Privacy Policy — InertialAI

1) Who we are and scope

This Privacy Policy explains how InertialAI, Inc. ("InertialAI," "we," "us," "our") collects, uses, and shares information when you visit inertialai.com, use our documentation, dashboards, and APIs, or otherwise interact with our products and services for text and time-series AI (collectively, the "Services"). By using the Services, you agree to this Policy.

2) Information we collect

Account & contact data: name, email, password (hashed), phone (optional), company, role, and team/project info.

Payment data: billing name, email, address, last-four and tokenized card details processed by our payment processors.

Service content ("Customer Content"): inputs you send (e.g., text, documents, time-series), outputs we return, and derived artifacts such as embeddings.

Usage & device data: IP address, user-agent, device identifiers, timestamps, pages/API routes requested, response times, error logs, and diagnostics.

Cookies & similar tech: to keep you logged-in, secure accounts, remember preferences, and measure usage. You can control cookies in your browser settings.

We call out embeddings separately and treat them with the same level of protection as customer data, consistent with modern SaaS AI practice.

3) How we use information

• Provide and secure the Services (auth, routing, logging, fraud/abuse prevention).
• Operate, maintain, and improve the Services (quality, reliability, scaling, and model safety).
• R&D/model improvement: We may use Customer Content—including inputs, outputs, and embeddings—to fine-tune or improve our models unless you opt out (see §4). Platform analytics and aggregated statistics do not identify you.
• Communications: transactional emails (e.g., incidents, feature notices), and—if you opt-in—marketing.
• Compliance: enforce Terms, meet legal obligations, and protect rights, users, and the public.

4) Your choices (training opt-out, marketing, cookies)

Training Opt-Out: Admins can disable use of Customer Content for model training/Service improvement in Account Settings → Privacy (applies prospectively; we'll cease training use within a reasonable period). You can also email privacy@inertialai.com with subject "Training Opt-Out."

Marketing: You can unsubscribe via email footer or in settings.

Cookies: Browser-level controls may limit or disable certain features.

5) Data minimization & privacy-by-design

We implement appropriate technical and organizational measures—least privilege, encryption in transit/at rest, audit logging, data segregation, and pseudonymization where feasible—aligned with GDPR Article 25 (Data protection by design and by default).

6) How we share information

• Processors/Sub-processors: cloud, storage, compute, observability, email, billing, and support vendors under DPAs and confidentiality.
• Affiliates: controlled entities for support and operations under this Policy.
• Legal & safety: to comply with law or protect rights, safety, and security.
• Business transfers: merger, acquisition, or asset sale (we'll notify you of material changes).
• Aggregated/de-identified data: for statistics and performance insights that do not identify you or your users.

7) Retention

Account and billing data are kept while your account is active and as required by law. Customer Content used only to serve your request is retained per your workspace settings and security needs (e.g., short-term logs for abuse and incident response); content is excluded from training if you've opted out (§4).

Note: Sensitive strings can sometimes be inferred from embeddings; treat embeddings as potentially sensitive and avoid sending secrets.

8) International transfers

Where applicable, we rely on appropriate safeguards for cross-border transfers (e.g., EU Standard Contractual Clauses), plus supplementary measures following relevant guidance. We also offer regional/VPC deployment options by agreement.

9) Your rights

Depending on your location, you may request: access, correction, deletion, portability, or restriction; object to certain processing; and withdraw consent. For EEA/UK residents, we act as controller for account data and (typically) processor for Customer Content; you may contact privacy@inertialai.com to exercise rights. We honor CCPA/CPRA rights for California residents (including opt-out of "sale"/"sharing" as defined there).

10) Children

The Services are not directed to children under 13 (or 16 where applicable). We do not knowingly collect such data; please contact us to delete any such information.

11) Security

We use industry-standard controls (encryption, network isolation, key management, monitoring, access reviews, and secure development practices). No system is perfectly secure; promptly report issues to security@inertialai.com.

12) Changes to this Policy

We will post updates here and revise the "Last updated" date. Material changes will be notified via dashboard/email.