Privacy Policy

Last Updated: 11 June 2026

DoCoreAI is built with privacy by design. The SDK runs in your environment and measures cost and efficiency using telemetry only — token counts, timings, and success signals — so your team gets full cost visibility without ever sending prompt or output content to us.

The Short Version
  • Zero prompt storage. We never receive or store your prompts, completions, or model outputs — only metadata.
  • We don't sell your data. Ever — and we don't share it for cross-context behavioural advertising.
  • Telemetry retention defaults to 12 months, configurable per organisation in your Account Settings.
  • GDPR, UK GDPR & CCPA/CPRA rights supported — access, correction, deletion, and portability on request.
  • Encrypted in transit (TLS), with restricted access to production systems and read-only dashboards.
On This Page
  1. Scope & Roles
  2. Data We Collect
  3. How We Use Data
  4. Legal Bases (GDPR/UK GDPR)
  5. Sharing & Subprocessors
  6. Data Retention
  7. Security
  8. International Data Transfers
  9. Your Privacy Rights & Choices
  10. Cookies & Tracking
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact Us

01Scope & Roles

This Privacy Policy describes how DoCoreAI handles data depending on the context:

  • Controller — for website and marketing interactions, such as when you visit our site, book a call, submit a form, or email us.
  • Processor — for product telemetry collected on behalf of our customers. Customers (the "controllers" of that data) decide what telemetry is sent and how long it's retained. Our default configuration avoids personal data in telemetry entirely.

02Data We Collect

Website & Marketing (Controller)

  • Contact data — name, email, company, and role, when you submit a form, book a demo, or contact support
  • Usage & device data — IP address (may be truncated), user-agent, pages visited, campaign parameters (UTM), and cookies or similar identifiers
  • Communications — emails you send us and our replies

Product Telemetry (Processor)

Collected by the DoCoreAI SDK running in your environment — without prompt or output content:

  • Token counters — prompt tokens, completion tokens, total tokens
  • Performance signals — latency, retries, rate-limit hits, success/failure flags
  • Model & runtime metadata — model identifier, temperature/max_tokens settings, SDK version, and the LLM provider in use
  • Identifiers — hashed or pseudonymous IDs for request, session, or service (configurable). We recommend avoiding direct personal identifiers in these fields.

Your prompts and outputs stay in your environment or with your LLM provider — they are never transmitted to DoCoreAI.

03How We Use Data

Website & Marketing

  • Operate the site, respond to your enquiries, and send collateral you request
  • Run demos, detect abuse or fraud, and improve our content
  • Send product updates or marketing — only with consent where required, and you can opt out anytime
  • Comply with legal obligations and enforce our Terms

Product Telemetry

  • Power your cost, efficiency, and ROI dashboards
  • Run quality, uptime, and security monitoring, and assist with troubleshooting
  • Train and improve prediction models — using aggregated, de-identified data only

04Legal Bases (GDPR/UK GDPR)

  • Contract — to provide the product and support you've requested
  • Legitimate interests — security, abuse prevention, service improvement, and website analytics, balanced against your rights
  • Consent — for optional marketing and non-essential cookies or trackers
  • Legal obligation — where we need to keep records or make disclosures required by law

05Sharing & Subprocessors

We do not sell personal data. We share data only with service providers who process it on our behalf, under contract — for example, cloud infrastructure, email delivery, error monitoring, CRM, billing, and logging/analytics providers.

A current list of subprocessors is available on our Security page or by request at info@docoreai.com.

06Data Retention

  • Website & marketing data is kept for as long as needed for the purpose it was collected — for example, responding to your enquiry — then deleted or anonymised, unless a longer period is required by law.
  • Product telemetry is retained for the period your organisation configures in Account Settings. If unconfigured, the default retention period is 12 months. You can request a shorter or longer window at any time.

07Security

  • All communication in transit is encrypted using TLS
  • DoCoreAI stores only non-sensitive operational telemetry — numeric metrics, timestamps, and model identifiers
  • Access to production systems is restricted, and customer-facing dashboards are read-only

See our Security page for more detail on our architecture and practices.

08International Data Transfers

We may process data in India, the United States, and other countries where our infrastructure or service providers operate. Where required, we rely on appropriate safeguards — such as Standard Contractual Clauses — for transfers from the EEA, UK, or Switzerland.

09Your Privacy Rights & Choices

EEA / UK / Swiss Individuals (GDPR / UK GDPR)

You can request access, correction, deletion, restriction, or portability of your data, or object to its processing. Where we rely on consent, you can withdraw it at any time.

California Residents (CCPA/CPRA)

You have the right to know, correct, delete, and limit the use or disclosure of your personal information. We do not "sell" or "share" personal information as those terms are defined under the CPRA.

To exercise any of these rights, email info@docoreai.com. We may need to verify your identity, and if you're not our direct customer, we may refer you to your organisation's administrator.

10Cookies & Tracking

We use necessary cookies to operate the site, and optional analytics/marketing cookies with consent where required:

  • Strictly necessary — security and session management
  • Analytics — page performance and aggregate usage (opt-in in the EU/UK)
  • Marketing — campaign attribution for our site (opt-in where required)

You can manage these preferences via your browser settings or our cookie banner, where shown.

11Children's Privacy

DoCoreAI is not directed to children under 16, and we do not knowingly collect personal data from them.

12Changes to This Policy

We may update this policy from time to time as the product evolves. We'll post the updated effective date here, and if changes are material, we'll provide additional notice via email or an in-dashboard alert.

13Contact Us

Privacy questions or rights requests: info@docoreai.com

Security reports: info@docoreai.com

Questions about your data?

Reach out anytime — especially if you're an enterprise team evaluating DoCoreAI's privacy architecture before a pilot.

Email Us Terms of Service Security
-->
Scroll to Top