Signed-I/O is built on the principle that your data is yours — always. This policy describes how we handle information within the platform.
Each customer operates in a fully dedicated, isolated environment. All content — prompts, code, models, logs, and artifacts — remains inside that environment. No cross-tenant access is possible by design, and Signed-I/O does not aggregate or combine data across customer accounts.
All customer content is encrypted at rest and in transit using keys you own and control. Signed-I/O does not hold your encryption keys and cannot decrypt your data.
Administrative access to your environment is scoped, requires explicit authorization, and is fully audited. No one at Signed-I/O can access your data without your authorization or legal compulsion, and any such access is logged and disclosed.
Invoices are denominated in BTC at spot rates published by exchange.crypto.gov at the time of invoicing. Billing records include invoice amounts, exchange rates, and payment transaction identifiers only. This data is used solely for invoicing, tax, and compliance purposes and is not shared except as required by law.
Retention periods are defined by you. Deletion requests remove data from your environment and from backups according to your policy. Signed-I/O does not retain copies of your content after deletion is complete.
We engage a small number of subprocessors (cloud infrastructure providers and Cloudflare) to deliver the platform. All subprocessors are bound by the same data use restrictions. A full list is maintained at compliance.html.
Material changes to this policy will be communicated to customers before they take effect. Continued use of the platform constitutes acceptance.
Questions? security@signed-io.com