Privacy Policy

01 Information We Collect

Account & Workspace Data

When you register, we collect your name, email address, password (hashed — never stored in plaintext), and your workspace name. If you invite team members, we store their email addresses.

AI Log Metadata

Protolap is a metadata-only platform. We store the operational data your application sends at ingest time, including:

• AI provider and model identifiers (e.g., anthropic, claude-sonnet-4-6)
• Token counts, latency, cost estimates, and status codes
• Optional fields your app chooses to send: user ID, session ID, topic, objective, and custom fields
• Timestamps of each event

We never store prompt text, completion text, images, embeddings, or any other AI payload content.

Usage & Technical Data

We collect standard server logs, including IP addresses, browser type, referring URLs, and pages visited on protolap.com. This data is used solely for security monitoring and service improvement.

02 How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Protolap service
• Authenticate users and maintain session security
• Generate the analytics, dashboards, and alerts you request
• Send transactional emails (e.g., password resets, billing receipts)
• Respond to support requests
• Detect and prevent fraud and abuse
• Comply with legal obligations

We do not sell your data, and we do not use your AI log metadata to train machine learning models.

03 Data Sharing

We share data only in the following limited circumstances:

• Service providers. We use Cloudflare for infrastructure (compute, storage, and CDN). Cloudflare processes data on our behalf under a data processing agreement.
• Legal requirements. We may disclose data if required by law, court order, or to protect the rights, property, or safety of Protolap, our users, or others.
• Business transfers. If Protolap is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.

We do not share, sell, rent, or trade your personal data with third parties for marketing purposes.

04 Data Retention

We retain your account data for as long as your account is active or as needed to provide services. AI log events are retained according to your workspace plan. You may request deletion of your workspace and all associated data at any time by contacting privacy@protolap.com.

After account deletion, we may retain anonymised, aggregated data that cannot be linked back to you for internal analytics and service improvement.

05 Security

We implement industry-standard security measures to protect your data:

• All data is transmitted over TLS (HTTPS)
• Passwords are hashed using bcrypt before storage
• TOTP-based two-factor authentication is required at account creation
• Ingest API keys are hashed (SHA-256) — we never store the raw key
• Sessions are stored in an encrypted KV store

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us at security@protolap.com.

06 Cookies & Tracking

We use a single session cookie to keep you logged in to the Protolap dashboard. This cookie is strictly necessary for the service to function and does not track you across other websites.

We do not use advertising cookies, third-party analytics trackers, or fingerprinting technologies on our platform.

07 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access. Request a copy of the personal data we hold about you.
• Correction. Request that we correct inaccurate or incomplete data.
• Deletion. Request that we delete your personal data.
• Portability. Request your data in a machine-readable format.
• Objection. Object to certain types of processing.

To exercise any of these rights, email privacy@protolap.com. We will respond within 30 days.

08 Children’s Privacy

Protolap is a B2B platform intended for use by organisations and their adult employees. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

09 International Transfers

Protolap infrastructure runs on Cloudflare, which operates globally. By using our service, you acknowledge that your data may be processed and stored in data centres outside your country of residence. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) to ensure your data is protected.

10 Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, for material changes, notify workspace owners by email. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

11 Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy, please contact us:

• Email: support@protolap.com

Also see our Terms of Service.