Privace.ai

Legal

Privacy Statement

Last updated July 2026

Privace.ai is built around a single principle: sensitive data should never leave your perimeter un-redacted. This statement describes what we collect and how we handle it.

What we process

The redaction gateway detects and tokenizes PII, PHI and PCI before a query reaches any public LLM. Original values are never written to logs — we store only reversible, encrypted original↔token maps, encrypted at rest, and log the token reference (e.g. <PII:person_name#3>) rather than the value.

Authentication

Sign-in is handled by a dedicated, industry-standard authentication provider. We store the minimum identity data needed to associate your organization, sessions and audit history with your account.

Data residency

Backend services and storage run on enterprise-grade managed cloud infrastructure. Audit exports and artifacts are held in access-controlled object storage; provider and service keys live only in a managed secret store, never in code or on disk.

Contact

Questions about this statement? Email privacy@privace.ai.