Privacy Policy
Last updated: [DATE]
Template. This is a starting draft, not legal advice. Have a qualified attorney review and adapt it (entity, jurisdiction, GDPR/CCPA specifics) before you publish.
This Privacy Policy explains how [LEGAL ENTITY NAME] ("Ashigo", "we", "us") collects, uses, and protects information when you use our website, the Rung CLI, and related services (the "Services").
1. Information we collect
- Account information — name and email, handled by our identity provider (Clerk) when you sign up or sign in.
- Billing information — subscription and payment details, processed by Stripe. We do not store your full card number.
- Usage data — metering of requests and token usage to operate plans, quotas, and billing; basic logs and diagnostics.
- Newsletter / beta signups — the email address you submit, and whether you opted into the beta.
- Content you submit — prompts and data you choose to send through the Services so the assistant can respond.
- Support communications — messages you send us.
2. Operational technology (OT) data
The Rung CLI executes tools locally on your machine and is read-only toward control systems by default. Data that tools collect is processed to generate a response. Depending on the privacy level you choose, raw plant data may be distilled by a separate provider before the reasoning model sees it, pseudonymized, or — in data-diode mode — kept one-way. We do not seek to retain raw plant data beyond what is needed to process your request. See "How data is shared" below.
3. How we use information
- To provide, maintain, and improve the Services;
- To authenticate you, operate subscriptions, meter usage, and enforce plan limits;
- To respond to support requests and send service or, with consent, product communications;
- To detect, prevent, and address security, abuse, or technical issues;
- To comply with legal obligations.
4. How data is shared (sub-processors)
We share limited data with service providers that help us run the Services, under contractual safeguards:
- Clerk — authentication and account management.
- Stripe — subscription billing and payments.
- Anthropic — the reasoning model that powers the assistant.
- Mistral AI (and other region-selectable providers) — the data tier that distills raw data in split/shielded privacy levels.
- Hosting / CDN providers — to serve the website and run the backend.
We do not sell your personal information. We may disclose information if required by law or to protect rights and safety.
5. Data retention
We retain account, billing, and usage records for as long as your account is active and as needed for legal, accounting, or security purposes, then delete or anonymize them. Newsletter emails are kept until you unsubscribe.
6. Security
We use technical and organizational measures to protect information, including encryption in transit, scoped access, and isolation of secrets. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
7. Your rights
Depending on your location, you may have rights to access, correct, delete, or port your personal data, or to object to or restrict certain processing (e.g., under GDPR or CCPA). To exercise these, contact us at [PRIVACY EMAIL]. You can unsubscribe from emails at any time via the link in each message.
8. International transfers
We and our providers may process data in countries other than yours. Where required, we rely on appropriate safeguards for such transfers. Our region-selectable data tier lets you influence where raw data is processed.
9. Cookies
We and our auth provider use cookies and similar technologies necessary to keep you signed in and to operate the site. See your browser settings to manage cookies.
10. Children
The Services are not directed to children and are intended for business use.
11. Changes
We may update this policy. We will post the new version here and update the date above; material changes will be communicated where appropriate.
12. Contact
[LEGAL ENTITY NAME], [ADDRESS]. Questions: [PRIVACY EMAIL].