Privacy Policy

This Privacy Policy explains how Redacted Labs, Corp., a Delaware corporation (“Redacted Labs,” “we,” “us,” or “our”), collects, uses, and discloses information in connection with the Pinstripes inference API, dashboard, and websites at pinstripes.io (the “Service”). It applies to visitors, account holders, and API users. By using the Service, you agree to this Policy.

1. The Short Version

• We do not train on your data. Prompts you send to the API and the completions we return are never used to train, fine-tune, or improve any model.
• We do not retain prompt or completion content. Inference inputs and outputs are processed transiently to serve your request and are not written to long-term logs.
• We keep limited metadata for billing. Request metadata such as token counts, latency, model identifier, and timestamp is retained for up to 30 days for billing and audit purposes.
• Inference stays in the US and EU. We run inference only in United States and European Union regions.

2. Information We Collect

“Personal information” means information that identifies, relates to, or could reasonably be linked with you. The categories below describe the personal and other information we collect.

Account information

When you register, we collect your email address and a hashed form of your password. If you enable two-factor authentication, we store the secret needed to verify your codes. We also store account settings, API key metadata (a hashed key identifier, label, and creation and revocation timestamps — never the raw key after it is first shown to you), and verification and session tokens.

Billing information

Payments are processed by Stripe. We receive transaction records and limited details such as the amount, currency, and a payment identifier, and we maintain your credit balance and transaction history. We do not collect or store full payment-card numbers; those are handled directly by Stripe.

API usage data

For each request, we record metadata used to compute charges and operate the Service: the API key identifier, model requested, prompt-token, completion-token, and cached-token counts, cost, latency and time-to-first-token, request outcome, and timestamp. As noted above, we do not store the content of prompts or completions.

Website and technical data

When you visit our websites or dashboard, we and our infrastructure providers may collect standard technical data such as IP address, browser type, and pages viewed, and we use essential cookies and local storage to keep you signed in and to operate the site.

3. How We Use Information

• to provide, operate, secure, and maintain the Service;
• to authenticate you and protect against fraud, abuse, and unauthorized access;
• to calculate usage, bill your account, and prevent abuse of credits and rate limits;
• to communicate with you about your account, including verification, security, password reset, and service notices;
• to monitor performance, debug, and improve the reliability of the Service; and
• to comply with legal obligations and enforce our Terms of Use.

We do not use your prompts or completions to train or improve machine learning models, and we do not sell your personal information.

4. Inference Inputs and Outputs

The content you submit to the inference endpoints and the content we generate in response are processed on our GPU worker nodes only for as long as needed to serve the request. They are not used for training and are not written to any durable log. The only record we keep about a request is the billing and operational metadata described above.

Inference cache. To reduce latency, our worker nodes maintain a tiered prefix/key-value cache across GPU memory, system memory, and local NVMe storage. This cache holds derived key/value tensors, not stored copies of your prompts, and it is transient and node-local: entries are evicted when higher-priority entries need the space, and the entire cache is destroyed when the node is shut down (our nodes scale to zero when idle). Cache data never leaves the worker node and is never backed up or used for any purpose other than serving subsequent requests faster.

5. How We Share Information

We share information only in the following circumstances:

• Service providers (subprocessors). We use vendors to operate the Service, including Stripe (payments), our GPU infrastructure provider (compute for inference), and Amazon Web Services (transactional email delivery and hosting). These providers process data on our behalf under contractual confidentiality and security obligations.
• Legal and safety. We may disclose information if required by law, valid legal process, or to protect the rights, safety, and security of Redacted Labs, our users, or the public.
• Business transfers. If we are involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

Our websites may link to third-party sites we do not control. This Policy does not apply to those sites, and we encourage you to review their privacy practices.

6. Data Retention

We retain account and billing records for as long as your account is active and as needed to comply with legal, tax, and accounting obligations. Request metadata is retained for up to 30 days for billing audit, after which it is deleted or aggregated. Prompt and completion content is not retained beyond transient processing.

7. Data Location and International Transfers

Inference is performed only in United States and European Union regions. Depending on your location, your information may be transferred to and processed in the United States or other countries where we or our service providers operate. Where required, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, for cross-border transfers.

8. Security

We use technical and organizational measures to protect information, including encryption in transit, hashing of passwords and API keys, access controls, and rate limiting. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Protect your API keys and account credentials, and notify us promptly of any suspected compromise.

9. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. Residents of the European Economic Area and the United Kingdom have rights under the GDPR and UK GDPR; California residents have rights under the CCPA/CPRA, including the right to know, delete, and opt out of the sale or sharing of personal information (we do not sell personal information). To exercise any of these rights, contact us at the address below. We will not discriminate against you for exercising your rights. If you are in the EEA or UK, you also have the right to lodge a complaint with your local data-protection supervisory authority.

10. Cookies

We use only cookies and browser storage that are necessary to operate the site and keep you signed in. We do not use third-party advertising cookies. You can control cookies through your browser settings, though disabling essential cookies may impair the dashboard.

11. Children’s Privacy

The Service is not directed to children under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

12. Changes to This Policy

We may update this Policy from time to time. We will revise the “Last updated” date above and, for material changes, provide additional notice where appropriate. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.

13. Contact

For privacy questions or to exercise your rights, contact us at [email protected]. The data controller is Redacted Labs, Corp., a Delaware corporation operating the Pinstripes service.