Privacy Policy

This policy applies to personal data processed by Sylica AI in connection with account, website, API, billing, and support workflows.

• Personal data means information relating to an identified or identifiable natural person.
• Customer Content means prompts, inputs, outputs, files, and related payloads sent through customer requests.
• Account Data means profile, organization, authentication, and billing identity records.
• Usage Data means telemetry used for reliability, abuse prevention, and billing transparency.

• Data you provide directly, including account registration fields, support messages, and billing contacts.
• Data generated by platform use, including request identifiers, model selections, token counts, and runtime diagnostics.
• Data from payment processors and financial partners, including payment method status and invoice metadata.
• Data from security systems, including authentication events, key lifecycle logs, and abuse-detection signals.

• Provision of API, dashboard, billing, and account administration services.
• Security, fraud prevention, abuse mitigation, and operational incident response.
• Service measurement, reliability analytics, and customer support handling.
• Compliance with legal obligations including accounting, tax, sanctions, and law-enforcement response.

Depending on jurisdiction, Sylica relies on one or more of the following legal bases: performance of contract, legitimate interests, legal obligation, and consent where required by law.

• Customer Content is processed to fulfill customer API requests and associated reliability or support tasks.
• Content routing may involve third-party model providers selected by customer settings and model choices.
• Organizations remain responsible for lawful input collection and downstream use of generated outputs.
• Customers should avoid sending regulated or high-risk personal data unless contractually authorized controls are in place.

• Account and billing records are retained for contractual and statutory accounting periods.
• Operational logs are retained according to service reliability and security needs, then minimized or removed.
• Support tickets and communications are retained for continuity and auditability, then archived or deleted.
• Retention windows are reviewed periodically and may be adjusted for legal hold, dispute resolution, or abuse investigation.

Sylica uses vetted subprocessors for infrastructure and payment operations. Personal data may be processed in multiple regions consistent with contractual and legal safeguards. Subprocessor details are published at /compliance/subprocessors.

Transfer mechanisms may include standard contractual clauses and supplementary security controls where required.

• Access, correction, deletion, restriction, portability, and objection rights may be available based on local law.
• Verified requests are reviewed by authorized personnel and may require identity confirmation.
• Where Sylica acts as processor, request execution may be coordinated with the relevant customer controller.
• Users may appeal denied requests where local law provides an appeal mechanism.

Requests can be submitted via privacy@sylicaai.com.

Sylica applies technical and organizational controls designed to protect personal data, including access restrictions, encryption, monitoring, and incident response procedures.

Services are not directed to children under applicable minimum age laws. Customers should not intentionally submit highly sensitive categories of personal data unless explicitly supported under executed contractual terms.

This policy may be updated to reflect legal, operational, or product changes. Material updates will be reflected by the published revision date.

Privacy questions or notices: privacy@sylicaai.com