Direct Inference

Privacy Policy

Direct Inference Privacy Policy

Last Updated: June 23, 2026

This policy describes the personal data practices for Direct Inference, a service provided by Synthetic Brain Labs, Inc.. It is written to cover the product, the API, the dashboard, and the public site.

1. Scope of This Privacy Policy

This Privacy Policy explains how Synthetic Brain Labs, Inc. ("we," "our," or "us") collects, uses, retains, discloses, and otherwise processes personal data in connection with Direct Inference, our AI inference service, dashboard, websites, documentation, APIs, and related support services (collectively, the "Service").

This Privacy Policy does not apply to personal data we process for a product, service, or relationship that has its own privacy notice. If another privacy notice or written agreement applies to your use of a specific service, that notice or agreement controls for that service.

2. How We Collect Personal Data and What We Collect

We may collect personal data directly from you, automatically when you use the Service, from your organization or account administrators, and from third parties that help us provide the Service.

The personal data we process may include:

  • Account and profile data, such as name, email address, organization, role, account identifiers, authentication information, settings, and billing information.
  • Service interaction data, such as prompts, uploaded content, outputs, request and response metadata, request identifiers, feature usage, feedback, session data, timestamps, cost and usage records, and support context.
  • Technical and security data, such as IP address, browser type, device and operating-system information, diagnostic logs, crash logs, security signals, cookies or similar technologies, and API-key activity.
  • Billing and commercial data, such as payment status, invoices, credits, usage, spend caps, and transaction records. Payment-card data is processed by our payment processor and is not stored by us in full.
  • Support and communications data, such as contact forms, support tickets, survey responses, security-review requests, correspondence, and communications preferences.

Aggregated and de-identified data

We may aggregate or de-identify the information described above. Aggregated or de-identified data is not personal data under this Privacy Policy, and we may use it for analytics, reliability, security, product improvement, and business purposes.

Service availability

Without certain personal data, we may be unable to provide all or part of the Service, including account access, API authentication, billing, support, security, and compliance functions.

3. Purposes of Processing Personal Data

We may process personal data for the following purposes:

  • To provide, operate, maintain, secure, support, and improve the Service.
  • To authenticate users, provision accounts, administer API keys, process billing, enforce spend controls, and provide customer support.
  • To analyze usage, measure reliability and performance, debug issues, investigate incidents, perform quality assurance, and maintain service integrity.
  • To prevent fraud, abuse, security incidents, and unauthorized access; to enforce our terms, policies, and agreements; to resolve disputes; and to comply with legal obligations.
  • To communicate with you about the Service, account administration, security updates, billing, product changes, and requests or inquiries you send us.
  • To develop and improve our systems using operational, aggregated, de-identified, or otherwise privacy-protective data.

No training on customer prompts or outputs

We do not use customer prompts, uploaded content, or outputs submitted to the Service to train or fine-tune models. Inference is the product; your traffic is not a training data set for us.

We may use limited operational metadata, aggregated data, de-identified data, evaluations you expressly provide for that purpose, or information from public or licensed sources to improve the Service, subject to applicable law and our contractual commitments.

4. Disclosure of Personal Data

We may disclose personal data to the following recipients for the purposes described above and as otherwise permitted or required by applicable law:

  • Authorized vendors, service providers, and contractors, including providers of AI model inference, cloud infrastructure, hosting, authentication, security, analytics, payment processing, customer support, email delivery, and business operations.
  • Professional advisers, auditors, insurers, and consultants.
  • A buyer, successor, or other participant in connection with a merger, acquisition, financing, reorganization, bankruptcy, sale of assets, or similar corporate transaction.
  • Government authorities, courts, regulators, law-enforcement bodies, or other third parties where we believe disclosure is required or appropriate for legal, compliance, security, or safety reasons.
  • Other third parties when you direct us to disclose the information, consent to the disclosure, or the disclosure is otherwise described at the time of collection.

5. International Transfers of Personal Data

We are based in the United States, and personal data may be processed in the United States and in other countries where we, our vendors, or our service providers operate. These countries may have data-protection laws that differ from the laws of your country or region.

Where required, we use appropriate safeguards for international transfers, such as transferring data to jurisdictions recognized as providing adequate protection, entering into data-transfer agreements or standard contractual clauses, relying on other lawful transfer mechanisms, or obtaining consent where applicable.

You may request more information about transfer safeguards by contacting us at security@directinference.com.

6. Retention of Personal Data

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law, regulation, contract, security need, or legitimate business purpose.

Retention periods may vary based on the type of data, account status, billing and tax obligations, audit requirements, security needs, backup practices, dispute resolution, and operational requirements. We may retain aggregated or de-identified data indefinitely where permitted by law.

7. Your Rights and Choices

Depending on where you are located, you may have rights regarding your personal data, including the right to access, correct, delete, or receive a copy of your personal data; to object to or restrict certain processing; to withdraw consent where processing is based on consent; and to appeal or lodge a complaint with a regulator.

You may exercise available rights through account tools we make available or by contacting us at security@directinference.com. We may take steps to verify your identity and authority before responding to a request.

Because we do not use customer prompts, uploaded content, or outputs to train or fine-tune models, there is no separate training opt-out required for that use.

8. Security

We use technical, administrative, and organizational safeguards designed to protect personal data against unauthorized access, disclosure, alteration, loss, misuse, and destruction. These safeguards may include encryption, access controls, logging, monitoring, employee training, least-privilege practices, vendor diligence, and security-review processes.

No system is perfectly secure. You are responsible for safeguarding your credentials and API keys, using appropriate access controls, and notifying us promptly if you believe your account or credentials have been compromised.

9. Children

The Service is intended for users who are at least eighteen (18) years old. We do not knowingly collect or process personal data from children under eighteen (18). If we learn that we have collected personal data from a child, we will delete it as soon as reasonably practicable.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the last-updated date above and may provide additional notice through the Service or other reasonable means. We encourage you to review this Privacy Policy periodically.

11. Contact

If you have questions, requests, concerns, or complaints about this Privacy Policy or our processing of personal data, please contact Synthetic Brain Labs, Inc. at security@directinference.com.

For Residents of California

California Privacy Addendum

1. Scope of This California Addendum

This California addendum supplements the Privacy Policy for California residents and explains how we process personal information under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 and its implementing regulations (collectively, the CCPA).

If you are a consumer within the meaning of the CCPA, this addendum applies to you. If this addendum conflicts with the Privacy Policy, this addendum controls for California residents.

2. CCPA Disclosures

A. Collection of personal information

In the preceding twelve (12) months, we may have collected the following categories of personal information, as described in Section 2 of the Privacy Policy:

  • Identifiers, such as name, email address, organization, account identifiers, IP address, request identifiers, and similar identifiers.
  • Customer records information, such as billing information, account settings, support records, and correspondence.
  • Commercial information, such as subscriptions, credits, invoices, transaction records, usage, spend caps, and billing history.
  • Internet or other electronic network activity information, such as browser information, device information, feature usage, diagnostics, security logs, and API-key activity.
  • Professional or employment-related information, such as organization, role, and business contact details if you use the Service on behalf of an organization.
  • Sensitive personal information, such as account log-in information in combination with credentials, API keys, or other information that permits account access.
  • Inferences drawn from the information above, such as account-health, usage, security, or support signals.

B. Purposes, sources, and retention

We collect personal information from the sources described in Section 2 of the Privacy Policy and use it for the business and commercial purposes described in Section 3 of the Privacy Policy.

We retain each category of personal information as described in Section 6 of the Privacy Policy.

C. Sale, sharing, and disclosure

We do not sell personal information and do not share personal information for cross-context behavioral advertising. We do not knowingly sell or share the personal information of consumers under sixteen (16) years old.

In the preceding twelve (12) months, we may have disclosed the categories of personal information listed above to service providers, contractors, and other recipients described in Section 4 of the Privacy Policy for business or commercial purposes.

3. California Privacy Rights and Requests

Subject to applicable exceptions, California residents may have the following rights:

  • Right to know and access categories and specific pieces of personal information we have collected about you.
  • Right to delete personal information we collected from you or maintain about you.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing of personal information. We do not sell or share personal information as those terms are defined by the CCPA.
  • Right to limit use and disclosure of sensitive personal information where required by the CCPA. We do not use or disclose sensitive personal information for purposes that require a right to limit.
  • Right not to receive discriminatory treatment for exercising privacy rights.

To exercise these rights, contact us at security@directinference.com. We will verify your identity before fulfilling a request and may require an authorized agent to provide proof of authority.

4. California Do Not Track

California law requires us to state how we respond to Do Not Track browser signals. We do not currently respond to Do Not Track signals because a uniform technical standard has not been adopted.

5. California Shine the Light

Within the meaning of California's Shine the Light law, we do not disclose personal information to third parties for their own direct-marketing purposes.

For U.S. Residents of Certain States Other Than California

Other State Privacy Addendum

1. Scope of This Other States Addendum

This addendum applies to residents of U.S. states with comprehensive consumer privacy laws, including Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, and other states where similar laws are effective.

This addendum supplements the Privacy Policy and controls for residents of those states if it conflicts with the Privacy Policy.

2. Collection and Disclosure of Personal Data

Please see Sections 2, 3, and 4 of the Privacy Policy and Section 2 of the California addendum for information about the categories of personal data we collect, the purposes for which we process it, and the categories of recipients to whom we disclose it.

3. Your Rights and Requests

Depending on your state, you may have rights to access personal data, obtain a portable copy, correct inaccuracies, delete personal data, opt out of certain processing, appeal a privacy-rights decision, and avoid discriminatory treatment for exercising your rights.

To exercise available rights, contact us at security@directinference.com. We may verify your identity and authority before responding, and the rights available to you will depend on the law of your state.