Privacy

Privacy policy for hosted, managed private, and air-gapped deployments.

Last updated: 2026-04-07. Hosted, dedicated-hardware, and air-gapped modes have different control boundaries, and this policy maps those boundaries instead of treating ChtSafe like one generic cloud service.

Core principle: We do not use ad trackers on this site, and we do not use customer prompts or enterprise workloads for general model training unless a customer explicitly commissions that work as part of a private fine-tuning project.

1. Controller and scope

This policy applies to the ChtSafe marketing site, the hosted ChtSafe portal, managed private deployments operated by Innovius, and enterprise projects where Innovius provides deployment or support services.

The service is operated by Innovius UG (haftungsbeschraenkt), Elbestrasse 1A, 14513 Teltow, Germany. For privacy requests, contact privacy@chtsafe.com or dpo@innovius.ai.

2. Deployment-specific privacy boundaries

  • Hosted ChtSafe: Innovius operates the portal, billing layer, and ShinrAI routing surface.
  • Managed private deployment: Innovius operates a customer-specific environment with stricter routing, model, and retention controls.
  • Dedicated hardware deployment: customer-specific workloads can run on physically separate hardware appliances rather than a generic shared runtime.
  • Enterprise on-prem or air-gapped: the customer controls the runtime environment, access model, and local retention policy. Innovius only processes data required for agreed support or deployment work.

3. Data we process

Account and commercial data

  • Email address and authentication metadata needed to operate your account.
  • Plan, subscription, invoicing, and usage-balance records required for billing and abuse prevention.
  • Enterprise contact details, deployment notes, and commercial correspondence.

Service operation data

  • Minimal routing and reliability logs required to deliver requests and investigate failures.
  • Aggregated usage signals used for fair-use enforcement, cost control, and capacity planning.
  • Support tickets or incident reports that you intentionally submit to us.

4. Data we avoid collecting or using

  • No ad-tech profiling, third-party analytics tags, or behavioral marketing trackers on this site.
  • No deliberate resale of customer data.
  • No automatic reuse of customer prompts, media inputs, or workflow payloads to improve general public models.
  • No permanent link between a routed model request and the real-world identity of the end user when ShinrAI protection is active.

5. How ShinrAI reduces exposure

  • PII detection and anonymization: identifying details can be transformed before a request reaches a third-party model route.
  • Route obfuscation: requests are routed through an Innovius-controlled layer so the destination model provider does not receive the original user identity context by default.
  • Encrypted transport and protected storage: data is protected in transit, and platform storage is designed to reduce operator visibility.
  • Region pinning only when requested: customers may request region-specific handling, but this can reduce the privacy benefits of broader route obfuscation.
  • Deployment-specific request paths: hosted, dedicated-hardware, and air-gapped environments do not share the same data path. The public overview is described on the ChtSafe Security page.

6. Model providers and subprocessors

ChtSafe can broker access to Innovius-hosted models and third-party model providers. We choose providers and routes according to the selected model, privacy mode, pricing layer, and customer deployment model.

Payment and accounting functions may rely on specialized service providers. Enterprise customers can request deployment-specific subprocessor information, DPA support, and additional security review material during procurement.

7. Retention

  • Commercial records are retained as required by applicable tax and accounting law.
  • Operational logs are retained only as long as needed for service security, billing reconciliation, and troubleshooting.
  • Customer-controlled or on-prem deployments follow the retention settings agreed with that customer.
  • Account deletion requests remove or anonymize account-linked data unless retention is legally required.

8. Your rights

You may request access, correction, deletion, restriction, export, or objection where applicable. Enterprise end users may need to route requests through their employer or deployment owner when the employer controls the environment.

To request deletion of a hosted account, use the account deletion guide or contact privacy@chtsafe.com.

9. Security and contact

If you discover a security issue, please review the Security page, security.txt, and contact info@innovius.ai. We aim to respond within 48 hours.

General questions can be sent to info@chtsafe.com.

Need enterprise privacy boundaries in writing?

We can walk through hosted, dedicated-hardware, and fully air-gapped deployment modes with your security team.

Review security boundaries Review enterprise options