Privacy Policy

Last Updated: June 19, 2025

At ModelRed, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our AI security testing platform.

1. Information We Collect

Personal Information

Account Details: Name, email, company name, job title
Billing Information: Payment details, billing address (processed securely via Stripe)
Communications: Messages, feedback, and support requests
Profile Settings: Optional preferences and configurations

Usage Information

API Activity: API calls, assessment results, model configurations (encrypted)
Technical Data: IP addresses, browser type, device information
Platform Analytics: Feature usage, performance metrics, error logs
Security Logs: Authentication attempts and access patterns

AI Model Data

Model Configurations: Provider settings and parameters (encrypted)
Assessment Results: Security scores, vulnerability reports, test outcomes
Temporary Processing: Prompts processed during testing (not permanently stored)

2. How We Use Your Information

🔧 Service Provision

• Provide AI security testing services
• Process API requests and generate reports
• Manage accounts and billing
• Deliver customer support

📈 Service Improvement

• Analyze usage to improve our platform
• Develop new security capabilities
• Fix technical issues and bugs
• Conduct security research (anonymized)

💬 Communication

• Send service notifications
• Share security updates
• Marketing (with consent)
• Respond to inquiries

⚖️ Legal & Security

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service
• Ensure platform security

3. Information Sharing

🔒 We Don't Sell Your Data

We never sell your personal information. We only share data in limited circumstances with trusted service providers or when required by law.

Service Providers

We work with trusted partners who help us operate:

Payment Processing: Stripe for secure billing
Email Communications: SendGrid for service emails
Cloud Infrastructure: AWS and Vercel for hosting
Analytics: Basic usage analytics (privacy-focused)

Legal Requirements

We may disclose information when required by law or to:

Comply with legal processes or government requests
Protect our rights, property, or safety
Prevent fraud or security threats
Enforce our Terms of Service

4. Data Security

🔐 Technical Safeguards

Encryption: TLS 1.3 in transit, AES-256 at rest
Access Controls: Role-based with MFA
Network Security: Firewalls and monitoring
Infrastructure: SOC 2 compliant providers

👥 Organizational Measures

Employee Training: Regular security awareness
Background Checks: For data access roles
Incident Response: Documented procedures
Regular Audits: Security assessments

Special Data Handling

API Keys: Encrypted and never logged in plain text
Model Configurations: Encrypted before storage
Assessment Data: Secured with appropriate access controls
Logs: Automatically purged per retention policies

5. Data Retention

We retain information only as long as necessary:

Account Data: While active, plus 90 days after closure
Billing Records: 7 years for accounting and tax purposes
Usage Analytics: Aggregated data for up to 2 years
Security Logs: 1 year for monitoring purposes
Assessment Results: Per your subscription plan limits

You can request data deletion at any time, subject to legal requirements.

6. Your Rights & Choices

Access & Control

View Your Data: Access personal information through your dashboard
Export Data: Download your assessment results and configurations
Update Information: Correct your account details anytime
Delete Account: Request complete account deletion

Communication Preferences

Marketing Emails: Unsubscribe anytime
Service Notifications: Essential emails only (can't be disabled)
Cookie Settings: Manage through your browser

How to Exercise Rights

7. International Users

ModelRed operates from the United States. If you're located outside the US, we ensure adequate protection through:

Standard Contractual Clauses: EU-approved transfer mechanisms
Adequacy Decisions: Transfers to countries with adequate privacy laws
Data Processing Agreements: With international service providers

8. Cookies & Tracking

Essential Cookies (Required)

Maintain login sessions
Remember preferences
Ensure security

Analytics Cookies (Optional)

Understand platform usage
Identify improvement areas
Monitor performance

You can manage cookie preferences through your browser settings.

9. Children's Privacy

Our services are not intended for children under 13. We don't knowingly collect information from children under 13. If we discover such data, we delete it immediately.

10. Data Breach Notification

In the unlikely event of a breach affecting your data, we will:

Notify you within 72 hours of discovery
Explain what information was involved
Detail our response actions
Provide protection guidance

11. Jurisdiction-Specific Rights

California Residents (CCPA)

Right to know what information is collected
Right to delete personal information
Right to opt-out of sale (we don't sell data)
Right to non-discrimination

EU Residents (GDPR)

All rights above, plus:
Right to data portability
Right to object to processing
Right to lodge complaints with supervisory authorities
Contact our DPO: dpo@modelred.ai

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes:

Post updated policy on our website
Email registered users
Update the "Last Updated" date

Continued use after changes indicates acceptance.

13. Contact Us

Privacy Questions?

Privacy Team: contact@modelred.ai

Data Protection Officer: contact@modelred.ai

General Support: contact@modelred.ai

Security Issues: contact@modelred.ai

This Privacy Policy is effective as of the date listed above and applies to all information collected by ModelRed.