Ainfera
block 4,857
DRAFT · pending counsel. This page is an AI-drafted outline, published here for transparency. Treat the audit chain and the product itself as authoritative until legal counsel signs off — at which point the banner comes down and the page becomes indexable.

Privacy.

A short, honest privacy policy for a product that lives or dies on whether you trust the audit. No dark patterns, no "we may share with selected partners."

effective 2026-05-14 · version v3 · supersedes v2 (effective 2026-02-04)
in one paragraph

What this is.

Ainfera is an inference router for autonomous agents. To operate it, we store account data (email, GitHub handle, billing) and the metadata of each routed call (model chosen, cost, timestamp, audit hash). We don't store your prompts or responses in any database we control beyond a short hot window — and the public audit chain stores only hashes of those, never their contents.

The short version: hashes on chain · prompts in your workspace · we can't read your traffic. If you want the long version, keep reading.
01 · what we collect

What we collect.

Account. Email, public GitHub profile fields (handle, avatar URL), the workspace name you choose, billing details when payment turns on at GA.

Inference metadata. For each routed call: model chosen, candidate set, caps applied, token counts, latency, cost, timestamp, agent id. Required to bill, route, and prove.

Content (transient). Prompts and responses pass through our system to reach the model. They're held encrypted, in a 30-day hot window so the dashboard can show you what happened. After 30 days, encrypted-archive for the retention you've configured (default 365 days; configurable down to 0).

Telemetry. Crash logs, API error rates, region. No tracking pixels on the marketing site. No third-party analytics on the dashboard. why →

02 · what goes on chain

What lands on the public audit chain.

The chain stores only the hashes of prompts and responses, not their contents. It stores the decision shape — candidate set, caps, winner, policy version — and dollar amounts. It does not store agent metadata, your prompts, or anything that could re-identify a user.

on-chain record5 fields · hashes only
prompt_hash   # sha-256 of canonical prompt
response_hash # sha-256 of canonical response
decision_hash # sha-256 of routing decision
cost          # direct cost, margin, billed (USD)
timestamp     # UTC, second precision
  • prompt_hash · sha-256 of canonical prompt · prompt itself never on chain
  • response_hash · sha-256 of canonical response · response itself never on chain
  • decision_hash · sha-256 of canonical routing decision · the candidate set
  • cost · direct cost, margin, billed amount, in USD
  • timestamp · UTC, second precision

The chain is immutable and public. We can't take a hash off it once posted. read the audit page →

03 · how we use it

How we use what we collect.

  • Route your calls within your caps · the product
  • Bill you for inference · the only revenue
  • Show you the dashboard · operational
  • Notify you of incidents · operational
  • Compute the leaderboard on /models · aggregate, not per-account

We do not sell, license, or rent any of it. We do not train models on your traffic. We do not use it to "improve user experience" in any sense beyond the operational ones above.

policyno-sell · no-train · no-rent
if request.kind == "sell-data":
    return "no"
if request.kind == "train-on-traffic":
    return "no"
if request.kind == "rent-data":
    return "no"
04 · who we share with

Who sees your data.

Upstream model providers. When we route a call to a model, your prompt is sent to that provider's API. Their privacy policy governs what they do next. We send only what's needed for the call — no metadata, no account fields.

Subprocessors. A short, public list of the vendors we use to operate Ainfera (hosting, payments, transactional email). See /subprocessors. Every change is announced 30 days in advance.

Law enforcement. We will fight a vague subpoena. We will comply with a specific, lawful one, and we will tell you unless we're legally barred from doing so.

The chain. Hashes are public by design. Decision records are queryable by anyone with an inference id — including your auditor, your customer, or a regulator. This is the product.

verifypublic read · no key required
# re-hash your payload and compare to the chain
$ curl https://api.ainfera.ai/v1/audit/<inference_id>
$ sha256sum canonical_prompt.json
$ diff on_chain.hash local.hash
05 · retention

How long we keep things.

  • Prompts & responses — 30 days hot · 365 days encrypted-archive default · configurable per workspace · deletable on request
  • Inference metadata — indefinite. The audit is the product.
  • Account & billing — duration of the account + 24 months for tax/audit compliance after closure
  • On-chain hashes — forever. We cannot remove them. By design.
retention defaultsconfigurable per workspace
prompts.hot          = 30d
prompts.archive      = 365d # configurable down to 0
inference.metadata  = indefinite
account.billing     = tenure + 24mo
chain.hashes        = forever # by design
06 · your rights

Your rights.

Wherever you live, you can email privacy@ainfera.ai and ask us to: show you the data we hold on you, correct it, delete it, export it, or stop processing it. We respond in <30 days, usually within a week.

Deletion is irreversible for everything except chain hashes (which can never be deleted by anyone, including us — that's the point).

07 · regional law

If you're in the EU, UK, California, or Brazil.

EU/UK (GDPR/UK-GDPR). Ainfera Inc. is the data controller for account data and the data processor for inference content. Lawful basis: contract (operating the service), legitimate interest (security and fraud), consent (optional analytics). Cross-border transfers under EU SCCs; UK transfers under the UK Addendum. DPA on request →

California (CCPA/CPRA). We do not sell or share your personal information as those terms are defined under California law. You may request access, correction, deletion, or portability via the address above. We honor the Global Privacy Control signal.

Brazil (LGPD). Ainfera processes Brazilian personal data under contract and legitimate interest. Brazil-located requests routed through the same privacy@ address.

08 · children

Children.

Ainfera is a developer infrastructure product. We do not knowingly collect data from users under 18. If you believe we have, write to privacy@ainfera.ai and we will delete it on confirmation.

09 · changes

How this policy changes.

Material changes get 30 days' notice, in this feed and by email to all account holders. Non-material changes (typos, link updates) are reflected immediately and noted in the version history. Every version is signed by the founder and posted on chain — see the meta column above for the diff link.

10 · contact

Talk to us.

Privacy questions, data requests, DPA needs, anything else:

v3 signed by the founder on 2026-05-14 · committed to chain