Privacy Policy

What ABIS stores

• Account data: Name, email, hashed password (bcrypt), plan tier.
• API usage: Call counts, timestamps, model identifiers. No prompt or response content is stored from SDK calls.
• Benchmark data: Responses to our standardized benchmark prompts (not your data).
• Playground: Text submitted to the playground is processed in memory and not persisted.

What ABIS does not store

• Your prompts or AI model responses (SDK sends only hashes and surface features)
• API keys in plaintext (only bcrypt hashes)
• Payment card details (handled by Stripe)
• Browsing behavior or tracking cookies

Public disclosure

ABIS publishes aggregate behavioral findings about AI models. All disclosures follow our public disclosure policy:

• 7-day publication delay
• Aggregate-only disclosure
• No prompt-level attribution
• Model providers notified before public disclosure

Data security

All data is encrypted in transit (TLS 1.3) and at rest (MongoDB Atlas encryption). API keys are hashed with bcrypt before storage. Infrastructure is hosted on Railway (compute) and MongoDB Atlas (database), both SOC 2 compliant.

Data retention

Benchmark results are retained indefinitely for trend analysis. Account data is retained while active and deleted within 30 days of account closure. Playground submissions are not retained.

Your rights

Under UK GDPR, you have the right to access, rectify, or delete your personal data. Contact privacy@cijlabs.com for any data requests.

Contact

CIJ Labs Ltd, Company No. 16984759, London, UK.
Data protection enquiries: privacy@cijlabs.com