Privacy Policy

When you create an account, we collect basic registration information such as your name, email address, company name, and billing information. This information is necessary to provide you with access to the Services and to process payments.

We collect usage data related to your interactions with the platform, including API call metadata (timestamps, model selected, token counts, response times), dashboard activity, and feature usage patterns. This data is used to provide usage analytics, generate invoices, and improve the reliability of our Services.

We do not collect, store, or log the content of your prompts or model responses. OriginalPoint operates under a strict zero data retention policy for all request and response payloads. Your prompts and the outputs generated by AI models pass through our infrastructure in real time and are not persisted to any storage system.

We may collect technical information from your browser or device, including IP address, browser type, operating system, and referring URL. We use cookies and similar technologies to maintain session state, remember preferences, and analyze aggregate traffic patterns. You can manage cookie preferences through your browser settings.

We use the information we collect to provide, maintain, and improve the Services. This includes processing API requests, generating usage reports, managing billing, providing customer support, and communicating important updates about the platform.

We do not use your data to train, fine-tune, or improve any artificial intelligence or machine learning models. Your prompts, responses, and usage patterns are never shared with model providers or any third party for model training purposes. This is a core commitment of the OriginalPoint platform.

We may use aggregated, anonymized data to analyze trends, monitor platform performance, and improve our infrastructure. This aggregate data cannot be used to identify individual users or reconstruct specific API requests.

We may send you transactional emails related to your account (such as billing receipts, security alerts, and service notifications). We may also send occasional product updates and announcements, from which you can unsubscribe at any time.

OriginalPoint follows a zero data retention policy for all prompt and response content. When you make an API request, your prompt is forwarded to the selected model provider in real time, and the response is streamed back to you. Neither the prompt nor the response is written to persistent storage at any point in this process.

Account information (name, email, billing details) is retained for as long as your account is active. If you choose to delete your account, we will remove your personal information within thirty (30) days, except where retention is required by law (for example, billing records required for tax compliance).

API usage metadata (timestamps, model identifiers, token counts) is retained for up to twelve (12) months to support usage analytics and billing reconciliation. This metadata does not include any prompt or response content.

Server access logs and security audit logs are retained for a maximum of ninety (90) days, after which they are automatically purged. These logs contain only technical information such as IP addresses and request metadata, and never include prompt or response content.

We implement industry-standard security measures to protect your information. All data transmitted between your systems and OriginalPoint is encrypted using TLS 1.3. Data stored at rest, including account information and usage metadata, is encrypted using AES-256 encryption.

Our infrastructure undergoes regular security assessments, including annual SOC 2 Type II audits conducted by independent third-party auditors. We maintain a comprehensive information security program that includes access controls, vulnerability management, incident response procedures, and employee security training.

API keys are hashed using one-way cryptographic functions and cannot be retrieved or viewed after initial creation. We support enterprise security features including SAML 2.0 single sign-on, role-based access controls, and IP allowlisting.

In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authorities in accordance with applicable data protection laws, typically within seventy-two (72) hours of becoming aware of the breach.

OriginalPoint uses a limited number of third-party service providers ("sub-processors") to help deliver the Services. Each sub-processor is subject to contractual obligations that require them to protect your data in accordance with this Privacy Policy and applicable data protection laws.

Our current sub-processors include: cloud infrastructure providers (for hosting and compute), payment processors (for billing and subscription management), email service providers (for transactional communications), and analytics platforms (for anonymized usage statistics). A complete, up-to-date list of sub-processors is available upon request.

When you make an API request through OriginalPoint, your prompt is forwarded to the AI model provider you have selected (such as OpenAI, Anthropic, Google, or others). Each provider processes your request according to their own terms and privacy policies. OriginalPoint does not control how model providers handle your data once it reaches their systems.

We will notify you of any changes to our sub-processor list at least thirty (30) days in advance. If you object to the addition of a new sub-processor, you may terminate your subscription by providing written notice within that thirty-day period.

OriginalPoint is committed to compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. Depending on your jurisdiction, you may have the following rights with respect to your personal data.

You have the right to access the personal data we hold about you, request correction of inaccurate data, and request deletion of your data. You also have the right to data portability, meaning you can request a copy of your data in a structured, commonly used, machine-readable format.

You have the right to restrict or object to the processing of your personal data in certain circumstances. If we process your data based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please contact us at privacy@originalpoint.ai. We will respond to your request within thirty (30) days. If you are located in the European Economic Area, you also have the right to lodge a complaint with your local data protection supervisory authority.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our privacy team:

OriginalPoint, Inc.
Email: privacy@originalpoint.ai

For data protection inquiries specific to the European Economic Area, you may contact our designated Data Protection Officer at dpo@originalpoint.ai.

For general questions about our platform or services, please visit our Contact page or review our Terms of Service.