Skip to content

Privacy Policy

Effective date: 2026-05-19 Last updated: 2026-05-19

This Privacy Policy describes how Provocative Science ("we", "us", "our") collects, uses, and protects information when you use the Provocative Inference API and related services (the "Service") at inference.provocative.earth.

At a glance

  • We do not train models on your prompts, completions, embeddings, or any other content you send to or receive from the Service.
  • We do not log prompt or completion content by default.
  • We do not sell customer data and do not share it with third parties except to operate the Service or where required by law.
  • Workspaces may opt in to request logging for debugging. When enabled, content is retained for 90 days and then deleted.
  • The Service runs on hardware we own and operate in Massachusetts, United States. Inference requests are processed within that footprint.

1. Information we collect

1.1 API request metadata (collected by default)

For every request to the Service we record:

  • A unique request identifier and timestamp
  • The model called and the workspace and API key prefix that called it
  • Input and output token counts
  • Latency, queue time, and other performance measurements
  • The error class, if the request failed
  • The source IP address (for rate limiting and abuse prevention)

We do not record the contents of prompts, completions, embedding inputs, or embedding vectors as part of this default metadata.

1.2 Prompt and completion content (opt-in only)

Workspace administrators can enable "request logging" from the dashboard. While it is enabled, prompts and completions for that workspace are stored and made available in the dashboard's request log explorer for debugging.

  • Request logging is off by default.
  • Stored content is automatically deleted after 90 days.
  • Workspace administrators can disable request logging at any time; new content stops being captured immediately, and content already captured continues to age out under the 90-day window.

1.3 Account, workspace, and billing information

To create and operate a workspace we collect:

  • The workspace name, the contact email, and the names and emails of users you invite
  • Billing contact and address information
  • Payment instrument details, which are handled by our payment processor; we do not store full card numbers
  • Records of invoices, payments, and any tax-relevant information we are required to retain

1.4 Documentation site

This documentation site is static. We do not place advertising or behavioral-tracking cookies on it.

2. How we use information

We use the categories of information described in section 1 to:

  • Operate the Service: authenticate requests, route them to inference workers, return responses, enforce rate limits, and produce per-workspace usage reports.
  • Bill for usage and produce invoices and tax records.
  • Investigate operational issues, abuse of the Service, and security incidents.
  • Communicate with workspace administrators about their account, material changes to this policy, and incidents that affect them.

What we will not do

  • We will not use prompts, completions, embeddings, or any other customer content to train, fine-tune, evaluate, or benchmark any model, whether ours or a third party's.
  • We will not sell customer data.
  • We will not disclose customer data to third parties for advertising or marketing.

3. Data sharing

We share information only with the service providers that help us operate the Service — for example, our payment processor for billing and the infrastructure providers that host our control-plane databases. These providers are bound by contract to use the information only to deliver services to us, and they are not permitted to use it for their own purposes. A current list of subprocessors is available to customers on request.

We may disclose information when we are required to by law — for example in response to a subpoena, court order, or valid governmental request. Where we are legally permitted to do so we will notify the affected customer before responding.

4. Data retention

Category Retention
Prompt and completion content, when request logging is on 90 days from the request, then deleted
Prompt and completion content, when request logging is off Not stored
Request metadata (tokens, latency, model, workspace, error class) 13 months
Authentication and audit logs 13 months
Account, workspace, and billing records Lifetime of the account, plus the period required by applicable tax and accounting law

Backups follow the same schedule and age out on the same cadence as the primary records they protect.

5. Data residency

All inference workers and the primary control plane run on hardware we own and operate in Massachusetts, United States. Prompts and completions are processed within this footprint. We do not route inference requests through third-party cloud regions.

Customers with specific contractual data-residency requirements can contact us to discuss commitments tailored to their workspace.

6. Security

We follow standard practices for an inference platform:

  • Customer connections are protected with TLS.
  • API keys are stored as argon2id hashes; we never store them in plaintext.
  • Internal services authenticate to each other with mutually authenticated TLS within a private network.
  • Secrets are held in an external secret store, not in code or container images.
  • Access to production systems is limited to authorized personnel and is audit-logged.
  • Container images are built from pinned base images, scanned for vulnerabilities, and signed before deployment.

We do not currently hold a SOC 2 or ISO 27001 certification. We are happy to discuss our controls under NDA with prospective customers who need formal assurance.

7. Your rights

Workspace administrators can:

  • View account information and configuration from the dashboard.
  • Export usage records via the /v1/usage endpoint.
  • Delete a workspace. When a workspace is deleted we remove account records, request metadata, and any retained request-log content within 30 days, subject to the legal retention requirements described above for billing and tax records.

If you live in a jurisdiction that grants additional privacy rights — including, for example, the European Union, the United Kingdom, or California — you may have the right to request access to, correction of, deletion of, or portability of your personal information, or to object to certain processing. You can exercise these rights by emailing us at the address in section 10. We will respond within the period required by the applicable law.

8. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from them.

9. Changes to this policy

If we make a material change to this policy we will email workspace administrators and post the updated policy on this page at least 30 days before the change takes effect. Non-material clarifications (typo fixes, restructuring, additional examples) may be made without notice; the "Last updated" date at the top of this page will always reflect the most recent revision.

10. Contact

Questions about this policy, or requests to exercise a right described above, can be sent to privacy@provocative.earth.