Skip to main content

Privacy Policy

Last updated May 8, 2026

This Privacy Policy (“Policy”) describes how EcoHash Technology LLC (“EcoHash,” “we,” “us,” or “our”) handles personal data when you use our public website, developer console, documentation site, OpenAI-compatible inference and related APIs, dedicated model endpoints, GPU instance and cluster services, the EcoHash model marketplace (including community-published models), and any support or professional services we provide in connection with those offerings (collectively, the “Services”).

1. Personal Data We Refer to

“Personal Data” means information that identifies or can reasonably be linked to an identifiable person or, where applicable, a household. It can include account identifiers, contact details, billing and usage records, and content you send through the Services to the extent that such content identifies or can reasonably be linked to an identifiable person, such as prompts, uploaded files, and outputs returned to you.

2. What We Collect

Depending on how you use the Services, we may collect or receive:

  • Account and contact data — e.g. name, email, company, billing country, and credentials for the EcoHash console.
  • Service and API data — e.g. API keys (stored securely as credentials) or other credentials associated with your account, request metadata, model parameters, and to the extent they contain Personal Data as defined in Section 1, prompts and outputs; logs and diagnostics needed to operate, secure, bill for, troubleshoot, monitor, and prevent abuse of the Services.
  • GPU and workspace data — operational metadata about your jobs (e.g. resource usage, runtime, error logs), and content you upload to GPU instances or cluster environments only to the extent it contains Personal Data as defined in Section 1 and is necessary for provisioning, support, and abuse prevention. Data and artifacts you store on GPU instances remain under your control as described in our Terms of Service.
  • Device and technical data — e.g. IP address, user agent, approximate location derived from network data, and cookies or similar technologies on our website and console. See our Cookie Policy for details on what is set on this website and how you can control it.
  • Payment data — when you pay us, a third-party payment processor typically collects card or other payment information. We do not store full card numbers; we may retain status, last four digits, and transaction records as required for accounting, tax, compliance, fraud prevention, and disputes.
  • Data from third parties — e.g. from analytics, security, compliance, identity verification, sanctions screening, or anti-fraud vendors, or information you authorize an identity or SSO provider to pass to us.
  • Community marketplace data — if you publish a model or other material to the EcoHash marketplace, the information you choose to make public (such as model name, description, tags, category, and publisher identifier) is visible to other users of the Services and may be cached, indexed, or downloaded by third parties; we cannot retract or recall such information once it has been distributed.

3. How We Use Personal Data

We use Personal Data to:

  • Provide, monitor, and improve the Services, including capacity planning, reliability, and support.
  • Authenticate users, process transactions, and enforce our agreements and acceptable use policies.
  • Communicate with you about the Services, security, and, where allowed, product updates; you can opt out of non-essential marketing where applicable.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with law, and establish, exercise, or defend legal claims.
  • Analyze usage in aggregate or de-identified form to understand how the Services are used.

Model training. We do not use your prompts, files, datasets, code, checkpoints, and configuration (“Customer Content”), or API outputs, including text, images, audio, video, or other responses (“Output”) to train any models, EcoHash’s own or third parties’, unless you expressly opt in through a documented mechanism EcoHash may make available, or you separately agree in writing. Where you route requests through the Services to a third-party model provider, that provider’s own data-use practices apply to the data sent to them, and you are responsible for reviewing the applicable provider terms and notices.

Legal bases (EU/UK/Swiss residents). Where the GDPR or equivalent law applies, we rely on the following legal bases:

  • Performance of a contract — to provide the Services, authenticate your account, and process billing.
  • Legitimate interests — to secure the Services, prevent fraud and abuse, improve reliability, and analyze usage in aggregate. We balance these against your rights and freedoms.
  • Legal obligation — to comply with tax, accounting, export-control, and law enforcement obligations.
  • Consent — for non-essential cookies, certain marketing communications, and any use of your Customer Content or Output to train any models, EcoHash’s own or third parties’. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Vital interests — in rare cases, to protect the life or safety of a person.

Sensitive Personal Information (California residents). The CPRA classifies certain categories of data as “Sensitive Personal Information” (SPI). EcoHash may collect or receive the following SPI in limited circumstances, such as account log-in credentials, and, depending on what you choose to submit to the Services, sensitive details included in Customer Content. We do not knowingly seek to collect government-issued identifiers, precise geolocation, biometric identifiers, or information about a consumer’s health, sex life, racial or ethnic origin, religious beliefs, or union membership outside of what you voluntarily submit. We use SPI only to provide and secure the Services and as otherwise allowed by CPRA § 7027, and not for purposes of inferring characteristics about consumers other than as necessary for fraud prevention, security, abuse detection, and compliance. California residents may request that we limit the use of SPI as described in Section 10.

4. Sharing and Disclosure

We may share Personal Data with:

  • contractors and service providers who host, secure, or operate the Services (e.g. cloud, payment, email, and analytics) under contract and as needed to perform services for us or on our behalf.
  • our parent, affiliates, and subsidiaries for the operation of the Services, shared corporate functions (for example, security, finance, legal, compliance, audit, and internal reporting), and as otherwise described in this Policy.
  • advisors, auditors, and parties in a merger, acquisition, financing, sale of assets, or similar corporate transaction, subject to standard confidentiality and data safeguards where appropriate.
  • law enforcement, regulators, or others when required by law, to respond to legal process, enforce our agreements, prevent fraud or abuse, comply with sanctions, export-control, or other compliance obligations, or to protect the rights, safety, or integrity of our users, the public, or EcoHash.
  • other parties with your direction or consent.

Where we receive a lawful request for data about you, we will notify you when we are not legally prohibited from doing so and when notice would not undermine an investigation, create a security, fraud, abuse, legal, or operational risk, or be impracticable, consistent with our obligations.

5. Retention

We keep Personal Data only as long as needed for the purposes above, to comply with law (e.g. tax / audit retention), and to resolve disputes. Specific defaults are below; we may extend an item if a longer period is required for security, abuse prevention, or legal reasons. Actual retention periods may vary depending on your account settings, the applicable Service, product configuration, legal requirements, and whether the data is contained in backups, logs, or archived records.

  • Account profile and credentials — for the life of the account plus 30 days after deletion, then erased except for records required by law.
  • Billing and tax records — generally up to 7 years after the transaction, or longer if required under applicable tax, accounting, audit, or legal requirements.
  • Inference API request and response logs — operational logs (without prompt / response bodies) are generally retained for up to 90 days; full request or response bodies are generally retained for up to 30 days, except for limited records or samples retained for abuse investigations, security incidents, dispute resolution, legal holds, or compliance purposes.
  • GPU instance / cluster artifacts — under your control; retained while the resource exists. After termination, persistent volumes follow the storage retention you have configured (default: deleted with the resource).
  • Fine-tune datasets and adapters — retained for the life of the parent fine-tune job and any model instance that mounts the resulting adapter, then generally for up to 30 days after the parent is deleted.
  • Security and abuse-prevention logs — generally retained for up to 13 months.
  • Marketing contact data — until you unsubscribe or after two years of inactivity, whichever is sooner.

6. International Transfers

Personal Data is processed in EcoHash’s owned or contracted U.S. data center facilities. Limited Personal Data may also be processed by service providers, affiliates, or corporate support functions as needed to provide, secure, support, bill for, and administer the Services, subject to appropriate safeguards. For example, limited Personal Data may be accessed or processed outside the United States for corporate support functions such as security, finance, legal, compliance, audit, and internal reporting, subject to appropriate safeguards.

7. Security

We implement administrative, technical, and organizational measures designed to protect Personal Data, including encryption in transit (TLS 1.3 or higher) for connections to our APIs and console, role-based access controls for internal systems, and logging for security monitoring. No system is 100% secure; please use strong credentials, rotate API keys regularly, and keep credentials confidential. If you believe a security incident has occurred, notify us promptly at info@ecohash.com.

If we determine that a security incident has resulted in unauthorized access to or disclosure of Personal Data, we will notify affected customers and regulators as required by applicable law. Where we process Personal Data on behalf of an enterprise customer and a security incident is subject to contractual or legal processor-notification obligations, we will notify that customer within seventy-two (72) hours after becoming aware of the incident and provide information reasonably available to us to help the customer meet its own legal obligations. State-law breach notifications (including under the California, New York, and other U.S. state breach-notification statutes) will be issued within the timelines those laws require.

8. Data Access, Deletion, and Product-Specific Options

The table below summarizes how you can manage certain categories of data. Features may change as we ship updates; when in doubt, use the contact at the end of this Policy.

AreaTypical dataAccess / controls
Inference API and model endpointsPrompts, API responses, request metadata, billing and usageConsole and API key management; deletion or export requests via info@ecohash.com (include “Data request” in the subject).
GPU instance and cluster servicesYour datasets, code, and artifacts on provided computeData remains under your control; contact us to terminate or wipe environments as required. You may also email info@ecohash.com.
Website and marketingCookies, device identifiers, analyticsBrowser cookie and storage controls; consent banner where we deploy non-essential cookies; see our Cookie Policy for the current list and choices.

9. Children’s Privacy

The Services are not intended for, and may not be used by, anyone under 18. We do not knowingly collect Personal Data from anyone under 18. If you believe we have, contact us and we will take appropriate steps to delete the information as required by applicable law.

10. Data Processing Addendum (DPA)

Enterprise customers, and other customers where required by applicable data protection law, may request EcoHash’s standard Data Processing Addendum when EcoHash processes Personal Data on their behalf. To request the DPA, email info@ecohash.com with the subject line “DPA request.”

11. Your Rights

Depending on where you live and applicable law, you may have the following rights in relation to your Personal Data. You can exercise them by contacting us at the address in Section 13.

  • Access — request a copy of the Personal Data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — ask us to delete Personal Data, subject to our legal and contractual obligations.
  • Portability — receive Personal Data you provided in a commonly used, machine-readable format, where applicable.
  • Restriction and objection — restrict or object to certain processing, including direct marketing and, in certain cases, processing based on legitimate interests.
  • Withdraw consent — where we rely on your consent, withdraw it at any time without affecting lawful processing already carried out.
  • Automated decisions — request human review of decisions made solely by automated means that have legal or similarly significant effects on you, where this right applies under applicable law. EcoHash itself does not typically make automated decisions with legal or similarly significant effects on individuals; this right applies primarily to decisions made by our customers or end users using the Services.
  • U.S. state privacy rights — depending on your state of residence, you may have additional rights under state privacy laws (including in California, Colorado, Connecticut, Delaware, Texas, Utah, Virginia, and other states with comprehensive privacy laws). These rights generally include the right to know, access, correct, delete, and opt out of certain types of processing. We do not sell or share Personal Data for monetary or other valuable consideration as those terms are defined under applicable U.S. state privacy law. To exercise these rights, contact us at info@ecohash.com. If we deny your privacy rights request, you may appeal that decision by emailing info@ecohash.com with the subject line “Privacy Appeal.” We will respond within the timeframes required by applicable state law.
  • Complain — lodge a complaint with your local data protection or consumer-protection authority.

12. Third-party Sites and Models

The Services may link to, or let you invoke, third-party websites, models, or repositories we do not operate. This Policy does not cover those offerings. Review their terms and privacy practices before you share data with them.

13. Changes to this Policy

We may update this Policy from time to time. We will post the new version and revise the “Last updated” date. If we make material changes that reduce your privacy protections, we will use reasonable efforts to provide notice through the Services, the console, email, or other reasonable means before the change takes effect, where required by law or otherwise appropriate.

14. How to Contact Us

Questions about this Policy, or requests about your Personal Data, should be sent to info@ecohash.com (please include “Data request” in the subject line) or via the Contact page. For sales inquiries, use sales@ecohash.com.