Privacy Policy

Last updated: February 13, 2026

1. Who we are

TinyFox ("we", "us", "our") provides AI governance and audit trail infrastructure for businesses. This policy describes how we collect, use, and protect information when you use our website, platform, and services.

2. Information we collect

Account information

When you sign up or request access, we collect your name, email address, company name, and role. This information is used to set up your account and communicate with you about the service.

AI request data

When you use TinyFox as a proxy, we process AI requests and responses that flow through our platform. This includes prompts, model outputs, token counts, timestamps, and metadata such as team, user, and model identifiers. This data is stored as part of your audit trail and is owned by you.

Usage data

We collect information about how you interact with our platform, including pages visited, features used, and actions taken. This helps us improve the product.

Website visitors

When you visit our website, we may collect your email address if you submit a signup form. We do not use third-party tracking cookies.

3. How we use your information

  • Provide, maintain, and improve the TinyFox platform
  • Generate audit trails, compliance reports, and cost attribution dashboards
  • Detect and block sensitive data (PII) in AI requests per your configured policies
  • Send you service-related communications
  • Respond to your inquiries and support requests
  • Comply with legal obligations

4. How we protect your data

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Audit logs are tamper-proof and immutable once written
  • Access to production systems is restricted and logged
  • Enterprise customers can deploy TinyFox in their own VPC or on-premises, ensuring data never leaves their infrastructure

5. Data ownership and retention

You own your data. AI request data processed through TinyFox belongs to you and is stored in your tenant. We do not use your data to train AI models or share it with third parties.

Data retention periods depend on your plan. Enterprise customers can configure custom retention policies to meet regulatory requirements. When you delete your account or your retention period expires, your data is permanently removed from our systems within 30 days.

6. Data sharing

We do not sell your data. We may share information with:

  • Infrastructure providers — to host and operate the platform (e.g., cloud providers), under strict data processing agreements
  • Legal authorities — when required by law, subpoena, or court order

7. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. You can also object to processing or withdraw consent at any time. To exercise these rights, contact us at [email protected].

8. International transfers

If your data is transferred outside your country of residence, we ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements that comply with applicable regulations.

9. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or through the platform. Continued use of TinyFox after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this privacy policy or how we handle your data, contact us at [email protected].