Privacy Policy

1. Information We Collect

Strategic Innovations AI collects information you provide directly and information generated through your use of our platform.

Account Information

• Email address (for account creation and authentication)
• Billing information (processed by Stripe, never stored on our servers)
• API key identifiers (keys themselves are hashed; we store only SHA-256 hashes)

Usage Data

• API call counts and product usage (for billing and rate limiting)
• Operation latency metrics (for SLA monitoring)
• Error logs and diagnostics (for reliability engineering)

Content Processed

When you use our products, you submit content for processing (e.g., text for AI detection, vectors for indexing, prompts for reasoning). This content is processed ephemerally — it is held in memory during processing and discarded immediately afterward. We do not store the content of your API calls on our servers.

2. How We Use Your Information

We use your information to:

• Authenticate API requests and manage access controls
• Process billing and issue invoices via Stripe
• Monitor system health, latency, and SLA compliance
• Detect and prevent abuse, fraud, or Terms violations
• Respond to your support requests
• Send service notifications (e.g., subscription renewals, security alerts)

We never use the content of your API calls to train machine learning models.

3. Your Data Is Never Used for Model Training

This is the most important clause in this policy.

Strategic Innovations AI does not use any customer data — including the content of API calls, stored vectors, agent memory, or session data — for training, fine-tuning, or improving any machine learning model.

Your data is processed in isolated compute environments with zero cross-tenant training. NeuroCore and HoloDB operate on your hypervectors exclusively — the raw data never leaves your execution context.

If you require contractual guarantees beyond this policy, we offer Data Processing Agreements (DPAs) with explicit no-training clauses. Contact legal@strategic-innovations.ai.

4. Data Sharing

We share your information only in these limited circumstances:

• Stripe: Billing and payment processing. Stripe's privacy policy governs their handling of your payment data.
• Cloudflare: DNS, CDN, and DDoS protection. Cloudflare may process request metadata under their separate privacy policy.
• Legal compliance: When required by law, court order, or to prevent fraud and harm.
• No advertising: We do not sell, trade, or rent your personal information to third parties for marketing purposes.

5. Data Retention

• Account data: Retained until account deletion. Deleted within 30 days of account termination request.
• Billing records: Retained for 7 years per financial record-keeping requirements.
• API usage logs: Retained for 90 days for abuse detection and SLA verification.
• Hypervector data: Retained per your active subscription. Deleted within 30 days of subscription cancellation.
• API call content: Not stored. Ephemeral processing only.

6. Security

We implement enterprise-grade security controls:

• All data in transit encrypted via TLS 1.3
• API keys stored as SHA-256 hashes — plaintext keys are never persisted
• HMK (Hypervector Memory Keys) for session management — stateless O(1) auth with no credential database
• Isolated compute environments per tenant
• Rate limiting and anomaly detection on all API endpoints
• Regular third-party security audits

Enterprise tier includes additional controls: private networking, dedicated compute, and custom encryption keys.

7. Hypervector Processing

Our core technology processes data as hypervectors (high-dimensional mathematical vectors) rather than raw content. This means:

• Your text, embeddings, and agent memories are encoded into hypervector form for processing
• Hypervectors are O(1) associative — the original content cannot be reconstructed from a hypervector alone
• Hypervector encodings are discarded immediately after processing
• The hypervector representations stored in NeuroCore and HoloDB are not reversible to original content

This architecture provides a mathematically guaranteed layer of data protection — even in the event of a system breach, hypervector storage provides no meaningful reconstruction of your original data.

8. Your Rights (GDPR / CCPA)

If you are located in the European Economic Area (EEA) or California, you have additional rights:

• Access: Request a copy of all personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Portability: Request your data in a machine-readable format
• Objection: Object to processing of your personal data for legitimate interests
• Restriction: Request restriction of processing in certain circumstances
• Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email privacy@strategic-innovations.ai with your request. We will respond within 30 days.

CCPA (California): We do not sell your personal information. You have the right to know what data we collect, request deletion, and opt-out of the sale of your information (though we do not sell data).

9. HIPAA

Enterprise tier subscribers may request a Business Associate Agreement (BAA) for HIPAA compliance. If you are a covered entity or business associate and require a BAA:

• Contact enterprise@strategic-innovations.ai
• PHI (Protected Health Information) is processed in dedicated, isolated compute environments
• PHI is never used for research, development, or disclosure to third parties
• Enterprise tier includes BAA, audit logging, and SOC 2 Type II controls

10. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at privacy@strategic-innovations.ai and we will promptly delete that information.

11. Changes to This Policy

We will notify you of material changes to this Privacy Policy by posting the updated policy on this page and updating the "Last reviewed" date. For significant changes, we will provide additional notice via email or a prominent notice in the dashboard.

Continued use of our services after changes take effect constitutes acceptance of the revised policy.

12. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

• General privacy: privacy@strategic-innovations.ai
• Legal / DPA: legal@strategic-innovations.ai
• Enterprise / HIPAA: enterprise@strategic-innovations.ai