual password and/or other appropriate Authentication technique (e.g. soft token, pin, etc.). The Processor shall maintain procedures to ensure the protection, integrity, and soundness of all passwords created by the Processor and/or used by the Processor in connection with the Agreement. |
| 5. Measures for the protection of data during transmission | Encryption in transit. The Processor shall maintain encryption, in accordance with industry standards, for all transmission of Personal Data via public networks (e.g., the Internet). Such transmissions include, but are not limited to: • Sessions between web browsers and web servers; • Email containing Customer information (including passwords); and • Transfer of files via the Internet (e.g., SFTP). |
| 6. Measures for the protection of data during storage | Encryption at rest. The Processor shall maintain encryption, in accordance with industry standards, for all Personal Data stored on any of Processor storage media. |
| 7. Measures for ensuring physical security of locations at which Personal Data are processed | • The Processor shall maintain physical security of its Personal Data processing facilities and ensure it is designed and applied in accordance with industry standards to protect infrastructure in the event of natural disasters, accidents and malicious attacks. • Security perimeters and work procedures shall be well defined and used to protect areas that contain sensitive or critical information within information processing facilities. Access points are controlled through the requirement of physical badges and access cards to prevent unauthorized entry. |
| 8. Measures for ensuring events logging | Vulnerabilities Management. The Processor will establish and maintain vulnerabilities management program to identify, log and remediate vulnerabilities based on industry standards such as SOC2. |
| 9. Measures for ensuring system configuration, including default configuration | The Processor shall ensure that default configurations of technical controls are removed prior to operational use. Configuration testing shall be included in periodic processes for testing as described in section 3 above. |
| 10. Measures for internal IT and IT security governance and management | • Risk Management. The Processor shall maintain information security risk management program, with the results being included in the annual mitigation plan, which is presented to and monitored by the Processor Management. • Account Administration. The Processor shall maintain appropriate processes for requesting, approving, and administering accounts and access privileges for Processor processing resources and personal data. These processes shall include procedures for granting and revoking emergency access to Personal Data. • Access Control. The Processor shall maintain appropriate access control mechanisms to prevent all unauthorized access to Personal Data. The access and privileges granted shall be limited to the minimum necessary to perform the assigned functions. • Network Security Authorized Access. The Processor shall only have access to Personal Data as authorized by Controller and shall use such access solely for providing services to the Controller. The Processor shall not attempt to access any applications, systems or data which Controller does not request it to access in order to perform its services. The Processor further agrees to access such applications, data and systems solely to the extent minimally necessary to provide services to the Controller. • Endpoint protection. The Processor shall ensure that any endpoint, to whom the Processor provides access to Personal Data, has malware protection installed; in addition, the Processor shall ensure that malware protection cannot be disabled by the end users and has periodic updates of new malware signatures. |
| 11. Measures for certification/assurance of processes and products | Where security accreditations are maintained, the Processor shall ensure that assurance process exists to keep Processor accreditations (per SOC2) valid. Any loss or revoke of security accreditation shall be reported to the Controller in a timely manner. |
| 12. Measures for ensuring data quality | • Protection of Storage Media. All media on which Personal Data is stored shall be protected against unauthorized access or modification. The Processor shall maintain reasonable and appropriate processes and mechanisms to maintain accountability and tracking of the receipt, removal and transfer of storage media used. • Data Integrity. The Processor shall maintain processes to prevent unauthorized or inappropriate modification of Personal Data, for both data in transit and data at rest. |
| 13. Measures for ensuring accountability | • Identification and Authentication. All access to any Personal Data shall be Identified and Authenticated. "Identification" refers to processes which establish the identity of the person or entity requesting access to Personal Data. "Authentication" refers to processes which validate the purported identity of the requestor. • For access to personal data, the Processor shall require Authentication by the use of an individual, unique user ID and an individual password and/or other appropriate Authentication technique (e.g. soft token, pin, etc.). The Processor shall maintain procedures to ensure the protection, integrity, and soundness of all passwords created by the Processor and/or used by the Processor in connection with the Agreement. |
| 14. For transfers to subprocessors, also describe the specific technical and organizational measures to be taken by the subprocessor to be able to provide assistance to the Controller and, for transfers from a processor to a subprocessor, to the data exporter | Third Parties. The Processor shall ensure that any agent, including a subcontractor/subprocessor, to whom the Processor provides access to Personal Data agrees to maintain reasonable and appropriate safeguards to protect such information. |
| 15. Measures for the de-identification process | • The Processor shall implement adequate technological tools intended to de-identify the Personal Data. • The Processor shall maintain ongoing records, in accordance with industry standards, with respect to the process of de-identification of Personal Data, and shall customarily review the performance of the process. |
| 16. Measures for the anonymization process | • The Processor shall implement adequate technological tools intended to anonymize the Personal Data. • The Processor shall maintain ongoing records, in accordance with industry standards, with respect to the process of anonymization of Personal Data, and shall customarily review the performance of the process. |
| 17. Measures for ensuring that the anonymization process was successful | The Processor shall periodically conduct checks, in accordance with industry standards, intended to ensure that the process of anonymization is successful and leaves no identifiable information from Personal Data that was supposed to be anonymized. |
| 18. Measures for prevention of re-identification | The Processor shall implement adequate technological tools intended to prevent re-identification of Personal Data that underwent the process of anonymization. |
ANNEX C
AI Models and SLM Training
Where prompts and other data provided by the Controller are used for training AI Models, including, but not limited to, SLMs (as defined below), the provisions of this Annex shall apply.
For Optional Training (as defined in the Terms of Service which reference the DPA to which this Annex is attached) Controller’s consent is required, to be granted by an opt-in election; Where such consent is not granted, the Processor shall not utilize data provided by the Controller for Optional Training purposes, and in that case the provisions set forth in this Annex shall not apply.
1.1. Controller’s acknowledgements. The Controller understands and hereby acknowledges and approves, that for optimal provision of services by the Processor, with broader benefits and advanced capabilities, the Processor uses data received from the Controller, on an anonymized basis using the measures set forth in Section 1.2 below, for training, retraining, fine-tuning and/or use for output enhancement purposes of AI models, and particularly small language models (“SLMs”), intended to serve the Controller within the scope of the Processor’s service to it (“AI Models”). With respect to Optional Training (if elected by the Controller), the Controller understands and hereby acknowledges and approves that such training is intended to serve the Processor’s various customers, including the Controller, within the scope of the Processor’s services to them. For any query concerning isolated and/or on-premises Optional Training please contact Company at: [email protected]
1.2. Data Anonymization Process. For the purpose of the abovementioned training of AI Models, the Processor shall utilize a two-stage anonymization process: (a) first, the Processor shall de-identify and remove from data received from the Controller all Personal Data (including sensitive Personal Data), and (b) second, the Processor shall anonymize the de-identified data. The resulting anonymized data may be used by the Processor for training AI Models, which models will serve: (i) in general Training – the Controller; (ii) in Optional Training - provision of services by the Processor to its various existing and future customers (i.e., not exclusively to the customer from whom the data was received, or the Controller, as applicable).
1.3. Undertakings and disclaimers. With relation to the anonymization of data received from the Controller, and to the use of the resulting anonymized data for training of AI Models as aforesaid, the Processor hereby declares that: (a) it shall use adequate, industry-standard tools of reputable vendors (such as Microsoft) to perform the de-identification and anonymization of data received from the Controller which the Processor will intend for said training, (b) if requested by Controller, in writing, it shall inform the Controller of such tools and of any applicable third party service providers from whom it will obtain them, (c) it shall implement adequate measures to prevent re-identification of Personal Data and leakage thereof with relation to the anonymization process, (d) anonymized data will not be combined with additional data in a way that causes re-identification, (e) at the Controller’s reasonable written request, not to be provided more than once per year, the Processor shall provide it with summary reports demonstrating compliance with applicable anonymization-related provisions of the Data Protection Legislation, (f) it cannot guarantee that the anonymization process will be error-free and/or that no Personal Data whatsoever will remain un-anonymized, (g) where Optional Training is concerned - it will inform its other customers whom the trained AI Models will serve, that they may not attempt to re-identify anonymized data, and (h) anonymized data and the AI Models trained with it may be retained by the Processor indefinitely. The Controller undertakes not to attempt, directly or indirectly, to re-identify anonymized data of other customers of the Processor that was used by the Processor to train AI Models.
1.4. Permissions to the Processor. The Controller hereby expressly grants the Processor the right and permission to perform the abovementioned anonymization process of data received from the Controller and to use the resulting anonymized datasets for training of AI Models (given that Optional Training requires a separate permission from the Controller, by opting-in to it). In the event that the Controller does not have valid legal basis and/or did not obtain any consent necessary to grant the Processor said right and permission – the Controller will refrain from providing the Processor the data for which it does not have necessary valid legal basis and/or the required consent.
1.5. Acknowledgment of Data Permanence in Trained Models. The Controller acknowledges and understands that data used for training AI models, and in particular SLMs, cannot be deleted or removed from such AI models once the training process has been completed. The Controller further acknowledges that the anonymized data incorporated into trained AI Models becomes an integral and inseparable component of such models and cannot be extracted, isolated, or erased following the completion of the training process.