Sidereal Research

Sidereal Research — Privacy Policy

Status: Published — Beta terms; last updated 2026-07-07.

What we hold

  • Account data: an email/contact for the account, and a SHA-256 hash of each API key (we cannot recover the key itself).
  • Research data: the topics, questions, and documents you submit; the corpora, reports, and audit artifacts the platform produces for you. Stored in isolated cloud object storage under your tenant's prefix.
  • Operational data: run status and pipeline events (progress telemetry for your runs), and the credit ledger (financial record).
  • Session data: a signed session cookie for the web UI. No analytics or advertising cookies.

What we do NOT hold

Card data (payments are handled by a PCI-compliant payment processor; we see only a payment-completed event carrying your tenant id and the credited amount) and plaintext API keys.

Processors

The service is offered to customers in the United States; we do not target or knowingly serve EU/UK data subjects during the beta.

Our subprocessors fall into these categories: cloud compute and storage (US region), a managed database provider, a payment processor, an edge/TLS network, the language-model inference providers that process your research content, and the public research APIs the discovery layer queries (which receive search queries derived from your topic, never your identity). A current named list of subprocessors is available on request at privacy@siderealintelligence.com.

Model-provider retention (verified mid-2026; see tos-decision-record.md Part B):

  • Primary inference provider (research inference): content is processed under the provider's commercial API terms and is not used to train models. Standard API content is retained briefly (on the order of a week) for operational and abuse-monitoring purposes and then deleted; content flagged for potential policy violations may be retained longer for safety. Zero-Data-Retention, where enabled, prevents storage at rest beyond what safety/legal screening requires.
  • Independent audit provider (the citation-integrity judge): report sentences and source quotes are sent to a model operated by a different provider than the drafter, accessed through an inference router. The router does not log prompt content by default; the provider processes API content under its commercial terms (not used for training; retained up to ~30 days for abuse monitoring, then deleted). Zero-Data-Retention is enabled on this path where supported.

Retention and deletion

Your runs and artifacts persist until you delete them (per-run delete is available in the product and removes the run row, its events, and its stored artifacts). The credit ledger is never deleted (financial record). Account closure: see ToS §10.

Sharing

We do not sell or share personal data for advertising. Data leaves the processors above only under legal compulsion, in which case we notify you unless prohibited.

Your rights

Access, correction, export, and deletion requests: privacy@siderealintelligence.com (mailbox provisioned and monitored).

Questions: info@siderealintelligence.com