PRIVACY / PRIVATE BETA
Privacy Policy
This beta policy is intentionally operational: what data enters the system, how provider keys are handled, what support can request, and what can leave as a public proof export.
Status: legal review placeholder; last updated 2026-05-18
What we collect
Account identity, lab membership, invite status, project metadata, TaskSpecs, approval receipts, billing state, connector state, runtime status, and support evidence needed to operate private beta.
Provider keys
Provider keys stay server-side. Proof Foundry stores key fingerprints, redacted hints, status, and audit events; raw secrets are not shown in browser UI, ProofCards, screenshots, logs, or support bundles.
Artifact retention
Runtime events are retained for 90 days, project artifacts and proof records for 180 days, support evidence for 180 days, and application logs for 30 days during private beta. Secrets stay only until rotated, disabled, or deleted. These periods remain legal-review placeholders before public launch.
Deletion and export requests
Lab admins can request export, deletion, or redaction from the account data-retention surface. Exports exclude raw secrets and operational logs; deletion excludes public proof exports once approved for publication.
Public proof exports
Proof exports should include claims, evidence status, hashes, metrics, costs, and verifier outcomes. They must not include raw hidden reasoning, provider secrets, invite tokens, private dataset rows, or private repository content unless the lab explicitly approves that export.
Support evidence
Support may ask for timestamps, lab/project/run ids, event ids, screenshots with secrets hidden, and exact error copy. Support should not ask for API keys, access codes, webhook payloads, database URLs, or card data.
Contact
For beta privacy requests, use your Proof Foundry support contact and include lab id, project id, and the affected route. Do not include secrets in the request.