GLM-5.2, MiniMax-M3 and Kimi K2.7 are now live. Try them now
Sign Up

Privacy Policy

Last Updated: March 2026

Welcome to TensorX.ai (“we”, “us”, “our”). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our website at https://www.tensorx.ai, our API, and related services (collectively, the “Services”).

We are an Irish-registered company and are subject to the EU General Data Protection Regulation (GDPR), the Irish Data Protection Acts 1988 and 2018, and the EU ePrivacy Directive. For details on how we process personal data on behalf of our API customers (as a Processor), see our Data Processing Agreement.

1. Data Controller & Contact Information

Data Controller
TensorX Ltd.
Company Number: 796387
Unit 25, Classon House
Dundrum Business Park
Dublin 14, Ireland
Email: [email protected]

You may contact us at any time regarding this Policy or our data practices. You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC).

2. Personal Data We Collect

2.1 Website Visitors

When you visit our website, we may collect:

  • Usage & analytics data: IP address, browser type/version, pages visited, timestamps, referral URLs, operating system, device identifiers, server logs.
  • Cookie data: Essential and analytics cookies as described in our Cookie Policy.
  • Communications data: emails, feedback, support queries, correspondence you choose to provide.

2.2 Registered Users & API Customers

When you create an account or use our API, we additionally collect:

  • Identity & contact data: first name, last name, email address.
  • Authentication data: hashed password, email verification status, login timestamps, IP address of login attempts, device user agent strings, geographic location derived from login IP.
  • Account & organisational data: user identifier (UUID), team and organisation membership, role, API key metadata (name, prefix, hash), marketing email preferences.
  • Financial & usage data: wallet balance and transaction history, Stripe customer identifier, cryptocurrency deposit records, API usage metrics (token counts, model used, spend).

2.3 Inference Data (Prompts & Completions)

⚠️ TensorX operates a zero data retention architecture for inference data. Prompts and completions are processed in ephemeral enclaves and are never stored, logged, or persisted to any storage system. We do not use your inference data to train or improve any models.

We do not intentionally collect special category data (GDPR Article 9) unless you explicitly provide it and a valid legal basis exists. See Section 2.4 of our DPA for provisions on Sensitive Personal Data.

3. Purposes & Legal Bases

PurposeExample activitiesLegal basis (GDPR Art. 6)
Provide & operate the ServicesAccount setup, authentication, API access, feature deliveryArt. 6(1)(b) — Contract necessity
Process API requestsRunning inference on prompts, returning completionsArt. 6(1)(b) — Contract necessity
Billing & paymentsProcessing payments, issuing invoices, wallet managementArt. 6(1)(b) — Contract necessity
Support & communicationsResponding to queries, service noticesArt. 6(1)(f) — Legitimate interests / Art. 6(1)(a) — Consent
Analytics & improvementMeasuring usage, monitoring API performance, optimising UXArt. 6(1)(f) — Legitimate interests
Marketing (opt-in)Newsletters, product updates, offersArt. 6(1)(a) — Consent
Security & fraud preventionMonitoring for abuse, rate limiting, detecting suspicious activityArt. 6(1)(f) — Legitimate interests
Legal complianceRecord-keeping, audits, responding to lawful requestsArt. 6(1)(c) — Legal obligation

We balance our legitimate interests against your rights and freedoms in accordance with GDPR Article 6(1)(f).

4. Sharing Your Data

We may share personal data with:

  • Sub-processors: Third-party processors engaged to provide the Services (hosting, email, payments, security). See our Sub-processors page for the current list.
  • Affiliates: Within our group, where applicable.
  • Authorities: Where required by law, court order, or regulatory request.
  • Business transferees: In the event of a merger, acquisition, or restructuring, subject to appropriate data protection safeguards.

We do not sell personal data. We do not share personal data with model providers or for advertising purposes.

For transfers outside the EEA, we use the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) or rely on adequacy decisions where available. See Section 6 of our DPA for details.

5. Data Retention

We retain personal data as follows:

  • Inference data (prompts & completions): Not retained. Processed in ephemeral memory only.
  • Account data: Retained for the duration of the account relationship, plus a reasonable period afterwards for legal and compliance purposes.
  • Usage metadata (token counts, API logs): Retained for up to 12 months for billing and analytics.
  • Financial records: Retained for 6 years in accordance with Irish tax and company law (Taxes Consolidation Act 1997, Companies Act 2014).
  • Security logs (IP addresses, login attempts): Retained for up to 12 months.
  • Marketing consent records: Retained until consent is withdrawn, plus a record of withdrawal.

Upon account deletion, we will delete or anonymise your personal data within 45 days, except where retention is required by law.

6. Security

We apply appropriate technical and organisational measures in accordance with GDPR Article 32, including:

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • API keys stored as hashes (never in plaintext)
  • Least-privilege access controls and role-based permissions
  • Multi-factor authentication for administrative access
  • 24/7 infrastructure monitoring and automated alerting
  • Cloudflare WAF and DDoS protection
  • Regular security training for staff

No system is entirely secure. We continuously improve our safeguards and maintain a documented incident response procedure. See our Trust & Security page for more detail.

7. Your GDPR Rights

Under the GDPR, you have the right to:

  • Access (Art. 15) — request a copy of your personal data
  • Rectification (Art. 16) — correct inaccurate or incomplete data
  • Erasure (Art. 17) — request deletion of your data (“right to be forgotten”)
  • Restriction (Art. 18) — restrict processing in certain circumstances
  • Data portability (Art. 20) — receive your data in a structured, machine-readable format
  • Object (Art. 21) — object to processing based on legitimate interests, including direct marketing
  • Automated decisions (Art. 22) — not be subject to decisions based solely on automated processing that produce legal effects
  • Withdraw consent (Art. 7(3)) — where processing is based on consent, withdraw at any time

To exercise your rights, contact [email protected]. We will respond within one month (extendable by two months for complex requests, as permitted by GDPR Article 12(3)). We will verify your identity before processing requests. You may lodge a complaint with the Irish Data Protection Commission at any time.

8. Data Processing Agreement

Where TensorX processes personal data on your behalf as a Processor (e.g., when you use our API), the processing is governed by our Data Processing Agreement (DPA). The DPA is automatically incorporated into our Terms of Service and sets out the parties’ obligations regarding data protection, sub-processors, breach notification, international transfers, and audit rights.

9. Children’s Privacy

Our Services are not intended for children under 16 (or under the applicable age of digital consent in the relevant EU Member State). If you believe a child has provided personal data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Policy periodically. Material changes will be notified at least 30 days in advance via email or on-site notice. We will update the “Last updated” date accordingly.

11. Contact Us

TensorX Ltd
Unit 25, Classon House
Dundrum Business Park
Dublin 14, Ireland
Email: [email protected]

Irish Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: https://www.dataprotection.ie
Phone: +353 (0)1 765 0100 / +353 (0)1 578 684 800