ColdAIColdAI← Back to Home
Legal

Privacy Policy

How ColdAI LLC collects, uses, and protects your information

Effective Date: April 14, 2025 · ColdAI LLC

1. Introduction

ColdAI LLC ("ColdAI," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our websites, software products, APIs, and services (collectively, the "Services"), including the Medusa AI Platform.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of our Services.

2. Information We Collect

2.1 Information You Provide

  • Account Data: Name, email address, password (hashed), company name, job title, and billing information when you register.
  • Communications: Messages, inquiries, and support tickets you send us.
  • User Content: Prompts, files, documents, and other content you submit to our AI systems.
  • Payment Data: Credit card numbers and billing details (processed by third-party payment processors; we do not store raw card data).

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, session duration, and interaction logs.
  • Device & Technical Data: IP address, browser type and version, operating system, device identifiers, referrer URLs, and time zone.
  • Cookies & Tracking: We use first-party cookies, session tokens, and similar technologies for authentication, analytics, and preferences. You may control cookies through your browser settings.
  • API Usage Logs: Timestamps, endpoint calls, token counts, model selections, and response metadata when you use our APIs.

2.3 Information from Third Parties

  • OAuth identity providers (Google, GitHub, etc.) when you use social sign-in.
  • Payment processors for transaction confirmation and fraud prevention.
  • Analytics providers for aggregated usage insights.

3. How We Use Your Information

  • To provide, operate, and maintain our Services.
  • To process transactions and send related billing communications.
  • To authenticate users and maintain security of accounts.
  • To personalize your experience and deliver features you request.
  • To monitor and analyze usage trends to improve our Services.
  • To detect, investigate, and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations, resolve disputes, and enforce our agreements.
  • To send administrative notices, product updates, and (with your consent) marketing communications.
  • To train and improve AI models (only on anonymized or aggregated data unless you have specifically opted in to data contributions).

4. Legal Basis for Processing (EEA/UK Users)

Where applicable under GDPR or UK GDPR, we process your data under the following legal bases:

  • Contract Performance: Processing necessary to deliver Services you have subscribed to.
  • Legitimate Interests: Fraud prevention, security, analytics, and product improvement.
  • Legal Obligation: Compliance with applicable laws and regulations.
  • Consent: Marketing communications and optional data contributions to model training.

5. Sharing and Disclosure

We do not sell your personal information. We may share information with:

  • Service Providers: Cloud infrastructure providers, payment processors, analytics vendors, and other subprocessors who act under strict data processing agreements.
  • AI Model Providers: When you make API calls, your prompts may be processed by third-party model providers (e.g., OpenRouter, OpenAI). Review their respective privacy policies.
  • Legal Authorities: When required by law, court order, or to protect our rights, users, or the public.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to you.
  • With Your Consent: Any other sharing you explicitly authorize.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide Services. After account termination, we retain data for up to 90 days for backup and audit purposes, then securely delete it, unless longer retention is required by law or legitimate business necessity. Aggregated, anonymized data may be retained indefinitely.

7. Security

We implement industry-standard safeguards including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, multi-factor authentication for administrative systems, regular penetration testing, and formal incident response procedures. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, which may have different data protection laws. Where required, we implement appropriate safeguards such as Standard Contractual Clauses.

9. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access, correct, or delete your personal information.
  • Restrict or object to certain processing activities.
  • Data portability (receive your data in a structured format).
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority.

To exercise these rights, contact us at shayan@coldai.org. We will respond within 30 days.

10. Children's Privacy

Our Services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting the updated policy with a revised effective date and, where appropriate, by email or in-app notification. Continued use of our Services after changes constitutes acceptance.

12. Contact

For privacy inquiries, contact the Data Controller at:
ColdAI LLC
shayan@coldai.org

Other legal documents:

Privacy PolicyTerms & Conditions (Commercial)Terms & Conditions (Consumer)Responsible Scaling PolicyUsage PolicyResponsible Disclosure Policy