Privacy Policy

InfFyn is a financial-controller tool for AI inference spend. This policy explains what we collect when you run an audit, how we process AI usage logs and revenue inputs, and the controls we apply to keep that data isolated from other customers.

This is an early-stage policy maintained by InfFyn, Inc. It will be revised before general availability.

To run an audit and operate your account we collect:

• AI usage logs you upload by CSV or that we read via a read-only API connection — model name, token counts, request counts, timestamps, and the cost figures reported by your provider.
• Revenue data you optionally provide for the Detailed Audit — total revenue and, if you enter them, per-model revenue weightings.
• Account data — name, work email, company, and authentication identifiers (email/password or Google OAuth subject).
• Product telemetry — page views, audit run events, and error reports needed to operate and improve the service.

We do not collect, request, or store the contents of your prompts or model completions. InfFyn computes on usage metadata only.

For the Free Spend Audit, uploaded CSVs are processed in memory by our audit engine and are not stored permanently. The derived per-model summary (spend per 1M tokens, totals, and the single headline finding) is what gets returned to your browser and saved against your account if you sign up to reveal it.

Paid tiers retain the inputs and computed results in your account so that audits can be re-run, compared over time, and monitored for drift. You can delete those artifacts from your account at any time.

Revenue figures you enter for the Detailed Audit are used solely to attribute revenue to model usage and to compute gross profit per million tokens (GPp1M) and related segment breakdowns. We do not combine your revenue data with any other customer's data, and we do not use it to train models.

Revenue values are treated as confidential financial data and are access-controlled to the InfFyn personnel and infrastructure required to deliver the service.

InfFyn relies on a small number of vetted subprocessors:

• Authentication & database — our managed backend provider stores account records and audit artifacts.
• Audit engine hosting — runs the parsing and margin-attribution logic that produces your audit results.
• Payments — when paid plans are enabled, payments are processed by Stripe. InfFyn does not store credit card numbers, CVCs, or full bank account details; Stripe handles those directly under its own PCI-DSS controls.
• Email & support — transactional email and support correspondence may be handled by third-party providers under standard data-processing terms.

InfFyn is built to an "Automated Financial Controller" standard: the system treats your usage and revenue data the way an internal finance team would treat a general ledger extract.

• Audit data is access-controlled per account; cross-tenant access is denied by default.
• Detailed audits are tagged by customer "camp" — Camp 1 (AI used in your product, revenue-attributed) and Camp 2 (internal / operational, cost-only). These data sets are processed and stored in isolation so that profit metrics are never computed from Camp 2 inputs and Camp 1 revenue values are never blended into Camp 2 reports.
• Read-only provider connections use the minimum scopes required to read usage and billing exports.
• Data is encrypted in transit (TLS) and at rest using our managed backend's standard encryption.

Free-tier uploads are discarded after processing. Paid-tier audit inputs and results are retained for the life of your account and deleted on request or on account termination, subject to short backup-retention windows.

You can request access, correction, export, or deletion of the personal data we hold about you by emailing the address below. We respond to verified requests within a reasonable timeframe.

Questions about this policy or about how InfFyn handles your data: privacy@inffyn.example.