Privacy Policy

1. Introduction

AKRUM, Inc. ("AKRUM," "we," "us," or "our") provides cryptographic infrastructure and AI-powered API products built on a patented Cellular Automata entropy engine. This Privacy Policy explains what information we collect, how we use it, and the rights you have over that information. By using akrum.io or any AKRUM service, you agree to the practices described here. If you do not agree, please do not use our services.

2. Our Core Privacy Commitment

AKRUM is engineered around the principle that we should collect, retain, and process the absolute minimum amount of personal data necessary to deliver our services. Wherever it is technically feasible, we use zero-knowledge and end-to-end encryption architectures so that the content you protect with AKRUM remains unreadable by us. Encrypted files stored in your AKRUM Vault are encrypted client-side with keys we cannot recover. We cannot read, scan, index, or share the contents of files you encrypt with AKRUM.

3. Information We Collect

We collect the following categories of information, and only when there is a clear product or legal reason to do so:

Account Information. When you create an account, we collect your name, email address, and (optionally) your company affiliation and job title. If you authenticate through a third-party identity provider (Google, GitHub, etc.), we receive only the basic profile information that provider returns.

Billing Information. When you subscribe to a paid plan, our payment processor (Stripe) collects and stores your payment details. AKRUM does not see or store full credit card numbers. We retain only the limited transaction metadata Stripe returns to us, such as plan, status, and last four digits.

Service Usage Metadata. We collect operational metadata that allows our service to function: API call counts, request timestamps, error codes, file sizes (not contents), and similar telemetry. This data is used to enforce rate limits, prevent abuse, debug issues, and improve the product.

Communications. If you contact our support, sales, or legal teams, we retain the messages and any attachments you send so we can respond and maintain a record.

Cookies and Similar Technologies. We use a minimal set of cookies to support authentication, session management, and basic analytics. We do not use advertising cookies, cross-site tracking pixels, or third-party behavioral profiling.

4. Information We Do Not Collect

To make our position unambiguous:

• We do not read, decrypt, scan, index, or share the contents of files you encrypt or store with AKRUM.
• We do not sell personal information to anyone, ever, under any circumstances.
• We do not share personal information with advertisers or data brokers.
• We do not build behavioral profiles of you for marketing purposes.
• We do not use your customer data, encrypted content, or API request payloads to train AI models — ours or anyone else's.

5. How We Use the Information We Do Collect

We use the limited information we collect to (a) provide and operate our services, (b) authenticate your access and protect your account, (c) process payments and manage subscriptions, (d) respond to your support requests, (e) detect and prevent fraud, abuse, and security incidents, (f) comply with legal obligations, and (g) communicate operational matters such as security advisories or service updates. We send marketing email only if you have affirmatively opted in, and every marketing email contains an unsubscribe link.

6. Service Providers and Subprocessors

We rely on a small number of vetted service providers to operate AKRUM. Each is contractually bound to confidentiality and to data protection obligations consistent with this Policy. Current subprocessors include our cloud hosting and database provider (Supabase / cloud infrastructure), our payment processor (Stripe), our transactional email provider (Resend), and standard infrastructure providers for DNS, monitoring, and error reporting. A current list of subprocessors is available on request to privacy@akrum.io.

7. International Data Transfers

AKRUM is operated from the United States, and information we collect may be processed in the United States or in other jurisdictions where our subprocessors operate. Where required by law (for example, transfers from the EU, UK, or Switzerland), we rely on Standard Contractual Clauses or equivalent transfer mechanisms.

8. Data Retention

We retain personal information only for as long as necessary to provide the service, comply with our legal obligations, resolve disputes, and enforce our agreements. Account and billing records are typically retained for the life of the account and for a reasonable period thereafter to satisfy tax and audit requirements. Operational telemetry is retained in identifiable form for a limited window — typically 90 days — and may be retained in aggregated, non-identifiable form for longer.

9. Your Rights

Depending on your jurisdiction, you may have one or more of the following rights regarding your personal information: the right to access the information we hold about you, the right to correct inaccuracies, the right to delete your information (subject to legal exceptions), the right to restrict or object to certain processing, the right to data portability, and the right to withdraw consent for processing that depends on your consent. Residents of California, the European Economic Area, the United Kingdom, and certain other jurisdictions have specific rights granted by their local laws (including the CCPA and GDPR). To exercise any of these rights, contact privacy@akrum.io. We will respond within the timeframes required by applicable law.

10. Security

We employ industry-recognized administrative, technical, and physical safeguards designed to protect personal information against loss, theft, unauthorized access, and misuse. Specific measures include client-side encryption of customer files, encryption of data in transit (TLS 1.3) and at rest (AES-256-GCM), role-based access controls, audit logging, multi-factor authentication for AKRUM employees, secrets management through audited vault systems, and regular third-party security reviews. For more detail on our security architecture, see /security. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security, but we work continuously to improve our posture.

11. Children

AKRUM is a developer and enterprise infrastructure product not directed to children. We do not knowingly collect personal information from anyone under 16 years of age. If you believe a child has provided us personal information, please contact privacy@akrum.io and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of the page and, for material changes, we will provide a more prominent notice (for example, an email to account holders or an in-product banner) before the change takes effect.

13. Contact Us

Questions about this Privacy Policy, or requests to exercise your rights, should be directed to:

AKRUM, Inc.
Attn: Privacy
privacy@akrum.io