PublicAI Data PRIVACY POLICY
Last Updated on:
This Privacy Policy (this "Policy") describes how PublicAI ("PublicAI," the "Company," "we," "our," or "us") collects, uses, discloses, and protects information in connection with the Services. PublicAI is an AI access and governance platform: PublicAI Personal helps individual users access AI more affordably and reliably by aggregating multiple AI providers with price optimization and automatic failover, and PublicAI Team provides organizations with a private AI workspace to govern members, budgets, model access, provider keys, usage visibility, and privacy protection. This Policy applies to your use of our website, applications, application programming interfaces, and associated products (collectively, the "Services"). By accessing or using the Services, you ("User," "you," or "your") acknowledge that you have read and agree to this Policy and our Terms of Service.
This Policy governs how we handle personal information. Contractual matters — including dispute resolution, indemnification, limitation of liability, and force majeure — are governed exclusively by our Terms of Service and are not duplicated here.
1. Scope
This Policy applies to all Services offered by PublicAI and its affiliates, including services provided through third-party sites such as analytics and infrastructure providers. It does not apply to services governed by a separate privacy policy that does not incorporate this Policy by reference.
This Policy does not apply to:
- the information practices of other companies or organizations that advertise or link to the Services; or
- services offered by other companies or individuals, including the external AI provider APIs and upstream model providers accessed through the Services.
Where you use the Services to route requests to an upstream AI provider, that provider's own privacy policy governs how it processes the data it receives. PublicAI does not control, and is not responsible for, the data practices of upstream providers.
Controller and processor roles
- For PublicAI Personal, PublicAI generally acts as the controller of your personal information.
- For PublicAI Team, the customer organization is generally the controller of personal information processed within its workspace, and PublicAI acts as a processor acting on the customer's documented instructions. In that case, the customer's agreement and our Data Processing Addendum (Section 9) govern, and this Policy describes our practices as processor.
2. Information We Collect
- Automatically collected information. We use third-party tools that collect information through cookies for analytics and communication purposes. This includes cookies used to store User preferences, IP addresses, browser user-agent strings, and request header information collected for anti-spam and abuse-prevention purposes.
- Account information. Email addresses and, for PublicAI Team, workspace and member identifiers may be used to identify and authenticate Users and administrators.
- Payment information. Payments are processed through third-party payment platforms that may retain identifying details. PublicAI does not store your full financial account information on its servers.
- Usage metadata. To operate routing, governance, budgeting, and billing, PublicAI records usage metadata, including the requesting User or workspace, the model and provider used, token counts, cost, latency, request status, and timestamps. This metadata is used to deliver usage visibility, enforce budget and model policies, and produce billing records.
- Provider keys (BYOK). Where you bring your own upstream provider keys, those keys are stored in encrypted form and used solely to route your requests in accordance with your governance configuration. The bring-your-own-key model lets your organization retain ownership of its upstream AI accounts while using PublicAI as a governance layer.
TEE-based privacy protection and per-request signaling
The PublicAI routing layer may operate within a Trusted Execution Environment ("TEE"). Because not every route is necessarily TEE-protected, PublicAI signals the protection status of each request so that the promise is verifiable in practice rather than ambiguous:
- Per-request indication. Each API response includes a field indicating whether the request was routed through a TEE-protected path (for example, a
tee_protectedboolean and the identifier of the attested configuration). The same status is surfaced in the usage dashboard for each logged request. - Per-model and per-route availability. Model and route listings indicate whether TEE-protected routing is available for that model or provider. Where a workspace policy requires TEE protection, requests that cannot be served over a TEE-protected path are failed or blocked rather than silently downgraded.
- Attestation reference. For TEE-protected requests, the attested configuration can be independently verified through remote attestation as described in Section 4.
For routing paths protected by a TEE:
- Data in transmission. Prompts, inputs, and outputs routed through the protected layer are encrypted in transit, and the PublicAI routing layer cannot access the plaintext content.
- Data in use. Routing computation occurs within the secure TEE, and PublicAI does not access the memory, CPU state, or runtime data of the protected routing layer.
- Data in storage. Any temporary data within the TEE is encrypted and isolated from general PublicAI infrastructure.
- Prompt and response privacy. For TEE-protected routing, PublicAI does not collect, log, or store the plaintext content of your prompts or responses, and such interactions remain confidential by design at the routing layer.
For requests that are not TEE-protected, the applicable upstream provider and any intermediary may process request and response content under their own terms; PublicAI's handling of such content is limited to what is necessary to route the request and to record the usage metadata described above.
3. Purposes of Processing
PublicAI collects the minimum data necessary to operate and improve the Services. The purposes of processing include:
- Delivering the Services — routing requests across AI providers, optimizing for price and availability, performing automatic failover, and providing unified API access.
- Governance (PublicAI Team) — enforcing member permissions, budget and token limits, model access policies, and provider-key routing rules, and giving administrators visibility into who is using AI, which models are used, and at what cost.
- Maintaining service integrity — detecting spam, abuse, fraud, or downtime.
- Improving routing and reliability — measuring provider performance to improve price, stability, and failover behavior.
- Communicating with Users — regarding critical updates, service changes, and billing.
- Complying with legal obligations — and preventing fraud.
4. Verifiable Privacy and Remote Attestation
The Services are designed so that privacy protection is technically verifiable rather than dependent on a policy promise alone. For TEE-protected routing, PublicAI may provide remote attestation evidence enabling customers to verify that the routing layer is running the expected, privacy-preserving configuration and cannot access plaintext prompts or responses. The per-request and per-model signals described in Section 2 allow you to confirm, for any given request, whether TEE protection was applied.
PublicAI does not represent that upstream model providers are unable to access the data you choose to send to them, and does not present its privacy capabilities as unverifiable claims.
5. Data Retention
PublicAI retains personal information only for as long as necessary for the purposes described in this Policy. The following baseline retention periods apply unless a longer period is required to comply with law, resolve disputes, or enforce our agreements, or unless a customer's Data Processing Addendum specifies otherwise:
| Data category | Retention period |
|---|---|
| Plaintext prompt and response content routed over TEE-protected paths | Not retained |
| Usage metadata (user/workspace, model, provider, tokens, cost, latency, status, timestamp) | Up to [24 months], then deleted or aggregated |
| Account and workspace identifiers | Duration of the account, then deleted within [90 days] of account closure |
| Billing and transaction records | As required by applicable tax and accounting law (typically [7 years]) |
| IP and security logs | Up to [6 months] for anti-spam and abuse prevention |
| Support communications | Up to [24 months] after the matter is resolved |
Bracketed periods are configurable defaults; the current values are published in our documentation and may be adjusted for individual customers under a Data Processing Addendum. Plaintext prompt and response content routed through TEE-protected paths is not retained by PublicAI under any circumstances.
6. Your Privacy Rights
Depending on your location (including under the EU/UK GDPR, the California Consumer Privacy Act as amended by the CPRA, and similar laws), you may have the right to:
- access the personal information we hold about you and obtain a copy;
- correct inaccurate or incomplete personal information;
- delete your personal information;
- port your personal information to another service in a structured, machine-readable format;
- restrict or object to certain processing;
- withdraw consent where processing is based on consent; and
- not be discriminated against for exercising these rights.
PublicAI does not sell or "share" personal information for cross-context behavioral advertising as those terms are defined under California law.
How to exercise your rights. Individuals may submit a request through our privacy request channel (published at our website's privacy contact page) or by contacting our privacy team. We will verify your identity and respond within the timeframe required by applicable law (for example, 45 days under the CCPA, extendable as permitted, and one month under the GDPR). You may use an authorized agent where the law allows.
For PublicAI Team (processor context). Where PublicAI processes personal information as a processor on behalf of a customer organization, we will route any rights request we receive directly to the relevant customer and assist that customer in responding, as set out in our Data Processing Addendum. End users of a Team workspace should generally direct their requests to the controller organization.
Appeals. Where required by law, if we decline a request you may appeal by contacting our privacy team; we will respond within the period the applicable law prescribes. You may also lodge a complaint with your local supervisory authority or regulator.
7. International Data Transfers
PublicAI and its service providers may process personal information in countries other than the one in which you reside, including the United States. Where we transfer personal information across borders, we rely on an appropriate transfer mechanism, which may include the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, an adequacy decision, or another lawful mechanism. A copy of the relevant safeguards is available on request through our privacy team. For TEE-protected routing, plaintext prompt and response content is not accessible to PublicAI in any location.
8. Disclosure of Information
PublicAI does not sell, lease, or trade your personal information.
PublicAI may disclose information only in the following circumstances:
- with your explicit consent;
- to trusted sub-processors and service providers operating under contractual obligations, as described in Section 9;
- to the upstream AI providers necessary to fulfill your routed requests;
- to comply with law enforcement or regulatory requirements; and
- in connection with a business reorganization or transfer, with notice.
9. Sub-Processors and Data Processing Addendum
PublicAI engages third-party sub-processors to provide the Services, including infrastructure and hosting providers, TEE hardware providers, payment processors, analytics providers, and communication providers. PublicAI imposes data protection obligations on each sub-processor that are no less protective than those in this Policy and the applicable Data Processing Addendum. A current list of sub-processors, including each sub-processor's name, function, and processing location, is available to PublicAI Team customers on request through our privacy team.
For PublicAI Team customers, a Data Processing Addendum ("DPA") — incorporating the Standard Contractual Clauses where applicable — is available on request and, once executed, forms part of the customer's agreement. The DPA governs processing roles, security measures, sub-processor change notifications, audit rights, breach notification timelines, and assistance with data subject requests. Customers with an executed DPA receive advance notice of sub-processor changes in accordance with that DPA.
10. Security and Breach Notification
PublicAI maintains administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, encryption of stored secrets and provider keys, access controls, and TEE-based isolation for protected routing paths.
If PublicAI becomes aware of a personal data breach affecting your personal information, we will notify affected Users and, for PublicAI Team, the relevant customer organization (as controller) without undue delay and, where required by applicable law, within the legally mandated timeframe (for example, 72 hours of becoming aware, under the GDPR, for notification to the relevant authority or controller). Our notice will describe, to the extent known, the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed. This is in addition to your obligation to notify us promptly of any security issue you suspect.
11. Children's Privacy
The Services are not directed to children. You must meet the minimum age requirements set out in our Terms of Service to use the Services. PublicAI does not knowingly collect personal information from children below the applicable minimum age. If we learn that we have collected such information without required parental consent, we will delete it. Because AI services may raise heightened obligations for minors under laws such as COPPA and equivalent regimes, organizations deploying PublicAI Team to populations that may include minors are responsible for obtaining any required consents.
12. Third-Party Services
The Services connect to external AI model APIs and infrastructure providers, which are governed by their own terms. PublicAI does not guarantee the privacy, accuracy, or availability of outputs from third-party sources.
13. Governing Law
This Policy shall be governed by and construed in accordance with the laws of the State of California, without regard to its conflict-of-law principles. This governing-law provision concerns the interpretation of this Policy only; dispute resolution between you and PublicAI is governed by the Terms of Service.
14. Contact
If you have questions or requests relating to this Policy, or wish to exercise your privacy rights, please contact our privacy team through the privacy contact channel published on our website.
15. Changes to this Policy
PublicAI may update this Policy from time to time and will indicate the date of the latest revision. If changes are material, PublicAI will provide a more prominent notice, which may include notification by email. Your continued use of the Services after any update constitutes acceptance of the revised Policy. If you do not agree to the changes, you must discontinue use of the Services.