Privacy Policy

Last updated: 2026-05-12

This Privacy Policy describes how 5CEOs, Inc. ("5CEOs", "we") collects, uses, and discloses information when you use the CogOS Service.

The CogOS architectural commitment: the inference engine that processes your prompts is deployed as a sibling container to the gateway, in the same managed environment of a single cloud hosting provider, with internal-only ingress. Your prompt contents and model outputs are not transmitted to any third-party language-model API provider (such as OpenAI, Anthropic, Google, Cohere, Mistral, Fireworks, Together, DeepInfra, Modal, Replicate, Groq, or similar) as part of providing the Service. The vendor-exclusion property is enforced at deployment-policy level; see the open-source determinism bench for the externally verifiable evidence layer.

1. Information We Collect

Account information: name, email, and billing details collected by our payments processor (Stripe).
API requests: the prompts, messages, schemas, and other request fields you submit to /v1/chat/completions.
API responses: the outputs returned by the inference engine.
Telemetry: request timestamp, API key identifier, tenant identifier, model identifier, token counts, latency, schema-enforcement flag, request ID, HTTP status.
Audit log: append-only record of metering events (the fields above) for billing reconciliation and operational diagnostics.
Server logs: IP address, user-agent, and HTTP request metadata, retained for security and operational purposes.

2. How We Use Information

To provide the Service (route requests to the inference engine, enforce quotas, return responses).
To bill for usage (via Stripe; Compliance and Enterprise plans are invoiced separately).
To detect and mitigate abuse, including violations of the Acceptable Use Policy.
To diagnose operational issues, including correlating individual requests with system-level events.
To publish aggregated, de-identified determinism and reliability metrics via the open-source bench (no individual request content is included).

3. What We Do NOT Do

We do not train language models on Customer prompts or outputs.
We do not sell or rent Customer data.
We do not transmit Customer prompts or outputs to any third-party language-model API provider.
We do not retain raw prompt or response bodies after the response is delivered to the Customer, with the exception of operational debugging windows described below.

4. Retention

Prompt and response bodies: not retained after delivery to the Customer. (Operational note: anonymized request-level entries may exist in transient debug logs for up to 7 days for diagnostics.)
Audit log (telemetry only): retained for 24 months for billing reconciliation. No prompt content is in the audit log.
Server logs: retained for 90 days, then purged.
Account and billing records: retained for the longer of the duration of the subscription plus 7 years, or as required by applicable tax or financial regulations.

5. Sub-processors

The following sub-processors receive Customer data in the course of providing the Service:

Microsoft Azure (East US, or Customer-selected region for Enterprise) — hosts the gateway and inference engine. All Customer prompts and outputs are processed within the Azure infrastructure under our account.
Stripe — processes subscription payments and stores billing details. Subject to Stripe's privacy policy.
GitHub — hosts the open-source determinism bench and publishes aggregated reliability metrics. No Customer prompt or response content is published.

5CEOs will provide thirty (30) days' notice of any new sub-processor by updating this policy and notifying Compliance and Enterprise customers via email.

6. International Transfers

By default, Customer data is processed in Microsoft Azure's East US region. Enterprise customers may select an alternative region (US-West, EU, APAC) under their order form. We do not transfer Customer prompts or outputs across regions without explicit Customer instruction.

7. Security

All connections to the Service use TLS 1.2 or higher.
API Keys are stored as SHA-256 hashes; plaintext values are only displayed once at issuance.
Administrative credentials are stored in Azure Container Apps secrets and not exposed in environment variables or source code.
The inference engine has internal-only ingress; it is not reachable from the public internet.
Compliance plans include SOC 2 Type II reports on request; Enterprise plans include the SOC 2 report and additional security review documentation under NDA.

8. Customer Rights

You have the right to:

Access the personal information we hold about you.
Correct inaccurate information.
Request deletion of your account and associated data (subject to legal retention requirements).
Export your usage records.
Object to or restrict processing (which may require account cancellation).
Lodge a complaint with a supervisory authority (for GDPR jurisdictions).

To exercise these rights, contact privacy@5ceos.com.

9. Children's Privacy

The Service is not directed to children under 16, and we do not knowingly collect information from children.

10. Changes to This Policy

We will post material changes here with a new "Last updated" date and notify Compliance/Enterprise customers via email at least 30 days in advance.

11. Contact

Privacy questions: privacy@5ceos.com.
Data Protection Officer / DPA requests: legal@5ceos.com.