Infersec

Effective date: May 27, 2026

Who we are

Infersec ("we", "us", "our") is the data controller responsible for your personal data under the EU General Data Protection Regulation (GDPR). This policy explains what data we collect, why, and your rights.

What data we collect

  • Account information — name, email address, and credentials you provide when signing up.
  • Billing information — payment details are handled entirely by Stripe. We do not see or store your full card number.
  • Usage metadata — token counts, request counts, and endpoint usage statistics for billing and service management.
  • Technical data — IP address, browser type, and device information collected automatically when you use the platform.

AI services and prompt data

We do not store prompt data. Prompt content is never written to disk, logged, or persisted in any database.

We do not train on customer data. Your prompts, completions, and tool-call payloads are never used for model training, fine-tuning, or any machine learning purpose.

Some prompt data is processed in plain text to support server-side tool execution (e.g. MCP tool interception). This processing happens in memory only, for the duration of the request, and is discarded immediately once the process completes. No prompt data is ever logged or retained beyond the active request lifecycle.

Note: Sending private or sensitive personal data to large language models is not recommended and is discouraged by this platform. While we do not store your prompts, the model provider and any tools invoked during a request may process that data under their own terms.

How we use your data

We process your data only for the following purposes:

  • Service delivery — operating your account, routing inference requests, and providing the platform.
  • Billing and account management — tracking usage, processing payments via Stripe, and managing your subscription.
  • Communication — service updates, billing notices, and policy changes.
  • Security and reliability — monitoring platform health and preventing abuse.

Legal basis for processing

Under GDPR Article 6, we rely on:

  • Contractual necessity — to provide the services you signed up for.
  • Legitimate interest — platform security, reliability, and basic analytics.
  • Consent — where required for specific communications or features.

Third-party services

Stripe processes all payments on our behalf. Stripe has their own Privacy Policy and Terms of Service. We do not receive or store your full payment card details.

Data sharing

We do not share your personal data with third parties outside of what is necessary to operate the platform (e.g. Stripe for payments). Your data is not sold, rented, or traded.

Data retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g. financial records).

Your rights

Under GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Restriction — limit how we process your data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — withdraw any consent you have given at any time.

To exercise any of these rights, contact us at the address below.

Cookies

We use essential cookies to maintain your session and authentication state. We do not use tracking or advertising cookies. If analytics cookies are introduced in the future, they will be optional and presented with a clear consent banner.

Security

We take appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and access controls. No system is completely secure, and we encourage you to use strong, unique passwords and enable any available security features on your account.

Changes to this policy

We reserve the right to update this privacy policy at any time. When material changes are made, we will notify you via email. Continued use of the platform after notification constitutes acceptance of the updated policy.

Contact

For privacy-related enquiries, contact us at:

Email: infersec@vault.garden