Data Usage Policy

At Responsible AI Labs ("RAIL", "we", "us", or "our"), we are committed to transparency about how we use the data you provide through our API services. This Data Usage Policy explains our practices regarding the collection, processing, storage, and use of API data, including our policies on model training and service improvement.

This policy supplements our Privacy Policy and Terms of Service. By using our API services, you agree to the data practices described in this policy.

1. Types of Data We Collect

1.1 API Request Data

When you use our AI safety evaluation API, we collect and process:

Input Data: AI model prompts, messages, or content submitted for safety evaluation
Output Data: Safety scores, risk assessments, explanations, and evaluation results generated by our services
Request Metadata: Timestamps, API endpoint accessed, request/response sizes, latency measurements
Technical Data: API key identifier, user ID, IP address, request headers

1.2 Usage Analytics

We collect aggregated usage statistics to monitor service health and improve performance:

API call frequency and patterns
Feature usage statistics (which endpoints are most used)
Error rates and types
Performance metrics (latency, throughput)

1.3 Account and Billing Data

As described in our Privacy Policy, we also collect account information (email, name, organization) and billing data (payment history, subscription plan) necessary to provide the service.

2. How We Use Your API Data

2.1 Service Provision (Primary Use)

The primary purpose of collecting your API data is to provide the requested AI safety evaluation services:

Process your API requests and generate safety scores
Evaluate AI content for risks, bias, toxicity, and other safety concerns
Provide explanations and recommendations for evaluation results
Deliver API responses with requested information

2.2 Service Operations

Security and Fraud Prevention: Detect abuse, unauthorized access, and fraudulent usage patterns
Technical Support: Debug issues, troubleshoot errors, and respond to support inquiries
Billing and Credits: Track credit consumption, enforce usage limits, and process payments
Legal Compliance: Comply with legal obligations and enforce our Terms of Service

2.3 Service Improvement and Research

We may use aggregated and anonymized data to improve our services, develop new features, and advance AI safety research. However, we have strict policies governing how we use your specific API data for these purposes.

3. Model Training and Improvement Policies

Our Core Commitment

We DO NOT use your specific API input/output data to train or improve AI models that serve other customers.Your proprietary data, business logic, and use cases remain confidential and are never used to benefit other users.

3.1 What We Don't Do

❌ We DO NOT train our AI safety models on your specific API requests and responses
❌ We DO NOT use your proprietary prompts, content, or data to improve models for other customers
❌ We DO NOT share your API data with third-party AI model providers for training purposes
❌ We DO NOT create datasets from your data that could be used to replicate your use cases
❌ We DO NOT use your data to develop competing products or services

3.2 What We May Do (With Safeguards)

We may use aggregated, anonymized, and non-identifiable patterns derived from API usage to:

Improve detection accuracy: Analyze aggregate patterns (e.g., "requests with X characteristics tend to have Y safety risks") without storing specific customer inputs
Develop new safety categories: Identify emerging risk types based on anonymized, statistical patterns across millions of requests
Enhance performance: Optimize model latency, throughput, and resource allocation based on aggregate usage patterns
Conduct safety research: Publish research papers on AI safety trends using fully anonymized, aggregate statistics

3.3 Anonymization Process

When we use aggregated data for improvement purposes, we apply multiple anonymization techniques:

De-identification: Remove all user IDs, API keys, account information, and identifying metadata
Aggregation: Combine data from thousands or millions of requests to create statistical patterns
Generalization: Convert specific data points to generalized categories (e.g., "toxic language" vs. specific words)
Differential Privacy: Add mathematical noise to prevent reverse-engineering of individual data points
Pattern Extraction Only: Extract only high-level patterns (e.g., correlation between features and risk scores) without storing original content

Example: Instead of storing "User A's prompt contained XYZ and was flagged for ABC," we might extract the pattern "Prompts with characteristic P have a 15% higher likelihood of risk category R" across millions of requests, with no way to trace back to individual users or requests.

4. Data Retention and Storage

4.1 Retention Periods

Data Type	Retention Period	Purpose
API Request/Response Content	90 days	Debugging, support, security investigations
API Usage Metadata	90 days (detailed), 2 years (aggregated)	Usage tracking, analytics, billing verification
Anonymized Aggregate Patterns	Indefinitely	Service improvement, safety research (non-identifiable)
Billing and Transaction Records	7 years	Tax compliance, accounting, legal requirements

Important: After 90 days, specific API request/response content is automatically deleted from our systems. Only anonymized, aggregated patterns (that cannot be traced back to individual users) are retained for service improvement.

4.2 Data Storage Security

All API data is stored securely with:

Encryption at Rest: AES-256 encryption for all stored data
Encryption in Transit: TLS 1.3 for all API communications
Access Controls: Role-based access with multi-factor authentication for internal systems
Audit Logs: All data access is logged and monitored for security
Geographic Isolation: Data stored in secure Google Cloud Platform regions with redundancy

4.3 Automatic Deletion

We have automated processes to ensure data is deleted according to our retention policies:

Daily jobs delete API logs older than 90 days
Account data is deleted 90 days after account closure (unless required by law)
Backup systems also respect retention policies and purge old data

5. Data Sharing and Disclosure

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your API data to third parties for any purpose.

5.2 Third-Party AI Providers

Our AI safety evaluation models are developed and hosted in-house on our own infrastructure. We do not send your API data to third-party AI model providers (e.g., OpenAI, Anthropic, Google) for processing.

Note: If we ever integrate third-party AI services in the future, we will:

Notify you in advance
Provide opt-out options
Ensure contractual protections that your data will not be used for training their models
Update this policy with specific details about third-party processors

5.3 Service Providers

We share data with trusted service providers who assist in operating our platform, subject to strict confidentiality agreements:

Google Cloud Platform: Infrastructure hosting and database services
Payment Processors: Razorpay (India), PayPal (International) for payment processing
Email Services: Resend for transactional emails (account verification, password resets)

These providers are contractually prohibited from using your data for their own purposes or sharing it with others.

5.4 Legal Requirements

We may disclose your data if required by law, court order, or government request, or to:

Comply with legal obligations
Protect our rights, property, or safety
Investigate fraud, security issues, or Terms of Service violations
Protect against harm to the rights, property, or safety of our users or the public

6. Data Minimization and Purpose Limitation

6.1 Data Minimization

We collect only the data necessary to provide and improve our services. We do not collect or store data that is not essential for these purposes.

6.2 Purpose Limitation

We use your data only for the purposes disclosed in this policy and our Privacy Policy. We will not use your data for unrelated purposes without your explicit consent.

6.3 Storage Limitation

We retain data only as long as necessary for the purposes it was collected, as outlined in our retention policies. Data is automatically deleted once retention periods expire.

7. Your Rights and Choices

7.1 Access and Portability

Request a copy of your API usage data and evaluation results
Export your data in machine-readable formats (JSON, CSV)
Access detailed logs of your API activity (within 90-day retention period)

7.2 Deletion and Erasure

Request deletion of your account and associated API data
Request early deletion of specific API logs (before 90-day automatic deletion)
Note: Some data may be retained as required by law or for legitimate business purposes

7.3 Opt-Out Rights

Opt out of having your data used for anonymized service improvement (Enterprise plans)
Request enhanced data isolation for sensitive use cases
Disable optional analytics and performance tracking

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at legal@responsibleailabs.ai. We will respond within 30 days and may require identity verification for security purposes.

8. Enterprise Data Controls

Enterprise customers have access to enhanced data controls and privacy features:

Data Residency: Choose specific geographic regions for data storage
Custom Retention: Define custom data retention periods (subject to legal minimums)
Audit Logs: Access detailed audit logs of all data access and operations
Dedicated Infrastructure: Option for isolated infrastructure to prevent data commingling
Data Processing Agreements: Customized DPAs to meet your compliance requirements
Opt-Out from Improvement: Option to completely opt out of anonymized data usage for service improvement

9. Compliance and Certifications

9.1 Regulatory Compliance

Our data usage practices comply with:

GDPR: EU General Data Protection Regulation
CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act
SOC 2: Security and availability controls (in progress)
ISO 27001: Information security management (planned)

9.2 Industry Standards

We follow industry best practices for data handling, including:

OWASP security guidelines
Privacy by design principles
Responsible AI development practices
Regular third-party security audits

10. Changes to This Policy

We may update this Data Usage Policy from time to time to reflect changes in our services, legal requirements, or data practices. We will notify you of material changes by:

Posting the updated policy on this page with a new "Last updated" date
Sending an email notification to your registered email address at least 30 days in advance
Displaying a prominent notice in your dashboard

If you do not agree to the updated policy, you may terminate your account before the changes take effect. Continued use of our services after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Data Usage Policy or our data practices, please contact us:

Email: legal@responsibleailabs.ai

Address: Responsible AI Labs
672, Ruchi Life scapes - 2nd Floor
Jatkhedi, Bhopal, Madhya Pradesh
India - 462023

Our Commitment to Your Data

We believe that trust is earned through transparency and action. We are committed to:

Never using your specific API data to train models for other customers
Providing clear, honest information about our data practices
Giving you control over your data with robust access and deletion rights
Continuously improving our security and privacy protections
Being responsive to your concerns and questions

Your data is your business. We're here to help you build AI systems safely and responsibly.