Legal

Privacy, without the fog.

This policy explains what Policate processes and the controls customers retain. Last updated July 15, 2026.

Information we process

We process account and workspace details, authentication and security events, billing identifiers, support messages, product configuration, and service telemetry. When Gateway mode is enabled, prompts and model responses pass through Policate to enforce the policies you configure. Direct mode keeps provider inference on the customer device: Policate receives dashboard activity plus signed-configuration sync and adoption status, while any additional telemetry is sent only when the workspace explicitly enables it.

How we use information

We use information to provide and secure the service, route and govern AI requests, calculate usage and active seats, deliver notifications, respond to support requests, prevent abuse, and improve reliability. We do not sell personal information or use customer prompts to train general-purpose models.

Service providers and transfers

Policate uses infrastructure, database, payment, email, observability, and customer-selected AI providers to operate the service. Data may be processed in the regions selected by the customer and where those providers operate. Enterprise controls, including residency and provider restrictions, apply according to the workspace configuration and order terms.

Retention and deletion

We retain account and service data while the workspace is active and as needed for security, billing, audit, dispute, and legal obligations. Workspace owners can request export or deletion through the Help Center. Some security, billing, backup, and audit records may remain for a limited period after closure where deletion is technically delayed or retention is required by contract or law.

Security

We use encryption in transit, access controls, secret isolation, scoped credentials, tenant boundaries, audit trails, and fail-closed policy enforcement. No service can eliminate every risk; customers remain responsible for protecting their credentials, selecting appropriate providers, and configuring policies for their data.

Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or export personal information, or object to certain processing. Workspace administrators control most business-account data. Contact us through the Help Center and we will verify and respond to eligible requests.

Updates and contact

We may update this policy as the service changes. Material changes will be communicated in the product or by email before they take effect when required. Privacy questions and requests can be sent through the Policate Help Center.