Privacy Policy

Effective Date: January 14, 2025

Last Updated: January 14, 2025

ModelRed Inc. ("ModelRed," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI security testing platform and services (the "Services").

By using ModelRed, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

For questions or concerns about this Privacy Policy, please contact us at contact@modelred.ai.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide to us when you:

  • Create an account: We collect your name and email address for authentication and account management.
  • Use our Services: You may provide company name, role, or other optional profile information.
  • Contact us: When you reach out for support or inquiries, we collect the information you provide in your communications.
  • Subscribe to paid plans: Payment information is processed through our third-party payment processor, Stripe. We do not store your complete payment card details.

1.2 API Keys and Credentials

When you integrate third-party AI model providers (such as OpenAI, Anthropic, Google, AWS, or others) with ModelRed:

  • We collect and store your API keys and credentials in encrypted form.
  • API keys are encrypted both at rest and in transit.
  • We use these credentials solely to perform security testing on your behalf against the models you specify.

1.3 Model Outputs and Test Data

When you run security probes and assessments:

  • We collect and store the prompts sent to AI models during testing.
  • We collect and store the responses received from AI models during testing.
  • We collect test results, verdicts, and security findings generated by our platform.
  • We do not collect or monitor your general usage of AI models outside of specific ModelRed security tests.

1.4 Usage Analytics

We automatically collect certain information about your use of the Services, including:

  • Log data (IP address, browser type, device information, timestamps)
  • Feature usage and interaction patterns
  • Performance metrics and error reports
  • Test execution history and results

1.5 Cookies and Tracking Technologies

We use essential cookies and similar tracking technologies to:

  • Maintain your login session
  • Remember your preferences and settings
  • Analyze usage patterns to improve our Services

You can control cookies through your browser settings, but disabling essential cookies may affect your ability to use certain features.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Services: Process security tests, generate reports, and deliver platform features.
  • Authenticate and manage accounts: Verify your identity and manage your access to the Services.
  • Process payments: Facilitate billing and payment processing through Stripe.
  • Communicate with you: Send service-related notifications, security alerts, support responses, and updates about your account.
  • Improve our Services: Analyze usage patterns, identify bugs, and enhance platform performance and features.
  • Train and improve AI models: We may use aggregated and anonymized test data, prompts, and model responses to train, improve, and develop our security detection models and algorithms.
  • Ensure security: Detect and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
  • Comply with legal obligations: Respond to legal requests and comply with applicable laws and regulations.

3. Data Retention

We retain your personal information and test data for as long as your account remains active or as needed to provide you the Services. Specifically:

  • Account information: Retained for the duration of your account plus a reasonable period afterward for legal and business purposes.
  • Test results and security findings: Retained indefinitely to maintain historical records and enable longitudinal security analysis.
  • API keys: Retained in encrypted form while your account is active or until you remove them.

You may request deletion of your account and associated data by contacting us at contact@modelred.ai. However, we may retain certain information as required by law or for legitimate business purposes.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating the Services, including:

  • Stripe: Payment processing
  • AWS (Amazon Web Services): Cloud infrastructure and data storage (US regions)

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders, government requests)
  • Enforcement of our Terms of Service
  • Protection of our rights, property, or safety, or that of our users or the public

4.3 Business Transfers

If ModelRed is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Encrypted storage of API keys and sensitive credentials
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring

However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

You may request a copy of the personal information we hold about you by contacting us at contact@modelred.ai.

6.2 Correction and Updates

You can update your account information directly through the platform settings. For other corrections, contact us at contact@modelred.ai.

6.3 Deletion

You may request deletion of your account and associated data by contacting us at contact@modelred.ai. Please note that we may retain certain information as required by law or for legitimate business purposes.

6.4 Opt-Out of Communications

You may opt out of non-essential marketing communications by following the unsubscribe instructions in our emails. You cannot opt out of essential service-related communications.

7. International Data Transfers

Your information is stored and processed in the United States on AWS infrastructure. If you are accessing the Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

8. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

9. Third-Party Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post the updated Privacy Policy on this page with a new "Last Updated" date. Your continued use of the Services after any changes constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

ModelRed Inc.
Email: contact@modelred.ai
Address: Delaware, United States

12. GDPR and Privacy Rights (For EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access: Request access to your personal data.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data (subject to legal obligations).
  • Right to restrict processing: Request restriction of processing in certain circumstances.
  • Right to data portability: Request transfer of your data to another service.
  • Right to object: Object to processing of your personal data for certain purposes.
  • Right to withdraw consent: Withdraw consent where processing is based on consent.

To exercise these rights, please contact us at contact@modelred.ai. We will respond to your request within 30 days in accordance with GDPR requirements.

13. California Privacy Rights (For California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know: Request information about the personal information we collect, use, and disclose.
  • Right to delete: Request deletion of your personal information (subject to exceptions).
  • Right to opt-out: Opt out of the sale of personal information (we do not sell personal information).
  • Right to non-discrimination: Not receive discriminatory treatment for exercising your privacy rights.

To exercise these rights, please contact us at contact@modelred.ai.