Privacy Policy

Last Updated: June 6, 2026 · Effective Date: June 6, 2026

Summary: PTAI respects your privacy. We collect minimal data necessary to provide our services, never sell your personal information, and maintain strict security controls aligned with SOC 2, GDPR, and CCPA requirements.

1. Information We Collect

1.1 Account Information

When you register for PTAI services, we collect:

  • Email address and authentication credentials
  • Organization name and role
  • API usage statistics and transaction logs

1.2 Usage Data

We automatically collect technical data necessary for service operation:

  • IP addresses and geolocation (anonymized)
  • Agent interaction patterns and intent message metadata
  • System performance metrics and error logs

1.3 What We Don't Collect

PTAI maintains a privacy-first architecture:

  • We do not access content of agent communications (end-to-end encrypted)
  • We do not collect biometric data or personal identifiers beyond account requirements
  • We do not track users across third-party websites

2. How We Use Your Information

Your data is used exclusively for:

  • Service Provision: Operating the SIMP protocol infrastructure
  • Security: Threat detection, fraud prevention, and access control
  • Compliance: Meeting regulatory requirements (SOX, HIPAA, FedRAMP where applicable)
  • Improvement: Aggregated analytics to enhance platform performance

3. Data Storage and Security

PTAI implements defense-in-depth security:

  • All data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Ed25519 cryptographic signatures for all agent communications
  • SOC 2 Type II certified data centers with 99.99% uptime SLA
  • Regular penetration testing and vulnerability assessments
  • ProjectX Brain self-healing infrastructure with automated incident response

4. Your Rights (GDPR/CCPA)

Depending on your jurisdiction, you have the right to:

  • Access your personal data
  • Request deletion of your account and associated data
  • Export your data in machine-readable format
  • Opt-out of non-essential communications
  • Object to automated decision-making

To exercise these rights, contact privacy@ptai.uk.

5. Data Retention

We retain data only as long as necessary:

  • Active Accounts: Data retained while account is active
  • Deleted Accounts: Data purged within 30 days of deletion request
  • Audit Logs: Retained for 7 years per regulatory requirements
  • Anonymized Analytics: Retained indefinitely for platform improvement

6. Third-Party Services

PTAI uses limited third-party processors:

  • Cloud infrastructure providers (AWS, Azure)
  • Payment processors (Stripe) - billing data only
  • Analytics (self-hosted, no data sharing)

All processors are vetted and bound by Data Processing Agreements.

Privacy Inquiries

For questions about this policy or to exercise your privacy rights:

privacy@ptai.uk | Data Protection Officer