Privacy Policy

We built DoCoreAI with privacy by design: we never store your prompt or output content. Our platform measures cost and efficiency using telemetry only — token counts, timings, and success signals — so teams can see spend and ROI without sending prompt content to us.

Effective date: 12 Aug 2025

1) Quick Summary

No prompt content stored: We do not ingest or keep your prompt or completion text in our cloud.
What we collect (product telemetry): counts of tokens (prompt/completion), request timings, retries, success/failure flags, model identifier, SDK version, and anonymized identifiers. No prompt bodies or outputs.
Website & marketing data: contact details you submit (e.g., demo/bookings, forms), cookies/analytics, and support messages.
We don’t sell personal data and we don’t share it for cross-context behavioral advertising.
Security: TLS in transit, encryption at rest, least-privilege access, and audit logging.
Choices: opt out of marketing, manage cookies, access/delete your data, and configure telemetry retention in your account.

2) Scope & Roles

We act as:

Controller for website/marketing interactions (e.g., when you visit our site, subscribe, or email us).
Processor for product telemetry collected on behalf of our customers. Customers (the “controllers”) decide what is sent and how long to retain it. Our default configuration avoids personal data in telemetry.

3) Data We Collect

3.1 Website & Marketing (controller)

Contact data: name, email, company, role — when you submit forms (“Email me the collateral”, demo bookings), or contact support.
Usage & device data: IP address (may be truncated), user-agent, pages visited, campaign parameters (UTM), cookies or similar IDs.
Communications: emails you send us and our replies.

3.2 Product Telemetry (processor)

Collected by our client SDKs/agents running in your environment — without prompt or output content:

Token counters: prompt_tokens, completion_tokens, total_tokens.
Performance: latency, retries, rate-limit hits, success/failure flags.
Model & runtime: model identifier (e.g., gpt-4o), temperature/max_tokens values, SDK version.
Identifiers: hashed or pseudonymous IDs for request/session/service (configurable). We recommend avoiding any direct personal identifiers.

Customer content (prompts, outputs) stays in your environment or with your LLM provider. It is not transmitted to DoCoreAI.

4) How We Use Data

Website & Marketing

Provide the site, respond to requests, send collateral you ask for.
Operate demos, detect abuse/fraud, and improve content.
Send product updates or marketing (only with consent where required; you can opt out anytime).
Comply with legal obligations and enforce terms.

Product Telemetry

Compute cost, efficiency, and ROI dashboards for your account.
Quality/uptime monitoring, security, troubleshooting, and product improvement.
Generate aggregated, de-identified analytics (no personal data).

5) Legal Bases (GDPR/UK GDPR)

Contract: to provide the product and support you request.
Legitimate interests: security, abuse prevention, service improvement, website analytics (balanced with your rights).
Consent: optional marketing and non-essential cookies/trackers.
Legal obligation: records or disclosures required by law.

We do not sell personal data. We share data only with service providers who process it for us and under contract, such as cloud hosting, email delivery, error monitoring, and analytics.

Examples: cloud infrastructure, email/SMS providers, CRM, payment/billing, logging/monitoring. We maintain a current list of subprocessors on our Security page or by request.

7) Retention

Website/marketing: kept as long as needed for the purpose collected (e.g., responding to you), then deleted or anonymized, unless longer retention is required by law.
Product telemetry: retained for the period configured by the customer (tenant setting). If not configured, we apply a default retention of 12 months. Customers can request shorter or longer windows.

8) Security

TLS 1.2+ encryption in transit; encryption at rest with managed keys.
Least-privilege access, MFA for admin consoles, and audit logging.
Segregated environments and secure SDLC practices.

See our Security page for more detail.

9) International Transfers

We may process data in the United States and other countries. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses) for transfers from the EEA/UK/Switzerland.

10) Your Privacy Choices & Rights

EEA/UK/Swiss individuals (GDPR/UK GDPR)

You can request access, correction, deletion, restriction, portability, or object to processing. Where consent is used, you may withdraw it at any time.

California residents (CCPA/CPRA)

You have rights to know, correct, delete, and limit use/disclosure of personal information. We do not “sell” or “share” your personal information as those terms are defined by CPRA.

To exercise rights: email info@docoreai.com. We may need to verify your identity and, if you are not our direct customer, we may refer you to your organization’s administrator.

11) Cookies & Tracking

We use necessary cookies to operate the site and optional analytics/marketing cookies with consent where required.

Strictly necessary: security, session management.
Analytics: page performance, aggregate usage (opt-in in the EU/UK).
Marketing: campaign attribution for our site (opt-in where required).

You can manage preferences via your browser settings or our cookie banner (when shown).

12) Children’s Privacy

Our services are not directed to children under 16, and we do not knowingly collect their personal data.

13) Changes to This Policy

We may update this policy from time to time. We will post the effective date and, if changes are material, provide additional notice.

14) Contact

Privacy questions or requests: info@docoreai.com

Security reports: info@docoreai.com

Postal: DoCoreAI (MobiLights), Electronic City Phase 1, Bangalore, KA, India - 560100