Privacy Policy
We minimize data collection, respect regional rules, and never train models on your data without explicit consent.
Data we process and your controls
Data we process
We process the minimum data needed to deliver the service: account identifiers, billing contact details, authentication artifacts, and customer‑provided content that agents operate on. Operational telemetry (timestamps, status codes, and performance counters) is collected to keep the platform reliable and secure. You control what is sent. At your request we can disable or redact categories of telemetry where feasible.
Content provided to the platform (documents, tables, messages, structured records, and agent prompts) is encrypted in transit and at rest. Unless you have explicitly opted in via a separate addendum, we do not use your content to train foundation models or to build generalized product features.
Your controls
Fine‑grained controls include data export and deletion, region pinning, configurable log retention, and API‑level redaction of secrets and PII. Enterprise plans include a DPA, SCCs, and region‑locked processing. To exercise a right or file a request, contact support; we respond within statutory windows.
AI and model usage
Prognostic.AI orchestrates multiple models—commercial, open‑source, and first‑party components. We select models per task and policy, and we isolate enterprise content within your tenancy. Unless an optional integration explicitly states otherwise, your content is not used to train third‑party models. For bring‑your‑own‑key scenarios, traffic is sent directly to the model vendor under your own agreement.
Agents can run internal simulations and tests that generate synthetic data for the sole purpose of validating plans. Synthetic data is never merged with your source content and can be deleted on request or at the end of a simulation window.
Legal bases and retention
Legal bases
Where the GDPR applies, our legal bases include performance of a contract (to deliver the service you requested), legitimate interests (to secure and improve the platform), and consent where required (for optional features or marketing communications). We honor data subject rights: access, rectification, portability, restriction, objection, and erasure.
Retention
We retain account records for as long as you maintain an active subscription and for a limited period thereafter to meet legal and audit obligations. Operational logs are retained for a configurable window; model prompts and responses are retained only to operate the agent session or if you enable session history.
Processors and transfers
Sub‑processors
We use vetted infrastructure providers for networking, compute, storage, and observability. A current list of sub‑processors is available on request and is incorporated by reference into our DPA. We require data‑processing agreements, security reviews, and regional safeguards from each sub‑processor.
International transfers
When personal data is transferred out of the EEA, UK, or Switzerland, we rely on adequacy decisions or Standard Contractual Clauses with additional safeguards. Region pinning keeps data within your selected geography where supported.
Cookies and telemetry
- Do you use tracking cookies?
- We use strictly necessary cookies to keep you signed in and to protect the service from abuse. Optional analytics help us understand product usage at an aggregate level.
- What telemetry is collected?
- Telemetry is minimized and pseudonymized where possible. We do not build advertising profiles, and we do not sell personal information.
Contact
For privacy inquiries or to execute your rights, contact our team via the contact page. For enterprise requests—including custom DPAs, regional processing, or security questionnaires—please book a call.