— legal

Privacy

effective · 2026-02-01 · short version

We try to keep the surface area of what we collect small, because every byte we keep is a byte we have to defend. The short version of this document follows. It applies to the hosted neurohab inference service.

what we collect

• The email address you used to register, plus a salted hash of your password.
• Per-request metadata required to bill and operate the service: timestamps, model identifier, token counts, GPU runtime, tenant ID, source IP.
• Aggregate telemetry from the runtime — cache hit rate, queue depth, GPU utilization. Not tied to specific requests.

what we do not collect

• Inputs and outputs of inference calls. We do not log prompts or completions, ever, unless you explicitly enable a debug flag for a specific request and we can both see the corresponding ticket.
• Browser fingerprints. The dashboard sets one cookie used for the session and nothing else.
• Third-party analytics. There are none on this site.

data retention

Per-request metadata is retained for 90 days for billing reconciliation, then aggregated and the row-level records are destroyed. Account records are retained as long as your account is active and for 30 days after account closure.

where data lives

Control-plane data is stored in jp-nrt-1. Inference happens in the region you select. We do not move tenant data between regions automatically. Backups are encrypted with per-tenant keys and stored within the same region.

your rights

You can request export or deletion of all data we hold about you by writing to privacy@neurohab.io. We aim to respond within seven days.

changes

We will notify tenants of material changes by email and post a note on this page with the previous effective date. The longer formal version of this policy is shared during onboarding.