Privacy Policy

Introduction

InferLlama is open-source and self-hostable. When you self-host InferLlama, all data stays on your own infrastructure — we have no access to it. This policy applies to the hosted version available at inferllama.com.

The hosted version of InferLlama collects only the minimal data necessary to provide the service. We are committed to being transparent about what we collect and how we use it.

Data we collect

We collect the following information when you use the hosted service:

• Account information — your username, email address, and hashed password.
• Model files — any model files you upload to the platform.
• Usage logs — request counts and token counts, used for rate-limiting and analytics.

We use no cookies beyond the session cookie required to keep you logged in. We do not embed any third-party trackers, analytics scripts, or advertising pixels.

How we use your data

Your data is used solely to provide the InferLlama service: serving model files, enforcing rate limits, and detecting security abuse (e.g. credential stuffing, API key leakage).

We do not sell your data to third parties. We do not use your data — including any models you upload — to train AI models.

Cookies & tracking

We do not use advertising cookies, third-party analytics, or tracking pixels of any kind. The hosted service sets exactly two cookies, both of which are strictly necessary for authentication under the ePrivacy Directive Art. 5(3) — no consent banner required:

• inferllama_session — signed JWT carrying your authenticated session. HttpOnly (JavaScript cannot read it), Secure (HTTPS-only outside development), SameSite=Lax (not sent on cross-site POSTs). TTL: 15 minutes; rotated by a separate refresh-token flow.
• inferllama_csrf — a random per-session token used for double-submit CSRF protection. JS-readable so it can be echoed as X-CSRF-Token; does not authenticate by itself. Same TTL and security flags as the session cookie.

If you self-host InferLlama and add third-party services (e.g. analytics), you are responsible for obtaining any required consents under applicable law (GDPR, ePrivacy Directive, CCPA).

Data retention

Per-field retention windows are documented in our public data retention policy. Summary:

• Account data — until you delete the account, plus 30 days of soft-delete grace
• Model files — until you delete them; chunks are then garbage-collected
• Usage logs (table) — 90 days
• Stdout HTTP logs (Docker) — 30 days via log rotation
• Sessions in Redis — 30 days TTL or until logout
• Encrypted DB backups — 35 days (R2 bucket lifecycle policy)

Sub-processors

We use a small set of third-party processors. The full register, including the legal basis for each transfer, is published at docs/legal/dpa-register.md. At v1 launch:

• Cloudflare — R2 object storage (model bytes and encrypted backups), DNS, edge WAF, BitTorrent tracker host
• HuggingFace — read-only model source for the pull-through cache. HuggingFace receives no user data; only our server's egress IP and the model identifier requested.
• An SMTP provider (TBD) — transactional email for verification + password reset. The chosen provider will be named here before any email is sent.

We do not use Google Analytics, Mixpanel, Segment, or any third-party tracking pixel.

Your rights (GDPR & CCPA)

If you are located in California (CCPA / CPRA), you have the following rights regarding your personal data. At v1 the hosted service is geo-blocked to non-EU users, so EU/UK GDPR rights apply once that block is lifted; until then, EU users can self-host and act as their own controller.

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — delete your account and all associated data via Settings → Danger Zone → Delete Account.
• Right to data portability — request a machine-readable export of your data by contacting us.
• Right to object / opt-out — we do not sell your personal information (CCPA §1798.120). We do not use your data for advertising.
• Right to restrict processing — contact us to request restrictions on how we process your data.

You can delete individual model files at any time from your profile page. Account deletion is permanent and cannot be undone — all uploads and metadata are purged within 30 days.

To exercise any of the above rights, or for any privacy-related questions, contact us at [email protected]. We will respond within 30 days.

Do Not Sell or Share My Personal Information

Required disclosure under California Civil Code §1798.135 (CCPA / CPRA): we do not sell personal information, and we do not share it with third parties for cross-context behavioural advertising. There is therefore nothing to opt out of in the conventional CCPA sense — but California regulators require this link to be published regardless.

If you are a California resident and want a written confirmation of this for your records, or want to submit a CCPA "verifiable consumer request" for access (§1798.110), deletion (§1798.105), or correction (§1798.106) of your data, use the form below or email [email protected] with subject line CCPA Request. We respond within 45 days as required by §1798.130(a)(2).

Self-hosting

If you self-host InferLlama, you are the data controller for all data processed by your instance. We have no access to your data and bear no responsibility for how you handle the personal data of your users. You should publish your own privacy policy if you operate a public instance.

Changes to this policy

Material changes to this policy will be announced on GitHub before taking effect. Continued use of the service after the effective date constitutes acceptance of the updated policy.