Last updated: March 2026
Privacy Policy
Your privacy matters. This policy explains what data we collect, how we use it, how we protect it, and what rights you have. We believe in transparency and minimal data collection.
1. Introduction
This Privacy Policy describes the practices of Diderot AI, owned and operated by Trey Beathard ("Diderot AI," "we," "us," or "our"), regarding the collection, use, storage, and disclosure of personal information when you use our website at https://diderotai.com, our AI-powered adversarial debate platform, our API, and all related services (collectively, the "Service").
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
| Data Type | Examples |
|---|---|
| Account Information | Name, email address, organization name, job title, password |
| Debate Content | Questions, hypotheses, topics, and prompts you submit for debate |
| Uploaded Documents | Files, datasets, and other materials you upload as evidence inputs |
| Payment Information | Billing name, billing address, payment card details (processed by Stripe; we do not store full card numbers) |
| Communications | Emails, support requests, and feedback you send to us |
2.2 Information Collected Automatically
| Data Type | Examples |
|---|---|
| Usage Data | Pages visited, features used, debate orders placed, API calls made, timestamps |
| Device Information | Browser type and version, operating system, device type, screen resolution |
| Network Information | IP address, approximate geographic location (country/region level) |
| Log Data | Server logs, error reports, access timestamps, referring URLs |
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery. To process your debate orders, run adversarial debate proceedings, acquire and verify evidence, generate reports, and deliver results via email.
- Account Management. To create and maintain your account, authenticate your identity, and communicate with you about your orders.
- Payment Processing. To process payments, prevent fraud, and manage billing.
- Service Improvement. To analyze usage patterns, diagnose technical issues, and improve the accuracy, reliability, and performance of our platform.
- Security. To detect, prevent, and respond to security incidents, fraud, and abuse.
- Legal Compliance. To comply with applicable laws, regulations, and legal processes.
- Communications. To respond to your inquiries and, with your consent, to send service updates or announcements.
We do not use your uploaded documents, debate questions, or report contents to train AI models. Your data is processed solely to fulfill your specific orders.
4. Data Storage and Security
We take the security of your data seriously and employ industry-standard measures to protect it:
- Encryption. All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption.
- Infrastructure. Our production infrastructure runs on SOC 2 Type II certified cloud servers with continuous monitoring, intrusion detection, and automated security patching.
- Access Controls. Access to customer data is restricted on a need-to-know basis with role-based access controls, multi-factor authentication, and comprehensive audit logging.
- Evidence Sealing. Debate evidence is cryptographically sealed, creating a tamper-evident record of all inputs and outputs.
- Backups. Data is backed up regularly to geographically separate locations with the same encryption standards as primary storage.
While we implement robust security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to protecting your data using commercially reasonable safeguards.
5. HIPAA Compliance
Diderot AI offers a HIPAA-compliant tier for customers who handle Protected Health Information ("PHI"). If you are a covered entity or business associate under HIPAA, the following applies:
- Business Associate Agreement. We will execute a Business Associate Agreement ("BAA") with you prior to processing any PHI. Contact hello@diderotai.com to request a BAA.
- Dedicated Environment. PHI is processed in isolated, dedicated infrastructure that meets HIPAA Security Rule requirements.
- Enhanced Safeguards. The HIPAA tier includes additional access controls, audit trails, encryption requirements, and breach notification procedures as mandated by HIPAA and the HITECH Act.
- Minimum Necessary Standard. We access PHI only to the minimum extent necessary to fulfill your debate orders and comply with our obligations under the BAA.
If you handle PHI, you must enroll in the HIPAA-compliant tier and execute a BAA before submitting any PHI to the Service. Diderot AI is not responsible for PHI submitted outside the HIPAA tier.
6. Third-Party Services
We use a limited number of third-party service providers to operate the Service. These providers are contractually obligated to protect your data:
- Stripe, Inc. — Payment processing. Stripe handles your payment card information directly. See Stripe's Privacy Policy.
- Cloud Infrastructure Providers. — Server hosting, storage, and compute resources. All providers maintain SOC 2 Type II certification or equivalent.
- Email Delivery Services. — For delivering reports and transactional communications.
- Academic and Public Databases. — For evidence acquisition (e.g., OpenAlex, PubMed). Only your debate topics are used in queries; your personal information is not shared with these services.
We do not sell, rent, or trade your personal information to third parties. We do not share your data with advertisers or data brokers.
7. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account Information | Duration of your account plus 30 days after deletion request |
| Debate Orders and Reports | 1 year after delivery, unless you request earlier deletion |
| Uploaded Documents | 90 days after the associated debate is completed, then securely deleted |
| Payment Records | As required by law (typically 7 years for tax purposes) |
| Server Logs | 90 days |
| HIPAA Tier Data | As specified in the BAA, minimum 6 years per HIPAA requirements |
When data reaches the end of its retention period, it is securely deleted or anonymized. You may request earlier deletion of your data at any time, subject to legal and contractual obligations.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access. You have the right to request a copy of the personal information we hold about you.
- Correction. You have the right to request correction of inaccurate personal information.
- Deletion. You have the right to request deletion of your personal information, subject to legal retention requirements.
- Portability. You have the right to receive your data in a structured, commonly used, machine-readable format.
- Restriction. You have the right to request that we limit the processing of your personal information in certain circumstances.
- Objection. You have the right to object to processing of your personal information for certain purposes.
- Withdrawal of Consent. Where processing is based on your consent, you may withdraw that consent at any time.
To exercise any of these rights, contact us at hello@diderotai.com. We will respond to your request within 30 days or as required by applicable law.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"):
- Right to Know. You have the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information).
- Right to Delete. You have the right to request deletion of your personal information, subject to certain exceptions.
- Right to Correct. You have the right to request correction of inaccurate personal information.
- Right to Opt-Out of Sale. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information. You have the right to limit the use and disclosure of sensitive personal information to what is necessary to provide the Service.
- Non-Discrimination. We will not discriminate against you for exercising your privacy rights.
To submit a CCPA request, email hello@diderotai.com with the subject line "CCPA Request." We will verify your identity before processing your request.
10. European Privacy Rights (GDPR)
If you are located in the European Economic Area ("EEA"), the United Kingdom, or Switzerland, the following applies:
- Legal Basis. We process your personal data on the following legal bases: (a) performance of our contract with you, (b) your consent, (c) our legitimate interests in operating and improving the Service, and (d) compliance with legal obligations.
- Data Transfers. Your data is processed in the United States. We rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection for international transfers.
- Your Rights. In addition to the rights listed in Section 8, you have the right to lodge a complaint with your local data protection authority.
- Data Protection Officer. For GDPR-related inquiries, contact hello@diderotai.com.
11. Cookies and Tracking
We use a minimal number of cookies to operate the Service:
- Essential Cookies. Required for authentication, session management, and security. These cannot be disabled.
- Analytics Cookies. We may use privacy-respecting analytics to understand how our Service is used. These do not track you across other websites and do not involve third-party advertising.
We do not use advertising cookies, social media tracking pixels, or third-party behavioral tracking. We do not participate in ad networks or retargeting programs.
You can control cookies through your browser settings. Disabling essential cookies may impair the functionality of the Service.
12. Children's Privacy
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@diderotai.com, and we will promptly delete such information.
13. International Data Processing
Diderot AI is based in Texas, United States. Regardless of your location, your data is processed and stored in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.
We take appropriate measures to ensure that your data receives an adequate level of protection in accordance with applicable law, including through the use of Standard Contractual Clauses, data processing agreements, and the security measures described in this policy.
14. Data Breach Notification
In the event of a data breach that compromises the security of your personal information, we will:
- Notify affected users by email within 72 hours of becoming aware of the breach, or as otherwise required by applicable law.
- Notify relevant regulatory authorities as required by GDPR, CCPA/CPRA, HIPAA, or other applicable laws.
- Provide a description of the breach, the types of data affected, and the steps we are taking in response.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Notify you by email if the changes materially affect your rights or how we process your data.
- Post a notice on our website.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.
16. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Diderot AI
Privacy inquiries: hello@diderotai.com
General inquiries: hello@diderotai.com
Website: https://diderotai.com
We aim to respond to all privacy-related inquiries within 30 days.