Account and workspace information
[ACCOUNT INFO: founder to confirm fields such as name, work email, company, role, team/workspace identifiers, admin contacts, billing contacts, support messages, and waitlist information.]
DRAFT scaffold for founder review
Privacy scaffold for Defendr.
This page is not final legal copy and is not legal advice. OpiusAI founder and counsel must replace or confirm every bracketed placeholder before this becomes an approved privacy notice.
Review status
Draft only
This scaffold exists so the footer Privacy link resolves while details are reviewed.
Placeholders are intentional
Bracketed fields mark facts OpiusAI must confirm against the real data model.
Counsel review required
Do not rely on this page as an operative privacy notice until approved.
Draft status
Founder and counsel must approve the final notice.
This page is a public scaffold for OpiusAI's Defendr product. It is not final legal copy, not legal advice, and not a complete statement of OpiusAI's privacy practices. Bracketed text marks facts, vendors, controls, retention periods, and contact details that must be filled or confirmed before launch.
Data collected
Data categories to confirm against the real service.
Proxy usage metadata
[USAGE METADATA: founder to confirm fields used for loss reports, such as token counts, model/provider, timestamps, request identifiers, cost estimates, latency, status codes, cache fields, and failure signals.]
Prompt and response content
[CONTENT STORAGE: founder to confirm whether Defendr stores full prompt and response content, excerpts, hashes, embeddings, labels, derived signals, or no content beyond transient processing; also confirm default retention and customer controls.]
BYOK key handling
[BYOK KEY HANDLING: founder to confirm whether customer provider keys are stored per tenant, KMS-encrypted, access-controlled, rotatable, and deleted on request or termination.]
Website and device information
[WEBSITE ANALYTICS: founder to confirm cookies, analytics tools, server logs, IP addresses, device/browser fields, referral URLs, and opt-out choices.]
Billing and commercial records
[BILLING DATA: founder to confirm invoices, plan, order form, payment processor records, tax fields, service mode, and customer account status.]
How data is used
Use cases to approve before publication.
The final notice should describe only uses that match implemented product behavior and signed customer commitments.
Operate Defendr
[OPERATIONS: founder to confirm processing needed to route, observe, troubleshoot, secure, and support the service.]
Produce loss reports
[REPORTING: founder to confirm how usage metadata, cost evidence, and failure signals are used to generate customer reports.]
Administer accounts
[ACCOUNT ADMIN: founder to confirm support, billing, authentication, communications, and waitlist or onboarding use.]
Security and compliance
[SECURITY: founder to confirm audit logs, abuse prevention, incident response, legal compliance, and policy enforcement.]
Retention
Default periods
[RETENTION: founder to confirm default retention periods by data category, including account records, usage metadata, prompt/response content if stored, logs, backups, and billing records.]
Deletion
Customer controls
[DELETION: founder to confirm customer deletion controls, support process, backup deletion timing, and termination handling.]
International transfers
Location and transfer terms
[TRANSFERS: founder/counsel to confirm regions, cross-border transfer mechanism, DPA status, and customer contracting language.]
Security
Controls to confirm before finalizing.
Encryption and isolation
[SECURITY CONTROLS: founder to confirm encryption in transit, encryption at rest, per-tenant key isolation, KMS usage, access controls, logging, and operational review process.]
Incident response
[INCIDENT RESPONSE: founder/counsel to confirm notification timelines, escalation process, customer notice language, and security contact.]
Bring Your Own Keys
BYOK privacy wording must match the provider relationship.
BYOK is the mode where the customer keeps its own provider account and provider bill. The final privacy notice should confirm what OpiusAI receives, what OpiusAI stores, what is sent to the customer's selected provider, and whether any provider-side data-use settings are customer-controlled or OpiusAI-controlled.
[BYOK DETAILS: founder to confirm key storage, provider calls, provider billing visibility, prompt/response content handling, logs, support access, and termination deletion for each supported provider.]
User rights
Rights, choices, and customer roles.
[RIGHTS: founder/counsel to confirm access, deletion, correction, export, opt-out, marketing preferences, authorized agent, and appeal language by jurisdiction.]
Processor/controller roles
[ROLE MAPPING: founder/counsel to confirm when OpiusAI acts as processor, service provider, controller, or business for account data, proxy data, product telemetry, and marketing records.]
Contact and effective date
Final publication details are still placeholders.
Privacy contact
[CONTACT EMAIL: privacy@opiusai.com or founders@opiusai.com - founder to confirm.]
Effective date
[EFFECTIVE DATE: founder/counsel to confirm before publication.]