Privacy Policy

Effective Date: January 24, 2026

Version: 2.0 (Global Audit Standard)

1. Introduction

Welcome to the AAU Global Telemetry Network (hereinafter referred to as "AAU", "we", or "the Platform"). AAU is committed to providing decentralized AI model auditing and compliance testing services to enterprises, research institutions, and developers worldwide. Given the global nature of our business—routing data across multiple jurisdictions (including but not limited to the EU, United States, Singapore, Japan, etc.)—we place the highest priority on your data privacy and security. This Privacy Policy aims to comprehensively explain how we collect, use, store, and transfer your information across borders. By using AAU's services, you acknowledge and agree to the data processing practices described in this policy.

2. Categories of Information We Collect

To provide high-precision telemetry services, we need to collect the following categories of data:

2.1 Account and Identity Information (Account Data)

  • Registration Information: Including your email address, organization name, username, and encrypted password credentials.
  • Billing Information: If you use paid services, we process your payments through third-party payment gateways (such as Stripe). AAU does not directly store your complete credit card numbers.

2.2 Audit Payload Data (Audit Payloads)

This refers to the input prompts you send through AAU nodes to target AI models (such as GPT-4, Claude, etc.) and the generated content returned by the models.

  • Processing Principle: AAU treats this data as your core asset. We only process the data transiently during transmission.
  • No-Training Commitment: We strictly prohibit using your audit payload data to train or fine-tune our own models, or selling it to any third-party model providers.

2.3 Telemetry and Log Data (Telemetry & Logs)

  • Metadata: Including the IP address initiating the request, timestamps, the AAU node used (e.g., Frankfurt-Node-01), latency data, and browser/client fingerprints.
  • Purpose: This data is used solely for system stability monitoring, DDoS defense, and generating audit reports (such as proving the geographic location where tests occurred).

3. Data Usage Purpose

On a lawful and compliant basis, we use the collected data for the following purposes:

  • Service Delivery: Routing your requests through specific geographic physical nodes to bypass geo-blocking or test regional differences.
  • Compliance Generation: Generating audit reports with timestamps and geographic markers to help you prove AI model compliance.
  • Security Protection: Monitoring abnormal traffic to prevent malicious abuse of our global node network.
  • Legal Obligations: Complying with legal and regulatory requirements in the jurisdictions where we operate.

4. Cross-border Data Transfer

Key Terms

Since AAU's core service is "multi-node concurrent testing", your data will inevitably flow across borders.

4.1 Transfer Mechanism

When you select a specific test node (e.g., "Frankfurt Node"), your encrypted data will be transmitted from your location to the physical server of that node, and then forwarded to the target model provider's server.

4.2 Legal Safeguards

  • EU/EEA Users: We transfer data based on Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring that data leaving the European Economic Area still enjoys an equivalent level of protection.
  • Global Users: Regardless of where data flows, we employ uniformly high-standard encryption measures (AES-256 encryption at rest + TLS 1.3 encryption in transit) on all node servers.

5. Third-party Data Sharing

We do not share your personal data with third parties except in the following circumstances:

  • Target Model Providers: To complete testing, your prompts must be sent to the target model you specify (such as OpenAI, Anthropic, Google, etc.). Please note that this interaction is subject to the target model provider's own privacy policy.
  • Service Providers: Trusted partners who assist us in operating cloud infrastructure, databases, or payment processing.
  • Legal Compulsion: If we receive a valid court subpoena or law enforcement request, and our legal team determines it is necessary after review, we may disclose necessary log data.

6. Data Retention and Deletion

  • Account Information: Retained until you delete your account.
  • Audit Logs: To facilitate your review of test results, the system retains 90 days of historical test records by default. You can manually delete these records in the console at any time, after which the data will be permanently erased at the physical level.
  • Short-term Cache: To optimize network performance, edge nodes may cache non-sensitive data for no more than 24 hours, after which it is automatically overwritten.

7. Your Rights (GDPR/CCPA)

Regardless of where you are located, we grant you the following rights:

  • Right of Access: Request a copy of the data we hold about you.
  • Right to Rectification: Correct inaccurate information.
  • Right to be Forgotten (Right to Erasure): Request complete deletion of your account and all historical data.
  • Right to Restriction of Processing: Request that we stop processing your data during specific dispute periods.
  • Right to Data Portability: Export your data in a structured, common format (such as JSON/CSV).

8. Children's Privacy

AAU's services are intended for professional institutions and adults. We do not knowingly collect information from minors under 16 years of age. If we discover that we have inadvertently collected such information, we will delete it immediately.

9. Policy Updates

As laws and regulations change or our technical architecture is upgraded, we may revise this policy. Significant changes (such as those affecting core data processing logic) will be notified to you in advance via email or in-platform messages.

Important Disclaimer

This agreement is the English reference version. In case of ambiguity due to translation, to the extent permitted by law, the English version shall prevail. This Privacy Policy is intended to explain data processing procedures and does not constitute legal advice in an attorney-client relationship.