Legal Information

Privacy Policy, Terms of Service, and Security practices for TauGuard AI Safety Platform

Privacy Policy

At TauGuard AI ("TauGuard," "we," "us," or "our"), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI safety and hallucination detection platform.

Effective Date: January 15, 2025

This Privacy Policy applies to all users of TauGuard's services, including our website, dashboard, API, and related services (collectively, the "Services").

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, company name, job title, and password when you create an account
  • Payment Information: Billing details, credit card information (processed securely through third-party payment processors)
  • Communication Data: Information you provide when contacting our support team or participating in surveys
  • Profile Information: Optional information you choose to add to your user profile

1.2 Information We Collect Automatically

  • Usage Data: Information about how you interact with our Services, including features used, actions taken, and time spent
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Server logs, error reports, and diagnostic information
  • Cookies and Tracking: We use cookies and similar technologies to enhance user experience and analyze usage patterns

1.3 AI Safety Data

  • AI Outputs: Content analyzed by our hallucination detection system
  • Detection Results: Coherence scores, risk assessments, and intervention logs
  • Configuration Data: Your safety rules, thresholds, and intervention settings
  • Integration Data: Information about your AI systems and integration configurations

2. How We Use Your Information

We use the collected information for the following purposes:

Purpose Description Legal Basis (GDPR)
Service Delivery Provide, maintain, and improve our AI safety services Contract Performance
Account Management Create and manage your account, authenticate users Contract Performance
Communication Send service updates, security alerts, support messages Legitimate Interest
Analytics Analyze usage patterns to improve our Services Legitimate Interest
Security Detect and prevent fraud, abuse, and security threats Legal Obligation
Compliance Comply with legal obligations and enforce our terms Legal Obligation

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: Third-party vendors who perform services on our behalf (cloud hosting, payment processing, analytics) under strict confidentiality agreements
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, subject to the same privacy protections
  • Legal Requirements: When required by law, court order, or to protect our legal rights
  • With Your Consent: When you explicitly authorize us to share your information
  • Aggregate Data: We may share anonymized, aggregated data that cannot identify you personally

4. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and principle of least privilege
  • Infrastructure Security: SOC 2 Type II compliant infrastructure with regular security audits
  • Monitoring: 24/7 security monitoring and incident response procedures
  • Employee Training: Regular security awareness training for all team members
Important Security Note

While we implement robust security measures, no system is 100% secure. We cannot guarantee absolute security of your data. Please use strong passwords and enable two-factor authentication.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide our Services to you
  • Comply with legal obligations (e.g., tax, accounting requirements)
  • Resolve disputes and enforce our agreements
  • Maintain security and prevent fraud

Retention Periods:

  • Account data: Retained while your account is active plus 90 days after closure
  • AI safety data: Retained for 2 years or as configured in your settings
  • Financial records: Retained for 7 years per legal requirements
  • Logs and analytics: Retained for 13 months

6. Your Privacy Rights

Depending on your location, you may have the following rights:

GDPR Rights (EU/EEA Users)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restriction: Limit how we process your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

CCPA Rights (California Users)

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to opt-out of the sale of personal information
  • Right to deletion of personal information
  • Right to non-discrimination for exercising privacy rights

To exercise your rights, contact us at privacy@tauguard.xyz. We will respond within 30 days.

7. International Data Transfers

TauGuard is based in the United States. If you access our Services from outside the US, your information may be transferred to, stored, and processed in the US or other countries where our service providers operate.

We ensure adequate protection for international transfers through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Other legally compliant transfer mechanisms

8. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@tauguard.xyz.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in our Services

Your continued use of our Services after the effective date of changes constitutes acceptance of the updated Privacy Policy.

Terms of Service

Welcome to TauGuard AI. These Terms of Service ("Terms") govern your access to and use of TauGuard's AI safety and hallucination detection platform, including our website, dashboard, API, and related services (collectively, the "Services").

Important: Binding Agreement

By accessing or using our Services, you agree to be bound by these Terms. If you do not agree to these Terms, do not use our Services.

1. Acceptance of Terms

These Terms constitute a legally binding agreement between you ("you," "your," or "Customer") and TauGuard AI ("TauGuard," "we," "us," or "our"). By creating an account, accessing our Services, or using our API, you represent that:

  • You are at least 18 years of age
  • You have the authority to bind the organization you represent
  • All information you provide is accurate and complete
  • You will comply with all applicable laws and regulations

2. Service Description

TauGuard provides AI safety and hallucination detection services, including:

  • Real-Time Detection: Analysis of AI outputs for hallucinations and inaccuracies
  • Active Intervention: Automated response blocking and correction systems
  • Safety Analytics: Dashboards, reporting, and audit trails
  • API Access: Programmatic integration with your AI systems
  • Support Services: Technical support and documentation
Service Availability

We strive for 99.9% uptime but do not guarantee uninterrupted service. We may modify, suspend, or discontinue Services with reasonable notice.

3. Account Registration and Security

3.1 Account Creation

To use our Services, you must create an account. You agree to:

  • Provide accurate, current, and complete information
  • Maintain and update your account information
  • Keep your password secure and confidential
  • Notify us immediately of unauthorized access

3.2 Account Responsibility

You are responsible for all activities under your account. You agree not to share your account credentials or allow unauthorized access. We are not liable for losses resulting from unauthorized account use.

4. Acceptable Use Policy

You agree NOT to use our Services to:

  • Violate any laws, regulations, or third-party rights
  • Transmit malicious code, viruses, or harmful software
  • Attempt to gain unauthorized access to our systems
  • Interfere with or disrupt our Services or servers
  • Reverse engineer, decompile, or disassemble our software
  • Use our Services for competitive analysis or benchmarking
  • Resell or redistribute our Services without authorization
  • Remove or modify any proprietary notices
  • Use automated systems to access our Services excessively
  • Engage in fraudulent or deceptive practices

5. Subscription and Payment Terms

5.1 Subscription Plans

Our Services are offered through subscription plans as described on our pricing page. By subscribing, you agree to pay all applicable fees.

5.2 Billing

  • Recurring Charges: Subscriptions auto-renew unless cancelled
  • Payment Method: You authorize us to charge your payment method
  • Price Changes: We may modify pricing with 30 days' notice
  • Taxes: Fees exclude applicable taxes (VAT, sales tax, etc.)

5.3 Refunds

Fees are non-refundable except as required by law or explicitly stated in your plan. We may provide refunds at our discretion for unused service periods.

5.4 Free Trials

Free trials are for evaluation purposes only. We may limit trial availability and require payment information. Trials convert to paid subscriptions unless cancelled.

6. Intellectual Property Rights

6.1 TauGuard IP

All Services, including software, algorithms, designs, trademarks, and content, are the exclusive property of TauGuard and protected by intellectual property laws. You receive a limited, non-exclusive, non-transferable license to use our Services.

6.2 Customer Data

You retain ownership of your data submitted to our Services ("Customer Data"). You grant us a limited license to process Customer Data solely to provide Services. We do not claim ownership of your AI outputs or configurations.

6.3 Feedback

Any feedback, suggestions, or ideas you provide become our property. We may use feedback without obligation or compensation to you.

7. Data Protection and Privacy

Our collection and use of personal information is governed by our Privacy Policy. As a data processor, we:

  • Process Customer Data only per your instructions
  • Implement appropriate security measures
  • Assist with data subject requests
  • Maintain SOC 2 Type II compliance
  • Use subprocessors only with your consent

8. Service Level Agreement (SLA)

Metric Target Measurement
Uptime 99.9% Monthly basis, excluding maintenance
API Response Time < 200ms (p95) 95th percentile monthly
Detection Latency < 3ms average Mean monthly latency
Support Response < 24 hours Business days for paid plans

SLA Credits: If we fail to meet uptime commitments, eligible customers may receive service credits per our SLA policy (available upon request).

9. Warranties and Disclaimers

9.1 Our Warranties

We warrant that:

  • Services will perform substantially as described
  • We will provide Services professionally and competently
  • We have the right to provide the Services

9.2 Disclaimers

Important Limitation

EXCEPT AS EXPRESSLY PROVIDED, SERVICES ARE PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.

WE DO NOT GUARANTEE THAT SERVICES WILL BE ERROR-FREE, UNINTERRUPTED, OR FREE FROM HARMFUL COMPONENTS. AI DETECTION IS NOT 100% ACCURATE. YOU ARE RESPONSIBLE FOR VALIDATING AI OUTPUTS.

10. Limitation of Liability

Liability Cap

TO THE MAXIMUM EXTENT PERMITTED BY LAW, TAUGUARD'S TOTAL LIABILITY ARISING FROM OR RELATED TO THESE TERMS OR THE SERVICES SHALL NOT EXCEED THE FEES PAID BY YOU IN THE 12 MONTHS PRECEDING THE CLAIM.

IN NO EVENT SHALL TAUGUARD BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING LOST PROFITS, LOST DATA, OR BUSINESS INTERRUPTION, EVEN IF ADVISED OF THEIR POSSIBILITY.

Some jurisdictions do not allow limitation of liability, so these limitations may not apply to you.

11. Indemnification

You agree to indemnify, defend, and hold harmless TauGuard from claims, damages, and expenses (including attorneys' fees) arising from:

  • Your use of the Services
  • Your violation of these Terms
  • Your violation of any rights of third parties
  • Your Customer Data
  • Your negligence or willful misconduct

12. Term and Termination

12.1 Term

These Terms begin when you accept them and continue until terminated.

12.2 Termination by You

You may terminate your subscription at any time through your account settings. Termination is effective at the end of your current billing period.

12.3 Termination by Us

We may suspend or terminate your access if:

  • You violate these Terms
  • Your account is 30+ days past due
  • You engage in fraudulent or illegal activity
  • Continued provision would cause legal or security risks

12.4 Effect of Termination

Upon termination:

  • Your access to Services immediately ceases
  • We may delete your Customer Data after 30 days
  • You remain liable for all outstanding fees
  • Sections that should survive termination remain in effect

13. Dispute Resolution

13.1 Governing Law

These Terms are governed by the laws of the State of Delaware, USA, without regard to conflict of law principles.

13.2 Arbitration

Any dispute arising from these Terms shall be resolved through binding arbitration in accordance with the American Arbitration Association (AAA) rules. Arbitration shall be conducted in English in Delaware.

13.3 Class Action Waiver

You agree to resolve disputes individually and waive the right to participate in class actions, class arbitrations, or representative actions.

14. Modifications to Terms

We may modify these Terms at any time. Material changes will be notified via email or prominent notice in the Services at least 30 days before the effective date. Continued use after changes constitutes acceptance.

15. General Provisions

  • Entire Agreement: These Terms constitute the entire agreement between you and TauGuard
  • Severability: If any provision is unenforceable, the remaining provisions remain in effect
  • Waiver: Failure to enforce a right does not waive that right
  • Assignment: You may not assign these Terms without our consent. We may assign freely
  • Force Majeure: We are not liable for delays due to circumstances beyond our control
  • Export Compliance: You must comply with all export laws and regulations
  • Government Use: Our Services are "commercial items" as defined in FAR 2.101

Security Practices

Security is fundamental to TauGuard's mission. As an AI safety platform, we implement comprehensive security measures to protect your data and ensure the integrity of our services.

SOC 2 Type II Certified

TauGuard maintains SOC 2 Type II certification, demonstrating our commitment to the highest security standards for availability, confidentiality, and processing integrity.

1. Infrastructure Security

1.1 Cloud Infrastructure

  • Hosting: Enterprise-grade cloud infrastructure with tier-IV data centers
  • Redundancy: Multi-region deployment with automatic failover
  • DDoS Protection: Advanced DDoS mitigation and traffic filtering
  • Network Segmentation: Isolated network zones for different service components
  • Firewall Protection: Multi-layer firewall architecture with intrusion detection

1.2 Physical Security

  • 24/7 surveillance and access control at data centers
  • Biometric authentication for physical access
  • Environmental controls (temperature, humidity, fire suppression)
  • Redundant power systems with backup generators

2. Data Security

2.1 Encryption

Data State Encryption Method Standard
Data in Transit TLS 1.3 Perfect forward secrecy, 256-bit encryption
Data at Rest AES-256 Military-grade encryption
Database Encryption Transparent Data Encryption (TDE) Database-level encryption
Backup Encryption AES-256 Encrypted backups stored separately
Key Management Hardware Security Modules (HSM) FIPS 140-2 Level 3 certified

2.2 Data Isolation

  • Multi-Tenancy: Logical data isolation between customers
  • Database Segregation: Separate database instances for enterprise customers
  • Access Controls: Strict role-based access control (RBAC)
  • Data Residency: Options for geographic data storage requirements

2.3 Backup and Recovery

  • Automated daily backups with 30-day retention
  • Point-in-time recovery capabilities
  • Geo-redundant backup storage
  • Regular disaster recovery testing (quarterly)
  • Recovery Time Objective (RTO): 4 hours
  • Recovery Point Objective (RPO): 1 hour

3. Application Security

3.1 Secure Development

  • Security by Design: Security considered at every development stage
  • Code Review: Mandatory peer review for all code changes
  • Static Analysis: Automated security scanning of source code
  • Dependency Scanning: Regular audits of third-party dependencies
  • Penetration Testing: Annual third-party security assessments

3.2 API Security

  • Authentication: OAuth 2.0, API keys with rotation policies
  • Authorization: Fine-grained permission controls
  • Rate Limiting: Protection against abuse and DoS attacks
  • Input Validation: Strict validation of all API inputs
  • Output Encoding: Prevention of injection attacks

3.3 Authentication & Access

  • Multi-Factor Authentication (MFA): Required for all users, TOTP-based
  • Single Sign-On (SSO): SAML 2.0 and OAuth 2.0 support
  • Password Policy: Minimum 12 characters, complexity requirements
  • Session Management: Secure tokens, automatic timeout after 12 hours
  • IP Allowlisting: Optional IP-based access restrictions

4. Security Monitoring

4.1 Continuous Monitoring

  • 24/7 SOC: Security Operations Center monitoring all systems
  • SIEM: Security Information and Event Management system
  • Intrusion Detection: Real-time threat detection and alerting
  • Log Analysis: Centralized logging with anomaly detection
  • Vulnerability Scanning: Weekly automated security scans

4.2 Incident Response

Severity Response Time Actions
Critical < 15 minutes Immediate escalation, incident commander assigned
High < 1 hour Security team engaged, investigation initiated
Medium < 4 hours Ticketed and assigned to security analyst
Low < 24 hours Logged and reviewed during business hours

Incident Communication: Customers are notified of security incidents affecting their data within 72 hours of discovery, per GDPR requirements.

5. Compliance and Certifications

5.1 Current Certifications

  • SOC 2 Type II: Audited annually for security, availability, confidentiality
  • GDPR Compliant: Full compliance with EU data protection regulations
  • CCPA Compliant: California Consumer Privacy Act compliance
  • ISO 27001: Information Security Management System (in progress)
  • HIPAA: Business Associate Agreement (BAA) available for healthcare customers

5.2 Security Frameworks

  • NIST Cybersecurity Framework
  • OWASP Top 10 protection
  • CIS Controls implementation
  • Cloud Security Alliance (CSA) guidelines

6. Personnel Security

  • Background Checks: All employees undergo comprehensive background screening
  • Security Training: Mandatory annual security awareness training
  • Access Reviews: Quarterly review of employee access rights
  • Confidentiality Agreements: All personnel sign NDAs and security agreements
  • Separation Procedures: Immediate access revocation upon termination

7. Vendor Security

We carefully vet all third-party vendors and service providers:

  • Due Diligence: Security assessment before vendor onboarding
  • Contracts: Data processing agreements with all vendors
  • Monitoring: Regular review of vendor security posture
  • Subprocessor List: Maintained and updated quarterly (available upon request)

8. Customer Security Controls

Features available to help you secure your data:

  • Multi-Factor Authentication: Enforce MFA for your organization
  • SSO Integration: Connect with your identity provider
  • Role-Based Access: Define custom roles and permissions
  • Audit Logs: Complete activity logs for compliance
  • IP Restrictions: Limit access by IP address or range
  • API Key Management: Create, rotate, and revoke API keys
  • Data Export: Download your data anytime
  • Data Deletion: Request complete data removal

9. Security Best Practices

We recommend customers follow these security practices:

Recommended Security Measures
  • Enable multi-factor authentication (MFA) for all users
  • Use strong, unique passwords (minimum 12 characters)
  • Rotate API keys every 90 days
  • Review user access permissions quarterly
  • Monitor audit logs for suspicious activity
  • Implement IP allowlisting when possible
  • Use encrypted connections (HTTPS) for all API calls
  • Don't share credentials or API keys
  • Report security concerns immediately

10. Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities:

  • Report To: security@tauguard.xyz
  • Response Time: Acknowledgment within 24 hours
  • Bug Bounty: Rewards for valid, responsible disclosures
  • Safe Harbor: We will not pursue legal action against researchers who follow our disclosure policy
Responsible Disclosure Guidelines
  • Provide detailed vulnerability information
  • Do not access or modify customer data
  • Do not publicly disclose until we've addressed the issue
  • Do not perform destructive testing
  • Act in good faith to avoid privacy violations

11. Security Updates

We continuously update our security practices:

  • Patch Management: Critical patches applied within 24 hours
  • Security Updates: Regular updates to security controls
  • Threat Intelligence: Active monitoring of emerging threats
  • Security Roadmap: Ongoing investment in security improvements

Questions About Our Legal Policies?

Our legal and compliance team is here to help. Contact us for clarifications, data processing agreements, or compliance documentation.

Legal Inquiries
Contact Us