Privacy Policy

1. Introduction

Welcome to Kaisar (“weˮ, “usˮ, “ourˮ). We provide AI inference services through our API platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

By using Kaisar AI Inference API, you agree to the terms outlined in this Privacy Policy.

Contact Information:

• Email: [email protected]
• Website: https://kaisar.io
• Service: https://ai00.kaisar.io

2. Information We Collect

2.1 API Usage Data

When you use our API, we automatically collect:

• Request Metadata: Timestamps, model selected, token counts (input/output)
• Technical Data: API endpoint accessed, HTTP status codes, response times
• Authentication Data: API keys (hashed), user/organization identifiers

2.2 Technical Logs

• IP addresses (for security and rate limiting)
• Error logs and debugging information

2.3 What We DO NOT Collect

• We do not store prompts or completions beyond request processing.
• We do not collect personal data from end-users of your applications.
• We do not use cookies or tracking pixels on our API.

3. How We Use Your Data

3.1 Primary Purposes

• Service Delivery: Process AI inference requests and return results
• Billing: Calculate usage and generate invoices based on token consumption
• Authentication: Verify API access and enforce rate limits

3.2 Service Improvement

• Analyze aggregate usage patterns to optimize performance
• Monitor system health and reliability metrics
• Identify and fix technical issues

3.3 Legal Compliance

• Comply with applicable laws and regulations
• Respond to legal requests (court orders, subpoenas)
• Enforce our Terms of Service

3.4 Important Commitment

We do not use your prompts or completions to train or improve AI models.

All customer data (prompts and completions) is processed in-memory and immediately discarded after the response is sent. We do not feed your data into model training pipelines.

4. Data Storage & Retention

4.1 Storage Location

• Primary Location: Vietnam

• Additional Regions: Asia Pacific (APAC) regions including:

  • Singapore (ap-southeast-1)
  • Tokyo (ap-northeast-1)
  • Sydney (ap-southeast-2)
  • Mumbai (ap-south-1)
  • Seoul (ap-northeast-2)
  • Hong Kong (ap-east-1)
• Infrastructure: Cloud infrastructure in Vietnam and APAC data centers

4.2 Retention Periods

4.3 Data Deletion:

• After retention periods, data is permanently and securely deleted
• Automated deletion processes run daily
• No backup copies are retained beyond stated periods

5. Data Security

5.1 Security Measures

• Encryption in Transit: All API communications use TLS 1.3
• API Key Security: Keys are hashed using bcrypt with salt
• Network Security: Firewall protection, intrusion detection systems
• Regular Audits: Quarterly security assessments and penetration testing

5.2 Infrastructure Security

• Isolated compute environments for inference workloads
• Automated security updates and patch management
• DDoS protection and rate limiting

5.3 Incident Response:

In the event of a data breach:

• 1. We will notify affected users within 72 hours
• 2. We will provide details of the breach and mitigation steps
• 3. We will work with authorities as required by law

6. Data Sharing & Disclosure

6.1 We Do Not Sell Your Data

We do not sell, rent, or trade personal or API data.

6.2 Limited Sharing

We may share data only in the following circumstances:

Legal Requirements:

• Court orders, subpoenas, or legal processes
• Government requests in compliance with Vietnamese law
• Protection of our legal rights or safety

Business Transfers:

• In case of merger, acquisition, or sale, your data may be transferred
• You will be notified and can opt-out before transfer

6.3 No Third-Party Analytics

We do not use third-party analytics or tracking services on our API.

7. Your Rights

7.1 Data Subject Rights

Under GDPR and Vietnamese data protection law, you have the right to:

Right to Access:

• Request a copy of your data
• Understand how your data is processed

Right to Rectification:

• Correct inaccurate or incomplete data

Right to Erasure (“Right to be Forgottenˮ):

• Request deletion of your account and associated data
• Deletion completed within 30 days

Right to Data Portability:

• Export your data in machine-readable format (JSON)

Right to Object:

• Object to data processing for specific purposes

Right to Restrict Processing:

• Request temporary halt of data processing

7.2 How to Exercise Your Rights

Contact us at: [email protected]

Include in your request:

• Your account email
• Specific right you wish to exercise
• Any relevant details

We will respond within 30 days.

8. Compliance Standards

8.1 Regulatory Compliance

• GDPR: EU General Data Protection Regulation compliant
• CCPA: California Consumer Privacy Act compliant
• Vietnam Law: Compliant with Vietnamʼs Law on Cybersecurity (2018) and Decree 13/2023

8.2 Industry Standards

• SOC 2 Type II: +In progress / Certified] (update as applicable)
• ISO 27001: +In progress / Certified] (update as applicable)

8.3 Data Protection Officer

For compliance inquiries, contact:

• Email: [email protected]
• Role: Data Protection Officer

9. International Data Transfers

9.1 Primary Processing Location

All data processing occurs in Vietnam and Asia Pacific (APAC) regions. We do not transfer data outside these regions except:

Exceptional Cases:

• User-initiated requests (e.g., data export)
• Legal requirements from international authorities

Safeguards:

• Standard Contractual Clauses (SCCs) where applicable
• Encryption during transfer
• Documented agreements with receiving parties

10. Data Processing Details

10.1 API Request Flow

• Clientsendsrequest(prompt)*EncryptedviaTLS
• APIauthenticatesrequest*APIkeyverified(hashed)
• Requestroutedtoinference*Processedin-memory
• Modelgeneratescompletion*Returnedtoclient
• Tokenusagelogged*Metadataonly(noprompt/completion)
• Responsesent*Clientreceivesresult
• Memorycleared*Promptandcompletiondiscarded

10.2 What is Logged vs. Not Logged

Logged (Metadata Only - 90 days):

• Timestamp: 2025-11-10T10:15:32Z
• Model: llama-3-70b
• Tokens: prompt_tokens:150, completion_tokens:200
• Status: 200OK

NOT Logged (Zero Retention):

• Your actual prompt text
• Model’s completion/response text
• Any content from your API requests

11. Automated Decision-Making

11.1 Limited Automation

We use automated systems for:

• Rate limiting (based on usage thresholds)
• Fraud detection (suspicious API patterns)
• Billing calculations (token usage)

You have the right to:

• Request human review of automated decisions
• Contest automated actions
• Opt-out where legally permitted

12. Policy Updates

12.1 Change Notification

We may update this Privacy Policy to reflect:

• Changes in our services
• Legal or regulatory updates
• Improved privacy practices

How Youʼll Be Notified:

• Email notification to registered users (30 days advance notice)
• Updated “Last Updatedˮ date at the top of this document
• Announcement on our website

12.2 Continued Use

By continuing to use our services after changes, you accept the updated Privacy Policy.

12.3 Version History

v1.1 - November 11, 2025: Updated based on feedback - removed end-user account sections, expanded APAC regions, updated retention to 90 days

v1.0 - November 10, 2025: Initial version

13. Contact Information

13.1 Privacy Inquiries

For questions about this Privacy Policy or our data practices:

Email: [email protected]

Response Time: Within 5 business days

13.2 Data Protection Officer

Email: [email protected]

Role: Handles compliance and data subject requests

13.3 General Support

Email: [email protected]

Website: https://kaisar.io

API Documentation: https://docs.kaisar.io

14. Legal Jurisdiction

This Privacy Policy is governed by the laws of Vietnam

Dispute Resolution:

• Initial disputes resolved via good-faith negotiation
• Formal disputes subject to jurisdiction of Vietnamese courts
• EU users retain GDPR rights regardless of jurisdiction

15. Specific Assurances for AI Services

15.1 Model Training Policy

ZERO TRAINING ON CUSTOMER DATA:

• We do not use your API requests to train AI models
• We do not use your data to improve model performance
• We do not share your data with model providers (Meta, Mistral, etc.)
• Models are pre-trained and served as-is

15.2 Prompt Completion Handling

• Prompts are processed in-memory only
• Completions are generated and immediately returned
• No persistent storage of text content
• No logging of sensitive information

15.3 Model Hosting

• Models hosted on our own infrastructure
• Full control over data processing pipeline

16. Transparency Report

We commit to publishing an annual transparency report including:

• Number of legal data requests received
• Number of accounts affected
• Types of requests (government, court orders, etc.)

First Report: December 31, 2025

Appendix: Key Definitions

• Personal Data: Information that identifies or can identify an individual.
• Processing: Any operation performed on data (collection, storage, use, deletion)
• Data Controller: Kaisar (we determine how data is processed)
• Data Processor: Third-party services acting on our instructions
• Data Subject: You (the user of our services)
• Inference: AI modelʼs process of generating outputs from inputs
• Metadata: Data about data (timestamps, counts) - not content itself

Summary for Quick Reference

End of Privacy Policy

Effective: November 10, 2025

Version: 1.1

Published at: https://kaisar.io/compute-provider-privacy-policy