Privacy Policy

Data Privacy and Security

Last updated: Apr 16, 2025

Our Security Practices

At InferLabs, we highly value your data privacy and are strongly dedicated to safeguarding any information provided to us. We have implemented several industry-standard practices to ensure the security of your data. This document outlines how we manage your personal data and the protective measures we employ.

1. Personal Information You Provide

We gather personal information that you willingly share with us when you utilize our services or communicate with us.

  • Account Information: When you register for an account, we collect details such as your name, contact information, login credentials, and transaction records. This information is used to manage your account and deliver our services effectively.
  • User Content: When you use our services, particularly our AI-powered data analysis features, we collect the personal information contained within your inputs, uploaded files, or feedback. This "Content" is essential for us to provide you with accurate and relevant analysis.
  • Communication Information: If you contact us via email, chat, or other channels, we collect your name, contact details, and the content of your messages to provide you with better support.

Personal Information We Collect Automatically

When you access or use our services, we automatically receive certain information about your device and how you use our platform.

  • Log Data: Our servers automatically record information such as your IP address, browser type, the date and time of your access, and your interactions with our services. This helps us monitor security and improve our offerings.
  • Usage Data: We collect information about your usage of our services, including the content you view, the features you utilize, the actions you take, and your time zone and country. This data helps us understand user preferences and enhance your experience.
  • Device Information: We receive information about the device you use to access our services, such as the device name, operating system, device identifiers, and browser type.
  • Cookies: Our partners use cookies to store information and improve your experience. Cookies are small text files stored on your device. You can manage your cookie preferences through your browser settings.
  • Analytics: We utilize analytics tools, such as Facebook Pixel and PostHog, to understand how users interact with our services. This helps us evaluate the effectiveness of our advertising and make informed decisions to improve our services.

How We Use Your Information

We use your personal information for various purposes, including:

  • Providing Services: To operate, maintain, and deliver our services to you, including our AI data scientist functionalities.
  • Improving Services: To analyze user interactions with our services and implement enhancements.
  • Communication: To respond to your inquiries, provide customer support, and share important updates.
  • Security: To monitor and protect the security of our services, including the storage of IP addresses to prevent misuse by malicious actors.
  • Compliance: To adhere to legal obligations and enforce our terms of service.

Data Storage and Retention

We retain your personal information only for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is legally required or permitted.

  • Conversations and Prompts: Stored for as long as the conversation exists and is not deleted by you. You have complete control over deleting your conversations.
  • Temporary File Storage: Files you upload are stored temporarily—for one hour for free users and up to seven days for paid users.
  • Payment Information: We do not store sensitive payment information; our payment processor, Stripe, securely handles this data.

Sharing Your Information

We do not sell your personal information. We may share your information with:

  • Service Providers: Trusted third-party vendors who assist us in operating our services, such as payment processing via Stripe.
  • Legal Requirements: When required by law or to protect our rights and safety.

Your Choices and Rights

You have control over your personal information and can:

  • Access and Update: Access and modify your account information at any time.
  • Delete Conversations: Delete your conversations and prompts whenever you choose.
  • Manage Cookies: Adjust your browser settings to manage cookies.
  • Opt-Out: Opt-out of certain data collection and usage, such as analytics tracking.

Security Measures

We implement various security measures to safeguard your personal information, including:

  • Access Control: Strictly managing and monitoring employee access to user data.
  • Audit Logging: Implementing automated logs to track data queries.
  • Employee Training: Requiring annual privacy training for all employees.
  • Secure Access Controls: Files are stored temporarily in user-specific temporary workspaces that are automatically deleted after one hour of inactivity.
  • Containerized Sandbox Execution: Even our Python code execution environments are isolated in sandboxes for each user.
  • Default Encryption at Rest: All data sources connected to InferLabs are protected by encryption at the storage level using the Advanced Encryption Standard (AES) algorithm with a 256-bit key (AES-256).
  • Complete Control: When you delete a data source, all traces of the data are completely and permanently removed from our servers.

2. Privacy Officer Oversight

Our designated Privacy Officer is responsible for overseeing all aspects of privacy compliance. They maintain our policies and procedures and conduct annual privacy assessments with our engineering team to identify and address potential security vulnerabilities.

3. Internal Audits

We conduct regular audits of our data handling practices, including the protocols outlined in our Data Management and Retention Policy. These audits assess our compliance with privacy laws and internal policies and are part of our annual SOC 2 compliance evaluation.

4. Data Inventory Management

We maintain and regularly update a comprehensive data inventory that documents all stored data, its purpose, necessity, and storage location.

5. Access Control and Monitoring

We respect your privacy and ensure that you have control over your data:

  • User Access: You can view and manage your own conversations within your account.
  • Limited Employee Access: Authorized employees will only access your conversations to resolve technical issues, evaluate system performance, fix bugs, or when required by applicable law.

6. Employee Training and Awareness

All employees are required to complete an annual privacy awareness training program provided by a certified third-party security vendor. We track completion rates as a key performance indicator (KPI).

7. Data Minimization and Retention

We only store data that is essential for providing our services and ensuring security. Data retention periods are clearly defined, and users have options to control the deletion of their data. Upon request, we perform thorough data cleaning, including removal from external vendor storage.

8. Vendor Management

We exclusively engage with vendors that hold security and compliance certifications. All vendors undergo a validation process before we work with them. We maintain a detailed record of all vendors, including their purpose, data storage practices, and associated risk levels.

9. Privacy by Design

We integrate privacy considerations into the design and development of all new business processes, products, and services. Data Protection Impact Assessments are conducted as a standard part of our development lifecycle.

10. Incident Response

We have comprehensive policies and procedures in place for managing privacy incidents, which are documented in our security and compliance management platform.

11. Governance Reviews

Our privacy governance policies are reviewed annually or when significant regulatory changes occur to ensure ongoing compliance.

12. Key Performance Indicators (KPIs)

We monitor the effectiveness of our data governance through KPIs such as:

  • Data breach incidents
  • Employee training completion rates
  • Results of internal and external audits
  • Number and nature of data subject requests
  • Vendor compliance rates

13. Reporting

The Privacy Officer provides regular reports on data governance and privacy compliance to senior management, highlighting areas of risk, compliance gaps, and initiatives for improvement.

14. Continuous Improvement

We conduct regular reviews and utilize insights from audits and annual training to continuously improve our privacy practices.

15. Regulatory Compliance

This privacy policy is regularly reviewed and updated to ensure ongoing compliance with international, national, and industry-specific privacy regulations.

OpenAI's API Data Policy

Our primary service provider, OpenAI, shares our commitment to data security. OpenAI employs leading technical safeguards and maintains strong encryption for data security during transmission. Below is more information about OpenAI's security measures to protect your information.

  • OpenAI will not use data submitted through their API to train or improve their models.
  • Any data sent to OpenAI via their API will be retained for abuse and misuse monitoring purposes for a maximum of 30 days, after which it will be deleted (unless legally required otherwise).
  • The OpenAI API is SOC 2 Type 2 compliant and has been audited by an independent third-party auditor against the 2017 Trust Services Criteria for Security.

For more details on OpenAI's API data privacy and security measures, you can consult their API data usage policies . If you are interested in data privacy information regarding data sent to ChatGPT through our plugin, you can view OpenAI's privacy policy for their consumer applications.

Gemini's API Data Policy

Google retains Gemini Apps activity data for up to 18 months by default. While Google uses data to improve their services, they state that they do not directly train on individual prompts. However, human reviewers may read and process prompts and outputs for quality enhancement. For Google Cloud users (which includes us), prompts and tuning data are not used to train or improve foundation models. For more detailed information, please refer to:

  • Gemini Apps Privacy Hub
  • Gemini API Additional Terms
  • Generative AI and Data Governance

Contact Us

If you have any questions about this Privacy Policy, please contact our Privacy Department.