Privacy
Privacy Policy
This policy explains how inwire.ai collects, uses, discloses, and protects personal information across our website, platform, APIs, model endpoints, support channels, and partner-routed inference traffic.
Last updated: May 7, 2026
Quick Summary
- We do not sell personal information.
- We do not share personal information for cross-context behavioral advertising.
- We do not train or fine-tune models on customer prompts, completions, outputs, files, tool calls, or other customer content by default.
- We do not persistently store AI prompts or outputs by default unless a customer enables logging, observability, debugging, evaluation, or retention features.
- We process customer content to provide the requested service, secure the service, prevent abuse, comply with law, and honor customer configuration.
- We retain operational metadata for billing, reliability, security, usage analytics, debugging, and platform operations.
Who We Are
This Privacy Policy applies to Inwire AI, Inc., doing business as inwire.ai ("Inwire", "we", "us", or "our"). For website visitors, account users, demo requesters, business contacts, and prospective customers, Inwire generally acts as the controller or business.
For prompts, completions, model inputs, model outputs, files, tool calls, retrieval content, evaluation records, fine-tuning data, and other content submitted by or on behalf of a customer through the platform, APIs, or model endpoints ("Customer Content"), Inwire generally acts as a processor or service provider on behalf of the customer.
Contact Information
Privacy questions and data requests: privacy@inwire.ai
Security reports: security@inwire.ai
Support: support@inwire.ai
You can also use our privacy request page. Our legal mailing address will be provided in customer agreements and privacy correspondence.
Notice at Collection
We collect the categories of personal information below for service delivery, security, billing, support, compliance, communications, and product operations. We do not sell or share these categories for cross-context behavioral advertising.
| Category | Examples | Sources | Retention |
|---|---|---|---|
| Contact and account information | Name, email, phone, company, role, username, workspace, account role | You, your organization, business partners | Account lifetime plus a reasonable period for legal, audit, security, and business records |
| Authentication and security information | Login identifiers, hashed credentials, API key identifiers, IP address, device data, audit logs | You, your device, your organization, security systems | Usually 12-24 months for logs, longer if needed for security, legal, or audit purposes |
| Billing and transaction information | Billing contacts, invoices, payment status, usage totals, tax information | You, your organization, payment processors, billing providers | Usually 7 years or as required by tax and accounting law |
| Website and device information | IP address, browser type, pages visited, referring pages, cookie identifiers, approximate location | Your browser, device, cookies, analytics tools | Usually up to 24 months unless longer retention is required |
| Product usage and operational metadata | Request ID, model ID, endpoint, token counts, latency, status code, region, timestamp, usage metrics | Platform, APIs, model endpoints, gateways, customer configuration | Usually up to 36 months for billing, reliability, analytics, and audit records |
| Customer Content and AI payloads | Prompts, messages, completions, outputs, files, tool calls, retrieval context, evaluation examples | Customers, customer applications, authorized users, API gateways, integrations | Not persistently stored by default for inference payloads; retained by customer configuration when logging or storage features are enabled |
| Support and communications | Support tickets, chat messages, emails, call notes, feedback, bug reports, attachments | You, your organization, support tools | Usually up to 3 years after last interaction unless longer retention is required |
AI Inference, Prompts, and Outputs
Customer Content includes prompts, chat messages, completions, model outputs, system prompts, files, retrieval context, tool definitions, tool inputs and outputs, agent traces, evaluation examples, fine-tuning datasets, logs or transcripts enabled by the customer, and other data processed by customer-configured workflows.
For standard inference requests, Customer Content may be held temporarily in memory during request processing. Prompts and outputs are not persistently stored by default. Operational metadata may still be retained for billing, security, reliability, abuse prevention, debugging, and analytics.
We do not use Customer Content to train, fine-tune, evaluate, or improve models unless the customer explicitly enables or contracts for that use, such as by uploading data for fine-tuning, configuring an evaluation workflow, opting into feedback, authorizing debugging, or signing an agreement that permits it.
Zero Data Retention and Partner-Routed Traffic
Where available and enabled, Inwire may offer zero data retention or reduced retention endpoints. For zero data retention endpoints, Customer Content is processed only to complete the request, prompts and outputs are not persistently stored, and operational metadata may still be retained for billing, security, reliability, and compliance.
If a marketplace, API gateway, model router, or partner platform routes inference traffic to Inwire, we may receive the request payload, model identifier, sampling parameters, routing metadata, authentication metadata, privacy or retention flags, streaming preferences, tool definitions or tool-call payloads, usage and billing metadata, and information needed to return a response. We process that data to provide inference, maintain reliability, secure the service, prevent abuse, and support billing and operations.
Disclosures and Subprocessors
We may disclose personal information to service providers and subprocessors that help operate the business and platform, including cloud infrastructure, GPU and compute providers, storage, observability, logging, security monitoring, identity, payment, billing, email, analytics, customer support, CRM, collaboration, professional advisors, contractors, affiliates, customer-directed integrations, and marketplace or routing partners.
Our subprocessor information is available at /subprocessors.
Cookies and Privacy Signals
We may use strictly necessary, functional, analytics, and marketing cookies where permitted. You can manage cookies through your browser settings. Because we do not sell personal information or share personal information for cross-context behavioral advertising, Global Privacy Control and similar opt-out signals do not change our current sale or share practices. We do not currently respond to browser Do Not Track signals because there is no uniform industry standard.
Privacy Rights
Depending on where you live, you may have rights to access, correct, delete, port, restrict, or object to processing of personal information; withdraw consent; opt out of sale, sharing, targeted advertising, or certain profiling; limit certain uses of sensitive personal information; appeal a denied request; and avoid discrimination for exercising your rights.
Submit requests at /privacy-request or by emailing privacy@inwire.ai. If we process your personal information as a processor or service provider for a customer, we may refer the request to that customer or assist the customer in responding.
GDPR, UK GDPR, and International Transfers
If GDPR, UK GDPR, Swiss, or similar laws apply, we rely on legal bases such as performance of a contract, legitimate interests, consent, legal obligation, and customer instructions, depending on the processing context. Where required for international transfers, we use appropriate safeguards such as Standard Contractual Clauses, the UK International Data Transfer Addendum, data processing agreements, vendor contracts, customer-approved regional processing terms, or other lawful mechanisms.
Security, Children, and Changes
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, role-based permissions, audit logging, tenant isolation, secret management, vulnerability management, monitoring, and incident response. No system is perfectly secure, and customers are responsible for protecting their own credentials, API keys, applications, and user devices.
Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. We may update this Privacy Policy from time to time by updating this page and the last updated date.