Privacy PolicyDraft
This is a placeholder. The Privacy Policy is being prepared and is pending legal review. This page is not legal advice and is not lawyer-approved.
What the final Privacy Policy will cover
- What we collect: account info, uploaded documents and derived data (chunks, embeddings, answers), usage metadata, and support communications.
- How it is used: to provide the service, generate grounded answers, and meter usage.
- Sub-processors and third parties (AI provider, hosting, payments, email) and what each receives.
- Security: tenant isolation and access controls; we do not log document/answer text or secrets.
- Your rights: access, export, and deletion, and how to exercise them.
- Retention and deletion windows (being finalized).
- Contacts for privacy and security.
AI provider and data handling
- Provider mode is set at the organization level: platform-managed, bring-your-own-key, or local/self-hosted.
- On the platform-managed path, your document and question text is sent to the external OpenAI API to produce embeddings and answers. This is opt-in.
- Bring-your-own-key uses your provider key; local/self-hosted keeps inference on your own hardware. Local/self-hosted is the default architecture.
- For sensitive or regulated data, prefer bring-your-own-key or local/self-hosted mode and confirm compliance with your institution's policies.
Privacy questions? Contact us. See the known limitations for current data-handling scope.