Privacy Policy

AluminatAI Inc. ("AluminatAI", "we", "us", "our") operates the GPU energy monitoring platform at aluminatiai.com. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our Service.

For users in the European Economic Area (EEA), AluminatAI Inc. is the data controller. For data processed on behalf of enterprise customers, AluminatAI acts as a data processor — see Section 10 (GDPR / International Transfers).

Account Information

• Email address and password (via Supabase Auth)
• Company name and team name (optional, provided by you)
• Billing name and address (collected by Stripe during checkout)

GPU Telemetry Data

Our monitoring agent running on your infrastructure transmits to us:

• GPU UUID, index, and model name
• Power draw (watts), temperature (°C), and compute utilization (%)
• Energy delta per collection interval (joules)
• Process IDs, job IDs, and team attribution metadata
• Hostname of the machine running the agent
• Agent version and scheduler type (Kubernetes, Slurm, RunAI)

This telemetry data does not include model weights, training data, source code, or outputs of your AI workloads.

Usage Data

• Dashboard page views and feature interactions
• API request logs (endpoint, response code, timestamp — not request body)
• Browser type, IP address, and approximate geolocation (city-level)

• Providing the Service: Processing telemetry to generate cost attribution reports, dashboards, and alerts
• Billing: Calculating GPU counts for monthly invoicing via Stripe
• Communications: Sending transactional emails (account confirmation, invoices, budget alerts, product updates)
• Security: Detecting fraud, abuse, and unauthorized access
• Product improvement: Analyzing aggregated, anonymized usage patterns to improve our Service
• Legal compliance: Meeting our obligations under applicable law

We do not sell your data to third parties. We do not use your GPU telemetry data to train AI models.

We share data with the following sub-processors, each bound by data protection agreements:

• GPU metrics: Retained for 90 days from collection, then automatically deleted
• Energy manifests and chargeback reports: Retained for 3 years (required for financial audits)
• Audit logs: Retained for 90 days
• Account information: Retained for the life of your account, plus 30 days after deletion
• Billing records: Retained for 7 years as required by tax law

We implement technical and organizational measures to protect your data:

• All data transmitted between your agent and our API is encrypted via TLS 1.2+
• Data at rest is encrypted using AES-256 (managed by Supabase)
• API keys use ~340 bits of entropy and are stored as hashed values
• Row-level security policies restrict data access by user account
• Access to production systems is restricted to authorized personnel and requires MFA

To report a security vulnerability, please email security@aluminatiai.com. See our Security Policy for more details.

We use strictly necessary cookies to maintain your authenticated session (via Supabase Auth). We do not use third-party advertising cookies. Analytics cookies (if enabled) are used only for product improvement and are not shared with advertisers.

You can disable non-essential cookies in your browser settings or via the cookie consent banner shown on your first visit.

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Ask us to correct inaccurate data
• Deletion: Request deletion of your account and associated personal data (GPU telemetry, account info). Use the "Delete Account" option in Settings or email us.
• Export: Download all your data in JSON format via the dashboard Settings page
• Restriction: Ask us to restrict processing of your data in certain circumstances
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests

To exercise any of these rights, email privacy@aluminatiai.com. We will respond within 30 days.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

If you are located in the EEA or UK, your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for such transfers. Our sub-processors are listed in Section 4.

Enterprise customers requiring a Data Processing Agreement (DPA) can request one at aluminatiai.com/legal/dpa. Our DPA incorporates the EU Standard Contractual Clauses (2021/914).

To exercise your rights under GDPR or to lodge a complaint, contact our privacy team or your local data protection authority.

California residents may request disclosure of the categories and specific pieces of personal information we have collected, the purposes for which it is used, and whether it is sold or disclosed to third parties. We do not sell personal information. To submit a request, email privacy@aluminatiai.com.

We may update this Privacy Policy periodically. We will notify you of material changes by email or via the dashboard. The updated policy will be effective on the date indicated at the top of this page.

For privacy-related questions, contact us at privacy@aluminatiai.com or AluminatAI Inc., 2261 Market Street #4354, San Francisco, CA 94114.