ModelsLeaderboard
Sight OracleFHE Data DAO
Docs

Sight AI Privacy Policy

Last Updated / Effective: October 9, 2025

Contact: contact@sightai.io

This Privacy Policy explains how Sight AI ("Sight", "we", "our", or "us") collects, uses, shares, and protects information when you access or use our websites, dashboards, APIs, SDKs, and related services (the "Service"). If you do not agree with this Policy, please do not use the Service.

1) Who we are and scope

Sight provides (A) a unified AI gateway (OpenAI-style API) that aggregates multiple models with smart routing and billing, and (B) an optional provider program ("BYOK / Share Idle Compute") that allows providers to securely contribute upstream idle compute resources for orchestrated execution and verifiable rewards. This Policy applies to all users of the Service, including API consumers and providers.

2) Information we collect

  • Account & Contact: email, username/handle, organization, wallet address (if used), profile preferences, communication records.
  • Usage & Telemetry: timestamps, request/response metadata (model ID/route, token counts, latency, status/error codes), IP (or network hints), user agent, basic device info.
    • By default, we retain only what is necessary for routing, billing, security, and audit.
  • Content you send: prompts, files, images, and other Inputs; Outputs returned to you. (See §5 for how we handle content.)
  • Payment & Billing: limited billing metadata and transaction identifiers from processors (e.g., Stripe/Coinbase). We do not store full card numbers or private crypto keys.
  • Provider Data (BYOK): identifiers of compute capacity are stored only in encrypted form and decrypted only inside authorized execution components for fulfilling requests.
  • Support & Trust/Safety: tickets, abuse reports, fraud signals.
  • Do Not Collect (by default): we do not intentionally collect sensitive biometric data or government IDs unless required by law or verification needs you initiate.

3) How we use information (purposes)

  • Provide and operate the Service: request routing, metering, billing, rate-limiting, and support.
  • Security & integrity: detect/prevent fraud/abuse, incident response, auditing, and compliance.
  • Service quality: debugging, reliability improvements, capacity planning, and usage analytics (in aggregate or de-identified form).
  • Communications: account notices, product updates, and support messages (you can adjust preferences for non-essential emails).
  • Legal & compliance: to meet tax, accounting, and lawful requests.

4) Legal bases (where applicable)

When required by law (e.g., GDPR/UK GDPR), we rely on:

  • Contract necessity (to provide the Service),
  • Legitimate interests (security, fraud prevention, product improvement),
  • Legal obligations (tax/audit), and
  • Consent (e.g., optional prompt/chat logging, marketing).

5) Inputs & Outputs (User Content)

  • Default logging: We keep minimal operational metadata needed for routing, billing, security, and audit.
  • Optional logging for improvement/debug: If we offer prompt/chat logging as an opt-in, and you enable it, we may store Inputs/Outputs for diagnostics and quality. You can disable it anytime (prospective effect).
  • Upstream models: When you choose a model, your Inputs/Outputs may be sent to that third-party provider, which may process, store, or use content under its own terms (including safety/abuse or training policies). We strive to label model-specific terms, but you are responsible for reviewing them and deciding what to send.
  • No sale of prompts: We do not sell your personal information or prompts. We may use de-identified, aggregated metrics to publish rankings or performance statistics.

6) BYOK / Share Idle Compute (Providers)

  • Zero-trust storage: Provider credentials are encrypted at rest and in transit; Sight backends do not store them in plaintext form. Decryption occurs only within authorized executors to fulfill calls.
  • Access controls & auditing: computing power usage is restricted to configured routes; anomalous or abusive traffic may be blocked, and rewards withheld or clawed back.
  • Separation of data: usage metrics for reward calculation may be aggregated and published (e.g., via proofs/roll-ups) without exposing underlying credentials or personal data.

7) Sharing of information

We may share information with:

  • Subprocessors/Service Providers: cloud infrastructure, logging/monitoring, support, analytics (de-identified where feasible), payment processors (Stripe/Coinbase), and anti-abuse vendors—only to operate the Service.
  • Upstream Model Providers: when you select a model, your request data is shared as necessary to generate Outputs.
  • Legal & Safety: to comply with laws, enforce terms, protect users and the Service, or respond to lawful requests.
  • Business transfers: as part of a merger, acquisition, or asset sale, subject to this Policy.

We do not sell personal information, and we do not share it for cross-context behavioral advertising (as defined by certain privacy laws).

8) Data retention

  • Operational logs: typically 30–90 days unless we need longer for security, audit, or legal obligations.
  • Account & billing records: for as long as you maintain an account and as required by tax/audit laws (often 5–7 years).
  • Optional prompt/chat logs: retained only if you opted in; deletable prospectively upon opt-out.
  • Provider credentials: retained in encrypted form until you rotate/revoke or your program participation ends.

Actual retention may vary if law or litigation holds require longer storage.

9) Security

Provider credentials follow a zero-plaintext design (e.g., modern public-key exchange and AEAD encryption). No method of transmission or storage is 100% secure; please keep your credentials and API keys secret.

10) International data transfers

We may process and store data in the United States and other countries. Where required (e.g., EEA/UK), we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and technical measures (encryption/pseudonymization).

11) Your rights & choices

Depending on your region, you may have rights to access, correct, delete, restrict, port, or object to certain processing. You can also:

  • Disable optional prompt/chat logging (if available).
  • Opt out of non-essential communications.
  • Close your account (we will delete or de-identify data not required by law).

Requests: contact@sightai.io. We may ask for verification. We will not discriminate for exercising rights permitted by law (e.g., CCPA/CPRA).

12) Children

The Service is intended for users 16+. We do not knowingly collect personal information from children under 16. If you believe a minor provided data, contact us and we will delete it.

13) Do Not Track & automated decisions

We do not respond to "Do Not Track" signals. We do not make solely automated decisions that produce legal or similarly significant effects without human oversight.

14) Changes to this Policy

We may update this Policy from time to time. Material changes will be announced via the dashboard or in-product notices. Your continued use of the Service after the effective date signifies acceptance.

15) Contact

For privacy requests or questions: contact@sightai.io

If this Policy is provided in multiple languages, the English version controls in case of conflict, unless a law in your jurisdiction requires otherwise.