Privacy Policy

← Back to Home

Last updated: June 2026

1. Information We Collect

We collect basic account information to provide our services. This includes:

  • Account Information: Name, email address, company name, and payment information needed for billing.
  • Usage Metadata: We track API usage metrics (token counts, request frequency) purely for billing and rate-limiting purposes.
verified_user

2. Your Data & Zero Data Retention

Core to our values is the absolute privacy of your data.

  • Stored Data: Your conversation history, uploaded files, and documents are stored on the Platform and encrypted with per-user encryption keys. Only you can access this data through your authenticated account.
  • Zero Data Retention for AI Processing: When your prompts and documents are sent to AI models for processing, we adhere to a strict Zero Data Retention policy. Inputs and outputs are processed in real-time and are not logged, archived, or stored by the AI model infrastructure beyond the duration of the request.
  • Performance Caching: Token caching may be leveraged by the model serving systems exclusively for performance improvement. This data is rigorously isolated within the model hosting system, never reviewed by humans, and never accessed by any other system.
  • No Training: Your data is neverused to train, fine-tune, or improve our models or anyone else's.

3. How We Use Information

We use the limited account and metadata information we collect strictly to:

  • Manage your account and billing.
  • Provide customer support.
  • Enforce API rate limits and quotas.

4. Information Sharing

We do not share personal information with companies, organizations, or individuals outside of CustomAccess AI except in the following limited cases:

  • Payment Processing: We share necessary billing details with our secure payment providers.
  • Legal Requirements: We may disclose information when required to comply with valid legal process, such as a subpoena, court order, or government request.

5. Third-Party Services

We integrate with a limited number of third-party services to operate the platform. Each service is selected for its strong privacy and security practices:

  • Auth0 (Authentication): We use Auth0 to handle user authentication, including sign-in via Google, GitHub, and email. Auth0 processes your login credentials and authentication tokens on our behalf.
  • Google Analytics (Analytics): We use Google Analytics with Consent Mode v2 to understand how visitors interact with our marketing site. Analytics cookies are only set with your consent. For more details, see our Cookie Policy.
  • Cloud AI Providers (AI Processing): When you select Zero-Retention or Frontier tier models, your queries are processed by third-party cloud AI providers. All such providers are governed by zero-data-retention agreements — they do not store, log, or train on your data. A current list of providers is available on our AI Provider List page. When you use Enclave tier models, all processing occurs on our self-hosted infrastructure with zero data egress to any third party.

6. Cookies

We use a minimal number of cookies for authentication, security, and analytics. For a detailed explanation of the cookies we use, how we use them, and how to manage your preferences, please see our Cookie Policy.

7. Information Security

We employ industry-standard security measures to protect your information. All user data — including conversation history, uploaded files, and documents — is encrypted using per-user encryption keys. Even in the event of unauthorized access to our storage infrastructure, your data remains encrypted and unreadable without your individual key.

AI model inputs and outputs are processed transiently and are not persisted, providing an additional layer of protection for your most sensitive queries.

8. Data Retention

We retain your information only as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and you maintain an ongoing relationship with CustomAccess AI.
  • After Account Deletion: Upon account deletion, all associated data — including database records, search index entries, and memory — is crypto-shredded within 30 days. Crypto-shredding permanently destroys the per-user encryption keys, rendering all encrypted data irrecoverable.
  • Billing Records: Billing and transaction records are retained for 7 years as required by applicable tax law.
  • Anonymized Analytics: Anonymized, aggregated analytics data that cannot be used to identify individual users may be retained indefinitely.

9. Data Breach Notification

In the event of a data breach affecting personal data, we will notify affected users within 72 hours of becoming aware of the breach, as required by the GDPR. We will also comply with all applicable US state breach notification laws. Notification will include the nature of the breach, the data affected, and the steps we are taking in response.

10. Your Rights Under GDPR (EU Users)

If you are located in the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR) with respect to your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right of Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right of Erasure: You have the right to request that we delete your personal data, subject to certain legal exceptions.
  • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to the processing of your personal data for certain purposes, including direct marketing.

To exercise any of these rights, please reach out via our Contact Us page and select "Privacy & Data Rights" as the subject.

11. Your Rights Under CCPA (California Users)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

  • Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You have the right to request that we delete your personal information, subject to certain legal exceptions.
  • Right to Opt-Out of Sale: CustomAccess AI does not sell your personal information to third parties. Because we do not engage in the sale of personal information, there is no need to opt out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or pricing based on your privacy choices.

To exercise any of these rights, please contact us at privacy@customaccess.ai.

12. Children's Privacy

CustomAccess AI is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as promptly as possible. If you believe a child under 16 has provided us with personal data, please reach out via our Contact Us page.

13. Contact for Privacy Requests

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to submit a data subject request, please reach out via our Contact Us page and select "Privacy & Data Rights" as the subject.

We will respond to all data subject requests within 30 days of receipt.