Privacy Policy
1. Scope2. Information We Collect3. How We Use Information4. Data Processing & Retention5. Sharing and Disclosure6. Data Security7. International Data Transfers8. Your Privacy Rights9. Data Controller and Processor Roles10. Enterprise Deployments (VPC / On-Premises)11. Children’s Privacy12. Changes to This Policy13. Contact

Privacy Policy – Plurai

Last Updated: Apr 27, 2026

This Privacy Policy (“Policy”) describes how Plurai Inc. (“Plurai,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal data in connection with our products and services, including Vibe-Training and related offerings (collectively, the “Services”).

1. Scope

This Policy applies to:

  • Visitors to our website
  • Customers and users of our Services
  • Business contacts and partners

It does not apply to third-party services that we do not control.

2. Information We Collect

2.1 Account Information

We collect:

  • Name
  • Email address
  • Company name

2.2 Customer-Provided Data

When you use our Services, you may submit:

  • Prompts and inputs
  • Feedback and use-case definitions
  • Documents and files

2.3 Usage & Operational Data

We collect limited technical data necessary to operate and secure the Services, including:

  • Authentication and access logs
  • Error and performance logs
  • System-level metadata (e.g., timestamps, request IDs)

We do not store prompts or inference content as part of these logs.

2.4 Cookies and Similar Technologies

We may use cookies or similar technologies for:

  • Authentication
  • Security
  • Basic analytics

You can control cookies through your browser settings.

3. How We Use Information

We use personal data only to:

  • Provide, operate, and maintain the Services
  • Authenticate users and manage accounts
  • Ensure system reliability, performance, and security
  • Communicate with users regarding the Services

We do not:

  • Use your data to train our models
  • Sell or rent personal data
  • Use your data for advertising purposes

4. Data Processing & Retention

4.1 Transient Processing

Customer inputs (including prompts and documents):

  • Are processed in real time
  • Are not retained after processing, except for limited operational logs

4.2 Data Retention

  • Account data is retained as long as necessary to provide the Services
  • Logs are minimized and retained only for operational, debugging, and security purposes
  • Logs do not include prompt content

4.3 Data Minimization

We design our systems to:

  • Limit data collection
  • Avoid unnecessary storage
  • Reduce exposure of sensitive information

5. Sharing and Disclosure

5.1 Service Providers

We use trusted subprocessors, including:

  • OpenAI
  • Google Gemini

These providers act as data processors and process data solely to provide the Services.

5.2 Legal Requirements

We may disclose data if required to:

  • Comply with applicable law
  • Respond to legal requests
  • Protect rights, safety, or security

5.3 Business Transfers

In connection with a merger, acquisition, or sale of assets.

6. Data Security

We implement appropriate technical and organizational measures, including:

  • Encryption in transit
  • Access controls and least-privilege policies
  • Secure infrastructure and network protections

Our security program is designed in alignment with the principles of the American Institute of Certified Public Accountants SOC 2 Trust Services Criteria.

7. International Data Transfers

Your data may be processed in countries outside your jurisdiction.

Where required, we implement safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Contractual protections with subprocessors

8. Your Privacy Rights

8.1 GDPR (EU/EEA Users)

If you are located in the European Economic Area, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Restrict or object to processing
  • Data portability

8.2 Legal Basis for Processing

We process personal data based on:

  • Contractual necessity
  • Legitimate interests (security, reliability, and service operation)

8.3 Exercising Your Rights

To exercise your rights, contact: privacy@plurai.ai

9. Data Controller and Processor Roles

  • Plurai acts as a data controller for account and business contact data
  • Plurai acts as a data processor for customer-submitted data

10. Enterprise Deployments (VPC / On-Premises)

For enterprise customers, Plurai may offer deployment options including Virtual Private Cloud (VPC) or on-premises environments.

In such cases:

  • Customer data may be processed within infrastructure controlled by the customer or a designated cloud environment
  • Data handling, storage, and retention may be governed by the customer’s own policies and configurations
  • Plurai’s access to such environments is limited to what is necessary to provide support and maintain the Services

These deployment models provide enhanced control over data residency, security, and compliance.

11. Children’s Privacy

The Services are not intended for individuals under 18.

12. Changes to This Policy

We may update this Policy from time to time. Updates will be posted on this page.

13. Contact

For privacy-related inquiries:

Email: privacy@plurai.ai
Company: Plurai Inc.