Privacy Policy

Effective Date: November 10, 2025

Distributed AI Systems, Inc. ("DAISI," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you visit our website at daisi.ai (the "Site"), use our services, or interact with our platform, including the DAISI Host App, Orchestrator, and Consumer SDKs/REST APIs (collectively, the "Services"). By accessing or using the Site or Services, you consent to the practices described in this policy.

We operate a decentralized AI inference platform that leverages WebGPU for browser-based machine learning tasks. Our architecture emphasizes data sovereignty, end-to-end encryption, and minimal central storage to align with the principles of distributed systems. Unlike centralized AI providers, we do not store prompts or inference outputs on central servers; processing occurs on user-hosted nodes with verifiable trust mechanisms.

If you have questions about this Privacy Policy, please contact us at privacy@daisi.ai.

1. Information We Collect

We collect information to provide, improve, and secure our Services. Our collection practices are designed to respect the decentralized nature of our platform, limiting data retention and centralization.

1.1 Personal Information

You may voluntarily provide personal information when creating an account, managing hosts, or using the Services. This includes:

• Account Details: Name, email address, username, and password (hashed for storage).
• Payment and Payout Information: For hosts earning cash payouts or consumers processing tokenized tasks, we collect billing details (e.g., bank account or payment processor info) via third-party services like Stripe. We do not store full payment credentials.
• Profile Data: Optional details like location (for network optimization) or preferences for model hosting (e.g., LLM types, max requests per minute).

1.2 Usage and Technical Data

To optimize task allocation and ensure reliability, we collect anonymized or aggregated data:

• Device and Network Information: IP address (anonymized via hashing), browser type, OS (e.g., Windows, Linux, macOS), GPU/CPU capabilities (benchmarked via WebGPU), and session IDs for orchestration.
• Service Interactions: Prompt metadata (e.g., model type requested, task duration, bidding density for auctions), heartbeat signals from hosts, and reputation scores (based on uptime, completion rates).
• Log Data: Timestamps, error reports, and referral URLs for debugging distributed workflows.

1.3 Data from Hosts and Consumers

• Hosts: When running the Host App, we collect compute benchmarks (e.g., WebGPU performance) and model availability without capturing user prompts. File shards for RAG (Retrieval-Augmented Generation) are processed locally and not transmitted centrally.
• Consumers: SDK/REST API calls include session requests (e.g., scale: cheap/fast/good; max pay: $0.01/token; architecture type). Inference results are streamed back without storage.
• No Prompt Storage: Prompts and outputs are routed directly to selected hosts via encrypted channels and are not retained by the Orchestrator or us.

1.4 Cookies and Tracking Technologies

The Site uses essential cookies for functionality (e.g., session management) and analytics cookies (via Google Analytics) for aggregated insights. You can manage preferences via browser settings. We do not use third-party trackers for targeted advertising.

2. How We Use Your Information

We use collected information solely to deliver our decentralized AI Services and maintain platform integrity:

• Service Delivery: Matching consumer requests to hosts via combinatorial double auction algorithms; routing tasks with differential privacy; enabling cash payouts for hosts.
• Performance Optimization: Benchmarking nodes for efficient load balancing; adjusting valuations in auctions based on demand (e.g., slashing for failures).
• Security and Verification: Implementing optimistic fault proofs (e.g., random challenges, interactive bisection on model DAGs) to detect discrepancies without zk-SNARKs for large models.
• Improvements and Analytics: Aggregated data informs model support expansions (e.g., Llama, Stable Diffusion) and UI enhancements (e.g., agent/tool builder).
• Communications: Sending transactional emails (e.g., payout confirmations) or optional newsletters about updates.

We do not use your data for automated decision-making that produces legal effects, except for auction-based task allocation, which is transparent and challengeable.

3. How We Share Your Information

DAISI prioritizes data minimization and decentralization. We share information only as necessary:

• Service Providers (Hosts): Anonymized task metadata (e.g., model type, not prompts) is shared with selected hosts for inference execution. End-to-end encryption ensures prompts remain private.
• Third-Party Services:
  • Payment processors (e.g., Stripe) for payouts—limited to transaction details.
  • Analytics tools (e.g., Google Analytics) for anonymized usage stats.
  • Cloud providers (e.g., Azure for Orchestrator DB) under strict data processing agreements.
• Legal Requirements: We may disclose data in response to lawful requests (e.g., subpoenas) or to protect rights, safety, or property.
• Business Transfers: In mergers or acquisitions, data may transfer to successors with notice.

We do not sell your personal information. No data is shared with advertisers or for profiling.

4. Data Security

Security is foundational to our distributed architecture:

• Encryption: All communications (e.g., gRPC/REST APIs) use TLS 1.3; session keys (SK/CK) for host-orchestrator links.
• Decentralized Processing: No central storage of sensitive data; verification via fraud proofs rather than zkML for scalability.
• Access Controls: Role-based (e.g., owner/manager for host stats); multi-factor authentication for accounts.
• Retention: Personal data retained only as needed (e.g., 7 years for financial records); usage logs deleted after 90 days unless required for disputes.
• Incident Response: In breaches, we notify affected users within 72 hours per applicable laws.

Despite these measures, no system is infallible—distributed networks reduce single points of failure.

5. Your Rights and Choices

Depending on your location (e.g., GDPR for EU users, CCPA for California residents), you have rights regarding your data:

• Access and Portability: Request a copy of your data (e.g., account details, payout history).
• Correction: Update inaccurate information via your dashboard.
• Deletion: Request removal (subject to legal retention; e.g., "right to be forgotten" where applicable).
• Opt-Out: Withdraw consent for non-essential processing (e.g., analytics cookies); unsubscribe from emails.
• Objection: Challenge automated decisions (e.g., auction allocations) via support.

To exercise rights, email privacy@daisi.ai with verification. We respond within 30 days.

6. International Data Transfers

DAISI operates globally; data may transfer to the US or other jurisdictions. We use Standard Contractual Clauses for EU transfers and ensure adequacy decisions where possible. Hosts process data locally, enhancing sovereignty.

7. Children's Privacy

Our Services are not directed at children under 13 (or 16 in some jurisdictions). We do not knowingly collect data from minors. If we discover such data, we delete it promptly. Parents/guardians can contact us for assistance.

8. Third-Party Links

The Site may link to external resources (e.g., model downloads from Hugging Face). We are not responsible for their privacy practices—review their policies.

9. Changes to This Privacy Policy

We may update this policy to reflect platform evolutions (e.g., new SDK features). Changes will be posted here with the effective date. Significant updates prompt email notice. Continued use constitutes acceptance.

10. Contact Us

For privacy concerns:

• Email: info@daisi.ai
• Address: Distributed AI Systems, Inc., [Insert Legal Address], United States