Privacy
SoterAI ("we," "us," or "our") provides AI security software including prompt injection detection, data-loss prevention, content moderation, red-team analysis, and workflow integration tools. This Privacy Policy describes how we collect, use, store, and protect information when you use the SoterAI platform, APIs, dashboard, marketplace integrations, and related services (collectively, the "Service").
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.
We collect the following categories of information:
SoterAI processes text content (prompts, AI outputs) server-side for security analysis. Raw text is processed in-memory and is not persisted to long-term storage.
Threat detection summaries (risk scores, categories, timestamps, actions taken) are stored for audit and dashboard display. These summaries are derived from the analysis but do not contain the original raw text.
Where content redaction is applied, only redacted versions, hashes, truncated previews, or structured findings are retained. The original unredacted content is discarded after processing.
SoterAI maintains audit logs for security events, policy enforcement actions, and administrative changes. These logs include:
Audit logs are retained according to the data retention schedule described in Section 8. Logs do not contain the raw text content of scanned prompts or AI outputs.
API keys are stored in encrypted form and cannot be retrieved after creation. You are shown the full key value only once at the time of generation. If a key is lost, it must be revoked and a new key created.
Raw API keys, SCIM tokens, SAML secrets, integration tokens, and detected secrets from content scanning are not stored in plaintext. Authentication credentials are protected using industry-standard hashing and encryption methods.
We use the information we collect for the following purposes:
We do not sell personal information to third parties. We do not use customer content to train machine learning models without explicit opt-in consent.
We implement technical and organizational measures to protect the information we process, including:
While we take reasonable measures to protect your data, no system is completely secure. We encourage responsible disclosure of any security vulnerabilities to security@soterai.dev.
We retain data according to the following guidelines:
You may request deletion of your account and associated data by contacting support@soterai.dev.
SoterAI provides integration nodes and connectors for workflow automation platforms including n8n, Zapier, Make, Dify, and Botpress.
Platform integration nodes (n8n, Zapier, Make, Dify, Botpress) are stateless connectors that do not store user data locally. These connectors transmit data to SoterAI's API for processing and return results to the calling platform. Data handling on third-party platforms is governed by those platforms' respective privacy policies.
We recommend reviewing the privacy policies of any third-party platforms you connect to SoterAI to understand how they handle data that passes through their systems.
The SoterAI dashboard may use the following types of cookies and similar technologies:
The SoterAI API does not set cookies. API interactions are authenticated solely via API keys transmitted in request headers.
Depending on your jurisdiction, you may have the following rights regarding your personal information:
To exercise any of these rights, please contact us at support@soterai.dev. We will respond to requests within 30 days.
SoterAI is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child under 18, please contact us at support@soterai.dev and we will promptly delete such information.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by posting the updated policy on our website and updating the "Last Updated" date below. For significant changes, we may also notify you via email or through an in-dashboard notification.
Your continued use of the Service after the effective date of a revised Privacy Policy constitutes acceptance of the updated terms.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
This Privacy Policy was last updated on June 2026.