Privacy Policy

1) Information We Collect

• Account information (email address and authentication method).
• Prompts, requests, and generated responses you provide to the service (chats, API inputs/outputs).
• Billing & transaction metadata (wallet balance, transaction IDs, usage metrics).
• API telemetry and operational logs (API key hash, timestamps, basic request metadata such as IP and usage counts) for security and billing.
• Basic technical data (browser, device, user agent, IP) for security and performance monitoring.

You may abstract inputs (e.g., describe scenarios without naming your company) and may use a burner login for additional sovereignty.

2) How We Use Information

• To provide, operate, and maintain the service (including processing API requests).
• To authenticate users and secure accounts (e.g., detect compromised API keys).
• To bill and manage accounts (charge usage, track wallet balances, display usage history).
• To debug, monitor, and improve system reliability, performance, and security. This includes storing anonymized or aggregated telemetry to identify faults and optimize infrastructure.
• To comply with legal obligations, detect abuse, and respond to security incidents.

We do not sell or rent your personal information to third parties for advertising purposes.

2A) Specifics for Null Lens (API)

• API keys: Lens access requires an API key. We store only a secure hash of keys for verification and attribution; we do not store raw keys after creation. Anyone with a key can consume associated account resources — treat keys like passwords.
• Request & response logging: Lens requests and responses may be logged to operate the API (billing, abuse detection, debugging). Logs may include API key hash, timestamp, request metadata, and the prompt/response text. Logs are used for operations and internal improvements only.
• Billing & usage: We store usage counts, pricing tier data, and minimal billing metadata (transaction IDs, amounts) to manage accounts.
• No public model training: We do not use your prompts/responses to train public models unless we clearly state otherwise in this policy or via a separate agreement.
• Do not submit regulated data: Do not send PII, protected health information, payment card data, or other highly sensitive data to Lens unless you have explicit authorization and accept the associated risk.

3) Data Retention

Prompts, responses, logs, and billing metadata are retained to provide the service (chat histories, dashboards, billing reconciliation) and for operational debugging, security, and fraud detection. Data remains until you delete it or your account is terminated. Deletion removes data from active systems; limited encrypted backups may persist temporarily for disaster recovery and are cleared on a scheduled cycle. Temporary infrastructure logs from model inference providers (e.g., RunPod) may record minimal technical metadata (timestamps, latency, request size) for a short duration before automatic rotation. These are used solely for debugging and performance monitoring.

For requests to fully delete account data, contact support (see Contact section). Deletion requests will be handled in accordance with applicable law and our data-retention processes.

4) Security

We use reasonable technical and organizational safeguards to protect data (encryption in transit and at rest, access controls, monitoring). However, no system is completely secure — use Null at your own risk. Immediately rotate or revoke API keys you suspect are compromised. While we apply strong safeguards, no system is immune to incidents; by using Null, you acknowledge residual risk inherent in cloud-based services.

In the event of a security incident involving personal data, we will follow our incident response procedures and notify affected users or authorities as required by law.

5) API Keys & Developer Responsibilities

• Keep API keys secret. Do not embed keys in public client-side code or in public repositories.
• You are responsible for activity tied to your keys (usage, billing, abuse). Revoke or rotate compromised keys immediately.
• We may automatically suspend or restrict keys that exhibit suspicious or abusive behavior.

6) Third-Party Providers & Inference

We rely on third-party providers (e.g., Clerk for auth, Supabase for storage, RunPod or cloud inference providers for model execution, Stripe for payments). These providers process limited data as needed to deliver functionality. Each provider has its own privacy practices. By using Null you also agree to those providers’ policies.

We are not responsible for outages or policy changes by third-party providers.

7) International Transfers & Service Location

Null operates under the laws of Singapore and may process and store data in Singapore or other jurisdictions where our providers operate. By using the service, you consent to the transfer and processing of your information in those locations.

8) Legal Requests & Abuse

We may disclose information (including prompts, responses, logs, and billing records) to comply with legal obligations, defend our rights, investigate abuse, or protect the safety of our users or the public.

9) Data Subject Rights

Depending on your jurisdiction, you may have rights (access, correction, deletion, portability). To exercise rights, contact support. We will verify requests and respond in accordance with applicable law. Requests are processed under Singapore’s Personal Data Protection Act (PDPA). Where required, we will extend equivalent rights to users in other jurisdictions.

10) Payments

We do not store full payment card data. Billing is handled by third-party processors (e.g., Stripe). We may retain minimal billing metadata (transaction IDs, status) to operate your account.

11) Children

The service is not directed at children under 13 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us to request deletion.

12) Changes

We may update this Privacy Policy from time to time. Material changes will be posted here with an updated date. Continued use of the service indicates acceptance of the revised Policy.

13) Contact

Questions or requests (deletion, data access, security): support@null-core.ai