Privacy Policy

This Privacy Policy applies to information collected through the BatchIn website (batchin.com and its subdomains), console, APIs, model-routing services, Playground, batch-processing platform, billing flows, customer support, enterprise delivery, VaaS (Verification as a Service), and all related services.

If your organization has a signed Master Services Agreement (MSA), Order Form, Data Processing Agreement (DPA), Security Addendum, or other written contract with us, that written contract controls to the extent it conflicts with this public Privacy Policy.

(a) Account and Contact Information: name, email address, phone number, company name, job title, login credentials, multi-factor authentication information, preferred language, and records of support, legal, or sales communications.

(b) Commercial and Billing Information: billing contacts, billing addresses, tax details (such as tax identification numbers and invoice headers), payment status, invoice records, credit terms, procurement records, subscription tiers, contract records, and refund or dispute history.

(c) Technical and Usage Information: IP address, browser and device identifiers, access times, geographic region, error logs, performance metrics, request volume, concurrency data, model identifiers, routing metadata, rate-limit events, partial API key identifiers, trace IDs, audit record identifiers, and security event metadata.

(d) Cookies and Similar Technologies: We use essential cookies, local storage, and similar technologies for session handling, security checks, language settings, form flows, login continuity, and basic site operation. Where consent is required by law, optional analytics, performance, or conversion technologies are enabled only after consent.

When you use our APIs, Playground, batch features, evaluation surfaces, verification features, or other model-related tools, we may process prompts, uploaded files or excerpts, system instructions, structured inputs, request context, generated outputs, evaluation results, and replay evidence in order to operate the service, return results, meter usage, troubleshoot incidents, support governance, and prevent abuse.

Unless a product configuration, customer contract, isolated-environment requirement, or applicable law requires otherwise, we do not use customer inputs or outputs to train our own foundation models.

Retention, isolation, and access boundaries may differ across enterprise-dedicated environments, white-label APIs, private deployments, and bring-your-own-key (BYOK) workflows according to the applicable plan or contract documents.

We use information to provide and maintain the Services, authenticate accounts, route requests, generate outputs, render console features, meter and bill usage, fulfill orders, deliver reserved capacity, respond to support tickets, identify risk, prevent fraud and abuse, and improve reliability, performance, security, and observability.

We may also use information for tax compliance, financial auditing, sanctions or export-control screening, sales process management, product planning, capacity planning, and incident review.

If we need to use information for new purposes not described in this Policy, we will seek your consent or provide notice as required by applicable law before doing so.

We may share necessary information with cloud infrastructure providers, CDN vendors, email and support platform vendors, payment processors, identity providers, logging and monitoring tool vendors, security vendors, and other service providers as needed to operate BatchIn. All service providers are contractually bound and may only process your information to the extent necessary to provide services to us.

When requests are routed through third-party model providers or upstream services, those third parties may process limited request-related content or metadata under their own privacy policies and terms. Customers remain responsible for deciding whether such upstream processing is acceptable for their legal, security, or governance requirements.

We may disclose necessary information where required for legal compliance, law-enforcement requests, court orders, dispute resolution, protection of rights, fraud prevention, sanctions compliance, security investigations, or corporate transactions such as financing, merger, or acquisition activity.

Because the Services may involve global access, failover, cross-regional support coordination, payment processing, or upstream model vendors located in different jurisdictions, information may be transferred to or stored in more than one country or region.

Where required by law, we use a combination of Standard Contractual Clauses (SCCs), least-privilege access controls, encryption in transit and at rest, isolation measures, and other reasonable safeguards intended to reduce transfer-related risk.

We retain information based on data type, product configuration, subscription tier, customer contract, legal obligations, dispute-preservation needs, and security or billing requirements. Account, invoice, tax, risk, and enterprise audit records are often retained longer than operational logs, traces, or request metadata.

When information is no longer needed, we delete, anonymize, or aggregate it unless continued retention is necessary to comply with law, resolve disputes, enforce contracts, or protect the security and integrity of the Services.

We use measures including encryption in transit (TLS), access controls, credential management, environment isolation, role separation, change management, audit logging, vulnerability patching, and incident-response processes designed to reduce the risk of unauthorized access, disclosure, misuse, or interruption.

No internet service can guarantee absolute security. If a security event is reasonably likely to have a material effect on you or your organization, we will evaluate, respond, and provide notice as required by applicable law, contract, or incident-response procedure.

Depending on applicable law, you may have rights to access, correct, delete, restrict, object to, withdraw consent for, port, or file a complaint about the processing of your personal information. California residents may have additional rights under the CCPA/CPRA, including the right to know, delete, and opt out of sale or sharing of personal information. Texas residents may have additional rights under the Texas Data Privacy and Security Act (TDPSA).

You may submit requests through the contact details below, and we will process them subject to applicable law and identity-verification requirements.

If the relevant data is controlled by an enterprise customer, we may direct your request to that customer or process the request according to that customer's instructions.

If you use the Services on behalf of an enterprise, team, or customer organization, much of the input, output, logging, and configuration data may be controlled by that organization. Depending on the service arrangement, we may act as a processor, service provider, or independent controller for different categories of data.

Enterprise customers may negotiate more specific rules for retention, export, deletion, security, and isolation through Order Forms, Data Processing Agreements (DPAs), Security Addenda, or white-label contracts.

The Services are intended for developers, teams, and enterprise procurement workflows, not for children under the age of 13 (or the applicable age of digital consent in the relevant jurisdiction), in compliance with the Children's Online Privacy Protection Act (COPPA). If we learn that we collected personal information from a child without appropriate parental or guardian consent, we will take reasonable steps to delete or restrict that information.

We may update this Privacy Policy from time to time. If an update materially affects your rights or obligations, we will provide notice through the service, by email, through the console, or by another reasonable method at least 30 days before the change takes effect. The updated version applies from the effective date shown on this page.

For privacy, data protection, enterprise compliance, subprocessor, DPA, or security-material requests, contact: hello@batchin.tech.

LuminaPath Inc., a Delaware C Corporation, d/b/a BatchIn. Registered DBA in the State of Texas.

If you access the Services under an enterprise contract, you may also contact your account team or the legal or support channel identified in that contract.

This Privacy Policy and any disputes arising out of or relating to it shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict-of-laws principles. Any litigation shall be brought exclusively in the state or federal courts located in Texas.