1. Who we are and how this Policy applies

For the purposes of UK and EU data protection law, Daniel Butler, trading as Phaseo, is the "data controller" responsible for personal data collected through AI Stats.

This Privacy Policy applies when you:

• browse the AI Stats website or documentation;
• create and use an AI Stats account;
• use the AI Stats Gateway to route requests to third-party model providers; or
• interact with us via email, support channels or other communications.

Third-party model providers (for example OpenAI, Anthropic, Google, xAI and others) have their own privacy and data handling practices. When we forward your requests to them, they usually act as independent controllers of your data under their own terms and policies. You should review those policies separately.

2. Data we collect

2.1 Information you provide to us

We collect information that you choose to provide directly, such as:

• Account details – for example your name, email address, organisation name, and password (stored as a hashed value) when you register.
• Profile and team information – details you add to your account or team profile, such as display names or project labels.
• Billing information – records relating to your purchases of Credits or subscriptions (for example currency, amount paid, timestamps). Card details are handled by our payment providers (such as Stripe) and are not stored in full on our servers.
• Support and communication – emails, messages and other communications you send to us (for example bug reports, feedback, or feature requests).
• Optional public data – if you opt in to sharing certain usage or app information publicly (for example, public app-usage pages or sponsor listings), we will process and display that information in accordance with your choices.

2.2 Inputs and Outputs sent through the Gateway

When you call models via the AI Stats Gateway, you send requests ("Inputs") and receive responses ("Outputs"). These may include text or other data that could contain personal information, depending on what you choose to send.

Our design goal is to minimise what we store:

• We do not persistently store the raw text of your prompts or the full text of model Outputs in our primary database or analytics tools.
• We may temporarily hold Inputs and Outputs in memory or transient buffers while processing a request or managing streaming, but these buffers are not used as long-term storage or training data.
• We send the necessary content from your request to the relevant third-party provider(s) so they can generate an Output. Those providers may log or store the data in line with their own policies.

Because you control what you send, you should avoid including sensitive personal data in prompts or outputs unless it is strictly necessary and you are satisfied with the privacy practices of the relevant model providers.

2.3 Telemetry and technical data

We automatically collect certain technical and usage information when you use the Service, such as:

• Log and device data – IP address, browser type, operating system, device identifiers, the pages you visit, the features you use, timestamps, and referrer URLs.
• Gateway metrics – model and provider identifiers, request and response timestamps, token usage (input, output and other meters), latency, error codes, and similar metadata needed to run billing and health checks.
• Location indicators – a rough geographic approximation (such as country or region) derived from your IP address or other signals, used for analytics and abuse prevention.
• Configuration data – such as your chosen theme/appearance, feature flags, and other preferences stored in local storage or cookies.

We use this telemetry to operate, secure, and improve the Service, to calculate usage and pricing, and to give you analytics and observability dashboards. We design our telemetry to avoid including raw prompt or output text.

2.4 Cookies and similar technologies

We use cookies and similar technologies (such as local storage, pixels, and scripts) to help our site function and to understand how it is used. These may include:

• Strictly necessary cookies – required for security and core features such as login and CSRF protection.
• Preference cookies – to remember settings like dark mode or your last selected filters.
• Analytics cookies – to measure usage, performance and errors, for example via tools like Google Analytics or PostHog.

You can control cookies through your browser settings. Blocking some types of cookies may impact your experience or prevent certain features from working.

2.5 Analytics and product telemetry

We may use third-party analytics and error tracking tools (for example, Google Analytics, PostHog, or similar services) to help us understand how people use AI Stats and to identify where the product can be improved.

These tools collect information such as pages visited, actions taken, device and browser information, and rough location data (such as country). We configure these tools so that they are not used to store raw prompts, Outputs, or other highly sensitive content flowing through the Gateway.

3. How we use personal data (and our legal bases)

We use personal data for the following purposes, under these legal bases (for UK/EU users):

• To provide and operate the Service – including account creation, gateway routing, usage dashboards, billing, and customer support.
  Lawful basis: performance of a contract; legitimate interests.
• To personalise and improve the Service – such as understanding which features are used most, testing new functionality, and adjusting the UI.
  Lawful basis: legitimate interests.
• To communicate with you – for example, sending service announcements, responding to support requests, and informing you about changes to our terms or policies.
  Lawful basis: performance of a contract; legitimate interests; legal obligations.
• To send optional updates or product news – where you have signed up to receive them or where local law allows us to do so.
  Lawful basis: consent (or legitimate interests, where permitted).
• To prevent abuse, enforce our Terms, and protect the Service – for example by monitoring high-risk patterns of usage, rate limit bypass attempts, or fraud.
  Lawful basis: legitimate interests; legal obligations.
• To comply with legal obligations – such as keeping records for tax, accounting, or responding to legitimate requests from authorities.
  Lawful basis: legal obligations.

We may also create aggregated, anonymised statistics about model adoption, benchmark results, or API performance. These statistics do not identify individual users.

4. How we share personal data

We do not sell your personal data. We may share personal data in the following limited situations:

• Service providers – We use trusted third parties to help us operate the Service (for example, hosting providers, database providers such as Supabase, analytics platforms, payment processors such as Stripe, email providers, and customer support tools). They may access personal data only to perform services for us and are contractually required to protect it.
• Third-party model providers – When you send requests through the Gateway, we share your Inputs and necessary metadata with the model provider(s) you choose or that we route to. Those providers process the data under their own terms and privacy policies.
• Public data you choose to share – If you opt into public usage pages, share integrations, or otherwise choose to publish certain information via AI Stats, we will display that information according to your settings.
• Legal and safety reasons – We may disclose data if we reasonably believe it is necessary to comply with a law, court order, or other legal request, or to protect the rights, property or safety of ourselves, our users, or others.
• Business transfers – If we explore or undertake a merger, acquisition, reorganisation or sale of assets, personal data may be transferred as part of that process. We will take reasonable steps to ensure the recipient continues to protect your data in line with this Policy.
• With your consent – We may share your information for other purposes if you explicitly ask us to or consent to it.

5. International transfers

We are based in the United Kingdom, but we use service providers and infrastructure located in other countries (for example, within the European Economic Area and the United States). This means your personal data may be transferred to and processed in countries that may have different data protection laws to those in your home jurisdiction.

Where we transfer personal data outside of the UK or EEA, we take steps to ensure an appropriate level of protection, such as relying on:

• countries that the UK or EU has deemed "adequate";
• standard contractual clauses or equivalent safeguards approved by the UK/EU; or
• other lawful transfer mechanisms as they become available.

6. How long we keep your data

We retain personal data for as long as reasonably necessary to fulfil the purposes described in this Policy, including:

• to operate and maintain your account and any paid features;
• to comply with our legal and regulatory obligations (for example, record-keeping for tax and accounting); and
• to resolve disputes and enforce our agreements.

When we no longer need personal data, we will either delete it or irreversibly anonymise it. Telemetry that has been aggregated and fully anonymised may be kept for longer for statistical purposes.

7. Your rights and choices

Depending on where you live, you may have certain rights in relation to your personal data. Subject to limits and exceptions under applicable law, these may include:

• Access – to ask whether we process your personal data and to request a copy.
• Correction – to ask us to correct inaccurate or incomplete personal data.
• Deletion – to request that we delete certain personal data.
• Restriction – to ask us to restrict how we process your data in certain circumstances.
• Portability – to receive your personal data in a structured, commonly used, machine-readable format and (where technically feasible) to have it transmitted to another controller.
• Objection – to object to certain types of processing, including direct marketing or processing based on legitimate interests.
• Withdraw consent – where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

You can exercise many of these rights by logging into your account (settings, profile and API keys), or by contacting us at privacy@phaseo.app. We may ask you to verify your identity before responding to a request.

You can opt out of non-essential emails by using the unsubscribe link in the message or by contacting us. We may still send you administrative messages about your account or important changes to the Service.

8. Children

The Service is intended for users aged 13 and over. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data without appropriate consent, please contact us and we will take steps to delete that information.

9. How we protect your data

We use a combination of technical, organisational and administrative security measures to protect personal data, including encryption in transit, role-based access controls, and monitoring for unusual activity.

However, no online service can be completely secure. You are responsible for keeping your password, API keys and other credentials confidential, and for rotating keys if you suspect compromise. If you believe your account has been compromised, please contact us immediately at support@phaseo.app.

10. Third-party sites and services

The Service may contain links to third-party websites or integrations, including providers of AI models, documentation, payments, analytics and developer tools. We are not responsible for the privacy practices of those third parties. We recommend you review their privacy policies before providing personal data to them.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make changes that materially affect your rights or how we use personal data, we will take reasonable steps to notify you (for example by email, a notice on the site, or in-app messages).

Your continued use of the Service after any changes take effect will mean you accept the updated Policy.

12. Contact and complaints

If you have any questions about this Privacy Policy or how we handle personal data, you can contact us at:

• Email: privacy@phaseo.app
• Support: support@phaseo.app

If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) or with your local data protection authority if you are in the EU. We would, however, appreciate the chance to address your concerns first, so please consider contacting us in the first instance.