Privacy Policy

INAIT – Privacy Policy

Last updated: December 2025

Controller: INAIT SA, Avenue du Tribunal‑Fédéral 34, 1005 Lausanne, Switzerland

Contact: info@inait.ai

1. Scope & Roles

This policy explains how we process personal data when you subscribe to and use the FutureComplete API (including via Microsoft Azure Marketplace) and when you interact with inait.ai.

  • Controller Role: For account, billing, and administrative data, Inait acts as a Controller.

  • Processor Role: For API Payloads and content you submit to the Services, Inait acts as a Processor and you act as the Controller.

  • DPA: For customers subject to GDPR or Swiss FADP, our standard Data Processing Agreement (DPA) forms part of your subscription terms and governs the processing of API Payloads.

2. Data We Process

  • Account/Admin Data: Name, work email, company, and subscription identifiers provided by Microsoft.

  • Subscription & Usage: Subscription key, plan status, quota, and API usage metrics.

  • API Payloads (Input): The content files and time-series data you send to the API, and the corresponding model outputs.

  • Technical Logs: Timestamps, IP addresses, user agents, and error traces.

3. Purposes

  • Provide and operate the API; authenticate, authorize, and bill.

  • Secure the service, prevent abuse, and debug incidents.

  • Communicate about service status, updates, and policy changes.

  • Comply with legal and contractual obligations.

4. Use of API Payloads (Model Training Policy)

We store payloads temporarily to process your requests and for necessary operational troubleshooting. We do not use your API payloads or Output to train, retrain, or improve our generally available generative AI models unless you have provided explicit written consent (e.g., via a specific pilot agreement).

5. Legal Bases (GDPR/Swiss FADP)

  • Contract Performance: To deliver the API and Services.

  • Legitimate Interests: For security, analytics, and service maintenance.

  • Legal Obligations: Where applicable under Swiss or EU law.

6. Sharing

  • Sub‑processors: Microsoft Azure (compute, storage). Any additional sub-processors will be notified.

  • Marketplace: Necessary billing and provisioning data is shared with Microsoft.

  • Legal: Disclosures required by law.

  • No Sale: We do not sell or share personal data for advertising.

7. International Transfers

Data is processed in the Azure regions selected for the service. If transferred outside Switzerland/EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs).

8. Retention

  • Account & Subscription Data: Retained for the subscription term + 24 months.

  • API Payloads: Retained up to 30 days by default for operational stability.

    • Note: Inait does not act as your long-term data archive. You are responsible for exporting and backing up any Output required for your own compliance or audit records.

  • Logs/Telemetry: Retained up to 90 days.

9. Security

We use encryption in transit and at rest, Azure RBAC, network isolation, and audit logging. Access to payloads is restricted to authorized personnel strictly for support and security.

10. Your Rights

You may request access, correction, deletion, restriction, or portability of your data. Contact info@inait.ai.

11. Changes

We will post updates here and revise the “Last updated” date.