Privacy Policy

1. Introduction

Prufold Labs, Inc. ("Prufold Labs," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our secure AI agent execution platform at prufoldlabs.ai and app.prufoldlabs.ai (the "Service").

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

Key Principle: We are committed to transparency in how we handle your data. Our platform uses Trusted Execution Environments (TEEs) and cryptographic verification to ensure that even we cannot access your sensitive task data during processing.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using the Service:

• Account Information: When you sign up via Google OAuth, we collect your name, email address, and profile picture from your Google account
• Task Content: The prompts, inputs, files, and parameters you submit to our AI agents
• Payment Information: Billing details processed through our payment processor (Stripe). We do not store full credit card numbers
• Communications: Messages you send to us via email or support channels

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information:

• Usage Data: Task submission times, completion times, token counts, costs, and task status
• Device and Browser Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, pages viewed, links clicked, and other diagnostic data
• Cookies and Tracking: Session cookies for authentication and functional cookies for user preferences

2.3 Information from Third Parties

We receive information from third-party services you connect to our platform:

• Google OAuth: Basic profile information (name, email, profile picture)
• Stripe: Payment confirmation, subscription status, and transaction records

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Provide and Improve the Service

• Execute your AI agent tasks in secure TEE environments
• Generate cryptographic proofs and attestations
• Store and retrieve your task results
• Process payments and manage your credit balance
• Provide customer support and respond to inquiries
• Monitor, analyze, and improve the Service's performance and security

3.2 Communications

• Send you service-related notifications (task completion, low balance alerts)
• Respond to your support requests
• Send you updates about new features or changes to the Service (you may opt out)

3.3 Security and Compliance

• Detect, prevent, and address fraud, security issues, and technical problems
• Enforce our Terms of Service and protect our legal rights
• Comply with legal obligations and respond to legal requests

3.4 Analytics and Research

• Analyze usage patterns and trends (in aggregate, anonymized form)
• Improve our AI models, security systems, and cryptographic protocols
• Conduct internal research and development

4. How We Protect Your Information

4.1 Security Measures

We implement industry-leading security practices to protect your data:

• Trusted Execution Environments (TEEs): Your tasks execute in hardware-isolated enclaves (Intel SGX/TDX or AMD SEV) that prevent even our systems from accessing your data during processing
• Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Zero-Knowledge Proofs: Cryptographic verification that tasks executed correctly without revealing sensitive data
• Access Controls: Strict role-based access controls and least-privilege principles
• Audit Logs: Comprehensive logging of all system access and data operations
• Regular Security Assessments: Penetration testing, vulnerability scanning, and code audits

4.2 Data Isolation

Each user's data is logically isolated with row-level security in our database. Your task content and results are only accessible to your account.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We only share your information in the following limited circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Service:

• Supabase: Database and authentication services (US-based)
• Stripe: Payment processing
• Azure/AWS: Cloud infrastructure for compute and storage

These providers are contractually obligated to protect your data and may only use it to provide services to us.

5.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal process (subpoenas, court orders, search warrants)
• Government investigations or regulatory requests
• Enforcement of our Terms of Service
• Protection of our rights, property, or safety, or that of our users or the public

5.3 Business Transfers

If Prufold Labs is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any such change in ownership or control.

6. Data Retention

We retain your information for as long as necessary to provide the Service and comply with legal obligations:

• Task prompts and results: 90 days from task completion (automatically deleted after this period)
• Cryptographic proofs and attestations: 1 year from generation (for audit and verification purposes)
• Account information: Until you delete your account or request deletion
• Transaction and billing records: 7 years (required for tax and financial compliance)
• Aggregate analytics data: Indefinitely (anonymized and de-identified)

After the retention period, we securely delete or anonymize your data.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 General Rights (All Users)

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your account and associated data
• Data Portability: Request a copy of your data in a machine-readable format

7.2 GDPR Rights (EU/EEA/UK Residents)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Object: Object to processing of your personal data for direct marketing or legitimate interests
• Right to Restrict Processing: Request that we restrict processing in certain circumstances
• Right to Withdraw Consent: Withdraw consent for processing based on consent (without affecting prior processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing (GDPR):

• Contract Performance: To provide the Service you requested
• Legitimate Interests: To improve the Service, ensure security, and prevent fraud
• Legal Obligations: To comply with applicable laws and regulations
• Consent: For marketing communications (you may opt out at any time)

7.3 CCPA Rights (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, and shared
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt out of the "sale" of personal information (Note: We do not sell personal information)
• Right to Non-Discrimination: Exercise your rights without discriminatory treatment

California "Shine the Light" Law: California residents may request information about personal information disclosed to third parties for direct marketing purposes. We do not share personal information for third-party direct marketing.

7.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at info@prufoldlabs.ai with the subject line "Privacy Request." We will respond to your request within 30 days (or as required by applicable law).

You may also delete your account directly through your account settings. Upon account deletion, we will delete or anonymize your personal information, except where retention is required by law.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and core functionality (cannot be disabled)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with the Service (anonymized)

8.2 Managing Cookies

You can control cookies through your browser settings. However, disabling cookies may affect the functionality of the Service. We do not use third-party advertising cookies or tracking pixels.

9. International Data Transfers

Prufold Labs is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States.

For users in the European Economic Area, United Kingdom, and Switzerland, we ensure adequate protection for data transfers through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Technical safeguards such as encryption and TEE security
• Contractual commitments with our service providers

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions where we or our service providers operate.

10. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you believe we have collected information from a child under 18, please contact us immediately at info@prufoldlabs.ai.

11. Third-Party Links and Services

The Service may contain links to third-party websites, applications, or services that are not operated by Prufold Labs. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

When you use Google OAuth to sign in, Google's privacy policy applies to information Google collects. We only receive the basic profile information you authorize Google to share with us.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law. Notifications will be sent via email to the address associated with your account.

Our TEE-based architecture and encryption practices significantly reduce the risk of unauthorized access to your sensitive task data, even in the event of a system compromise.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a prominent notice on the Service
• Provide at least 30 days' notice before changes take effect (for material changes)

Your continued use of the Service after the changes take effect constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days (or as required by applicable law). For GDPR-related inquiries, you may also contact your local data protection authority.