Inceptron AB (“Inceptron,” “we,” “us,” or “our”) respects your privacy. This Privacy & Data Policy explains how we collect, use, and protect information when you use our services, including our model optimization tools, self-hosted runtimes, and API processing services (the “Services”).

We are committed to safeguarding data responsibly while maintaining clarity about our practices.

1. Scope

This Policy applies to:

• Visitors to our website and marketing pages.

• Customers and users of Inceptron’s Services.

• End-users who interact with applications powered by Inceptron’s Services (where applicable).
  
  

Controller vs Processor

• For account, billing, and website data, Inceptron acts as a Data Controller.

• For customer-submitted data processed through our Services, Inceptron acts as a Data Processor, and the Customer is the Data Controller.
  
  

This Policy does not apply to third-party services that we do not control.

2. Information We Collect

We collect limited categories of information:

a. Account & Contact Information

• Name, email, company, billing details, and login credentials.

• Used to set up accounts, manage billing, and provide support.
  
  

b. Service Usage Data

• For self-hosted with telemetry: runtime logs (e.g., token counts, throughput, error codes, performance metrics).

• For on-prem/self-hosted (no telemetry): no automatic data is collected; usage may be reported manually by the Customer.

• For API Processing Services: request/response metadata (e.g., request IDs, timestamps, latency, token usage).
  
  

c. Optional Payload Data

• For API services, request and response payloads (e.g., prompts and model outputs) are not stored by default.

• Customers may opt in to allow temporary retention for debugging.
  
  

d. Website & Analytics Data

• Log files, device/browser information, cookies, and analytics.
  
  

We do not train models on customer data or share model weights across customers.

3. How We Use Information

We use information to:

• Provide and improve Services (including compiling and delivering Optimized Model Packages).

• Monitor performance and ensure compliance with Service Terms.

• Communicate about updates, invoices, or security alerts.

• Detect, prevent, and respond to fraud, misuse, or security issues.

• Meet legal obligations.
  
  

4. Legal Bases for Processing

Where applicable (e.g., under GDPR), our legal bases include:

• Contract necessity – to deliver the Services requested.

• Legitimate interests – e.g., to improve performance or ensure security.

• Consent – where you opt in to specific data use (e.g., retaining payloads).

• Legal obligations – to comply with applicable law.
  
  

5. How We Share Information

We do not sell or rent your data. We may share information with:

• Service Providers / Subprocessors – such as AWS, Azure, GCP or Nebius, who provide infrastructure, hosting, and networking.

• Legal & Compliance – where required by law, subpoena, or government request.

• Business Transfers – in connection with a merger, acquisition, or sale.

• With Consent – when you direct us to share data with a third party.
  
  

6. International Transfers

We may process data in the EU, UK, or USA. If data is transferred internationally, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms.

7. Data Retention

• Account data: kept while the account is active and for a limited period thereafter for legal/accounting purposes.

• Telemetry logs: typically retained for 30 days, unless required longer for troubleshooting.

• API payloads: only retained if Customer opts in; otherwise discarded immediately after processing.

• Marketing data: retained until you unsubscribe or request deletion.
  
  

8. Security

We implement reasonable technical and organizational measures to protect data, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent).

• Access controls, authentication, and role-based permissions.

• Secure development practices, dependency vetting, and vulnerability management.

• Monitoring, logging, and incident response procedures.
  
  

Third-Party Cloud Providers. Inceptron relies on third-party cloud providers (such as AWS and Microsoft Azure) for hosting and certain network services. We select subprocessors with appropriate security practices and contractual safeguards; however, Inceptron does not assume liability for outages, data loss, or security incidents attributable solely to those third-party providers.

Self-Hosted Deployments. For self-hosted runtimes, you are responsible for securing your infrastructure, networks, access controls, and data at rest/in transit in your environment. Inceptron delivers the Runtime and Optimized Model Package in a secure, tamper-resistant form but does not control your production environment.

No system can be guaranteed 100% secure, but we work to protect your data against unauthorized access, loss, or misuse.

9. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access a copy of your personal data.

• Request correction or deletion.

• Object to or restrict processing.

• Port your data to another provider.

• Withdraw consent at any time (where processing is based on consent).

  
  

Requests can be submitted to legal@inceptron.io. We may require verification before fulfilling requests.

10. Children’s Privacy

Our Services are not directed to children under 16, and we do not knowingly collect their personal data.

11. Changes to This Policy

We may update this Policy from time to time. The “Effective Date” at the top indicates the latest revision. Material changes will be notified via email or dashboard.

12. Contact Us

For questions or concerns, contact:

Inceptron AB
Scheelevägen 15
223 70 Lund, Sweden
Email: legal@inceptron.io